Research Of Attacks And Defenses On Face Recognition Based On Generative Adversarial Network

With the development of deep learning,computer vision technology is gradually applied to various fields.Face recognition technology in computer vision is also widely used,such as face recognition access control,train station document verification,mobile payment face verification,and so on.However,the widespread application of face recognition technology has also resulted in some hacking techniques.Adversarial attack can make faces unable to recognize the correct identity by the face recognition network,even identified as a specific person,which makes the security of face recognition a major concern for people.Adversarial attack and the corresponding defense have become the researches to improve the security of computer vision.This paper focuses on adversarial attacks and defenses,and explores how to implement the adversarial attacks and defenses of face recognition to improve the security of face recognition networks.This paper uses the generated adversarial network to fit the features of the target face to attack and defend the face recognition network,and designs two strategies,adversarial training and preprocessing,to defend,so that face recognition networks are able to resist malicious attacks.This paper first researches and implements four different commonly used face recognition networks,and gets similar accuracy to their papers as the target networks for adversarial attacks and defenses research.In terms of adversarial attacks,a GAN network is designed in this paper to generate adversarial samples.The adversarial samples have geometric information of the original images,but they will be recognized by the face recognition network as the target person.Testing on the LFW dataset,the attack success rates of the four face recognition networks are all above 99%.In terms of defense,this paper designs two defense strategies,one is adversarial training and the other is preprocessing.The adversarial training proposed in this paper can reduce the similarity score of the four face recognition networks between the adversarial samples and the target person by about 0.2,and the preprocessing algorithm can reduce the similarity score by about 0.3,which can effectively defend.