In the classic party game “Who Am I?” players ask yes or no questions in an attempt to guess which celebrity name is written on a card stuck to their forehead. It’s a good bit of fun, but these days many people are more concerned that advanced public surveillance systems might identify them just as easily as if they were displaying such a name card. Now, researchers from Lomonosov Moscow State University and Huawei Moscow Research Center have introduced a wearable card designed to perform the opposite function — concealing a person’s identity from facial recognition systems.
In their paper AdvHat: Real-World Adversarial Attack on ArcFace Face ID system the white hat researchers propose a novel technique called “AdvHat,” which employs stickers produced by a regular color printer and affixed to hat. The method fools the state-of-the-art public facial identification system ArcFace in real-world environments.
The idea behind adversarial attacks is to slightly change the input to an image classifier so the recognized class will shift from correct to some other class. This is done through the introduction of adversarial examples. Although the approach has already proven successful in the digital domain, its efficiency in the physical world remains relatively unexplored.
The potential of real-world adversarial attacks was introduced in 2015 by generative adversarial networks (GAN) pioneer Ian Goodfellow, along with Alexey Kurakin and Samy Bengio, the brother of Turing Award honoree Yoshua Bengio. The researchers used adversarial images printed on paper to fool classification networks. In their paper Adversarial Examples in the Physical World they explain: “Up to now, all previous work have assumed a threat model in which the adversary can feed data directly into the machine learning classifier. This is not always the case for systems operating in the physical world… This paper shows that even in such physical world scenarios, machine learning systems are vulnerable to adversarial examples.”
The AdvHat researchers realized that not every captured person in their real-world scenarios would be known by the face recognition system. Thus the predicted similarity with the top-1 class should exceed some predefined threshold to treat the face as recognized. Researchers created a rectangular image that could be attached to a human’s forehead or hat to decrease similarity to the ground-truth class below the decision threshold to prompt a failure to recognize.
The researchers designed their adversarial sticker to blend somewhat with real face features such as eyebrows, an important classification point corresponding with the part of the face where the sticker is worn. They discovered for example that placing the sticker as close as possible to the top of the eye line had the effect of “raising” the eyebrows and achieved the best attack results.
The team first tested their stickers using full-face photos under fixed and uniform lighting conditions, and later with different viewpoints, facial rotation, and lighting conditions. They then explored the transferability of prepared attacks to other models.
Facial recognition has been a controversial technology since its inception. San Francisco has banned the tech, and Principal Researcher at Microsoft Research Kate Crawford recently opined on the issue in a Nature World View column, “Scholars have been pointing to the technical and social risks of facial recognition for years. Greater accuracy is not the point.”
For better or worse, academic and commercial face recognition research continues to evolve, and at a brisk pace. The successful AdvHat real-world adversarial attack on today’s top face recognition system could help with future research in this field, whether for the development of more robust systems, or to identify measures that can be used against them.
AdvHat: Real-World Adversarial Attack on ArcFace Face ID system is available on arXiv.
Journalist: Fangyu Cai | Editor: Michael Sarazen
Pingback: Axios AM Deep Dive – News for ThoughtPeople
Pingback: How fashion is fighting facial recognition technology – Warta Saya
Pingback: How designers are fighting the rise of facial recognition technology – MintNews
Pingback: The term 'AI' overpromises: Here's how to make it work for humans instead – Big Think - AI Caosuo
Pingback: Facial Recognition Technology: Designers Are Fighting Back – Global
Pingback: Technologie de reconnaissance faciale : les designers ripostent - ondequando
Pingback: Facial Recognition Technology: Designers Are Fighting Back | Cryptovot
Pingback: Facial Reputation Era: Designers Are Combating Again | 2021
Pingback: Facial Recognition Technology: Designers Are Fighting Back - Enri$hed Feed
Pingback: Facial Recognition Expertise: Designers Are Combating Again - E-Crypto Information - Crypto Currency Blog
Pingback: Facial Recognition Expertise: Designers Are Combating Again - cryptomarket24news.com
Pingback: Facial Recognition Technology: Designers Are Fighting Back – cryptoandbitcoinnews.com
Pingback: Facial Recognition Technology: Designers Are Fighting Back | Plato Blockchain
Pingback: Inventions that are fighting the rise of facial recognition technology - My Blog
Learning and implementing AI can be done but to using it professionally is the main aim for every business and it can’t be done just in a minute. Dataset and Processing in what we can say is the base of other datasets development and hence requires the mining of the data on ground level. Artificial Intelligence is the new era source of advancing your business and to smoothly prepare for the best customer experience AI is has it’s own merits even face recognition and id detection using AI is possible, the Best example of face recognition can be seen in Lens kart website. Basic Machine Learning can be done by reading and research for knowledge purpose but is if someone is looking for the advanced business solution for artificial intelligence then Global technology Solution (GTS) is the leading partner for providing AI datasets and Data collection for your business, here you can visit: https://gts.ai/services/image-dataset-collection/
Pingback: Vynálezy, které bojují proti vzestupu technologie rozpoznávání obličeje - O čem se mluví