Research And Application Of Face Recognition Attack Technology Based On Migration Model

With the continuous development of artificial intelligence,face recognition technology has become an important application in public security,finance,retail and other fields.The deep learning algorithm represented by convolutional neural network is the most widely used mainstream face recognition method.However,many studies have proved that convolutional neural networks have a fatal flaw-against attacks.This attack method may pose a threat to the security and privacy protection of the face recognition system.In real scenarios,most of them are faced with black-box attacks that do not know the internal structure and parameters of the attacked face recognition model.Due to the migration of adversarial samples,they can be migrated to different models to attack,thus indirectly completing the black-box attack.attack mission.Therefore,this thesis studies the face recognition attack technology based on the migration model.This research is not only of great significance to the privacy protection of face images in the era of big data,but also provides a basis for how to defend against malicious attacks in face recognition tasks and improve face recognition models.The robustness of provides some important heuristics.Aiming at the attack in the black-box environment,this study proposes a PGD migration attack algorithm based on adaptive attack step size(AM-PGD)and an AdvGAN adversarial sample generation method based on multi-scale feature fusion(MultiAdvGAN).In the specific research process,firstly,the face image database that meets the needs of this research is selected and optimized,and three face recognition models of Cos Face,Arc Face and Mobile Face Net are trained as the attack objects;secondly,the PGD migration attack algorithm based on the adaptive attack step size is used Migration attacks were carried out on these models,and the attack results were compared and analyzed to study the effectiveness and generalization of the attack algorithm;then,the AdvGAN adversarial sample generation method based on multi-scale feature fusion was used to continue the migration attack,recording and analysis As a result of the experiment,the simulation and attack effects of generated adversarial samples are studied;finally,an adversarial sample generation system for face images is designed and developed,and the adversarial samples generated by the above two attack methods are saved and visualized.Specific research work includes:(1)Select CASIA-Web Face and LFW face image databases,and optimize these data,and train three face recognition models of Cos Face,Arc Face and Mobile Face Net,and the training experiment results show that after relatively large-scale data training,people The face recognition models all achieved good recognition results.(2)The PGD migration attack method based on an adaptive attack step size is proposed.This algorithm introduces the first-order and second-order moment estimates of the gradient when backpropagating to calculate the gradient,thereby effectively overcoming the oscillation and instability in the gradient update process.And increase the correction bias to help the model converge to the global optimal solution faster and better.It is difficult for attackers to obtain key parameters and network structures in real environments.Therefore,this thesis draws on the algorithm idea of black-box migration attack,and uses the AM-PGD attack method to attack the alternative model to generate adversarial samples,and then uses these adversarial samples to attack the migration model,so as to complete the task of black-box attack.One of the Cos Face,Arcface and Mobile Face Net models is set as a replacement model,and the other two are migration models,and three sets of migration attack experiments are carried out.The experimental results show that the algorithm proposed in this thesis has improved the attack effect in the migration attack experiments.(3)The AdvGAN adversarial sample generation method based on multi-scale feature fusion is proposed.This algorithm adds a feature extractor before the generator of the adversarial network,and performs feature fusion on the extracted multi-scale features.Through multiple rounds of iterations,the simulation is stronger and Adversarial examples with improved transferability.In this study,the Mobile Face Net model is used as an alternative model,and the adversarial samples obtained by attacking the alternative model are transferred to the Cos Face and Arcface models,and the migration attack experiment is carried out.The results show that compared with the traditional AdvGAN algorithm,the adversarial samples generated by this algorithm have Stronger concealment,but also a stronger migration attack effect.(4)Design and implement a face image adversarial sample generation system,which realizes the functions of face image upload,face image recognition,attack algorithm selection,perturbation coefficient modification,and adversarial sample output.