Research And Application Of Adversarial Attack Model For Face Recognitio

Anti-sample attack is a kind of attack method which affects the security and robustness of face recognition system.Compared with the traditional Adversarial sample generation method,the Generative Adversarial network(GAN)based Adversarial sample generation method has the advantages of fast generation speed and large computational load.However,the existing face-adversarial sample generation methods based on GAN still have some problems,such as unstable training,low quality of generated adversarial samples and less research on Asian faces.Therefore,in this paper,gradient penalty term optimization is used to generate admixture network and training target attack face recognition model to improve the model training stability and the quality of Asian face admixture sample.Based on the proposed Asian face adversarial sample generation method,a face adversarial sample attack system is designed and implemented.The main research work of this paper includes:(1)A face adversarial sample generation method based on gradient penalty Wasserstein generative adversarial network(WGAN-GP)was proposed.Due to its simple gradient cutting method,the existing methods of adversarial sample attack based on generative adversarial network are easy to cause the problems of gradient disappearance,gradient explosion and low quality of adversarial sample.Firstly,gradient penalty term is used to make the parameter distribution of generative adversarial network more uniform and ensure the stability of training of generative adversarial network.Secondly,w GAN-GP based adversarial loss and image-to-image network architecture are used to make the disturbed image indistinguishable from the real face image.Finally,the experimental results show that the w GAN-GP generation method has better network stability and generated sample quality.(2)A WGAN-GP based Asian face adversarial sample generation method is proposed.In order to generate good quality Asian face adversarial samples.First,Asian face images were collected from the Internet as a training set to train the Face recognition model(Facenet),and the Asian face recognition target attack model with high recognition accuracy was obtained.Secondly,the target attack model is used to monitor the generation of face confrontation samples from the generator in WGANGP,and local face perturbation is performed to generate Asian face confrontation samples with high visual quality.Finally,the simulation results show that the proposed method has advantages in the quality and efficiency of Asian face antagonism sample generation.(3)Design and implement face against sample attack system.Based on the proposed optimization method of face adversarial sample generation,this paper designs and implements a face adversarial sample attack system combining with existing development technologies and frameworks such as Tensorflow and Django.The system mainly includes three functional modules: system management,system monitoring and face confrontation.The system test shows that this system can realize baidu public face comparison API black box attack.The face adversarial samples collected in this system lay a foundation for adversarial training in adversarial sample defense.