Vol. 3 No. 1 (2023): Issue 3
Articles

Mitigating FGSM-Based White-Box Attacks Using Convolutional Autoencoders for Face Recognition

PDF
  • Jiahuai Ma,
  • Alan Wilson
Jiahuai Ma
University of Florida, Gainesville, FL 32611, USA
Alan Wilson
Corresponding, Intact Financial Corporation, Toronto, Ontario M5H 1H1, Canada

Published 2023-12-15

Keywords

  • Face recognition,
  • White-box attack,
  • FGSM,
  • Autoencoder

How to Cite

Ma, J., & Wilson, A. (2023). Mitigating FGSM-Based White-Box Attacks Using Convolutional Autoencoders for Face Recognition. Optimizations in Applied Machine Learning, 3(1). Retrieved from https://ojs.mri-pub.com/index.php/OAML/article/view/73
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Abstract

Facial recognition technology has become a crucial biometric tool in various applications, from security systems to personalized user experiences. However, its susceptibility to adversarial attacks, such as FGSM-based white-box attacks, raises significant concerns about its reliability and robustness. This paper proposes a novel framework that leverages a convolutional autoencoder to mitigate the effects of adversarial perturbations. The FGSM method generates imperceptible perturbations to input images, which, while invisible to the human eye, significantly degrade model performance. The autoencoder reconstructs perturbed images to reduce the impact of adversarial noise, improving the system's resilience. MobileNetV2 serves as the backbone model for facial recognition, with cosine similarity used for face matching. Experimental results demonstrate that the equal error rate (EER) increases under FGSM attacks but improves after reconstruction, reducing EER from 0.36 to 0.32 (FGSM-0.1) and from 0.37 to 0.31 (FGSM-1). While the proposed approach enhances robustness, further work is needed to address stronger adversarial attacks and evaluate performance on larger datasets.

 

PDF

References

  1. Zhao W, Chellappa R, Phillips PJ, Rosenfeld A. Face recognition: A literature survey. ACM computing surveys (CSUR). 2003 Dec 1;35(4):399-458.
  2. Tolba AS, El-Baz AH, El-Harby AA. Face recognition: A literature review. International Journal of Signal Processing. 2006 Feb;2(2):88-103.
  3. Li L, Mu X, Li S, Peng H. A review of face recognition technology. IEEE access. 2020 Jul 21;8:139110-20.
  4. Zhou Z, Wu J, Cao Z, She Z, Ma J, Zu X. On-Demand Trajectory Prediction Based on Adaptive Interaction Car Following Model with Decreasing Tolerance. In2021 International Conference on Computers and Automation (CompAuto) 2021 Sep 7 (pp. 67-72). IEEE.
  5. Zhang G, Zhou T, Cai Y. CORAL-based Domain Adaptation Algorithm for Improving the Applicability of Machine Learning Models in Detecting Motor Bearing Failures. Journal of Computational Methods in Engineering Applications. 2023 Nov 3:1-7.
  6. Li C, Tang Y. The Factors of Brand Reputation in Chinese Luxury Fashion Brands. Journal of Integrated Social Sciences and Humanities. 2023 Nov 20:1-4.
  7. Gan Y, Ma J, Xu K. Enhanced E-Commerce Sales Forecasting Using EEMD-Integrated LSTM Deep Learning Model. Journal of Computational Methods in Engineering Applications. 2023 Nov 11:1-1.
  8. Chen X, Zhang H. Performance Enhancement of AlGaN-based Deep Ultraviolet Light-emitting Diodes with AlxGa1-xN Linear Descending Layers. Innovations in Applied Engineering and Technology. 2023 Oct 31:1-0.
  9. Wang H, Li J, Xiong S. Efficient join algorithms for distributed information integration based on XML. International Journal of Business Process Integration and Management. 2008 Jan 1;3(4):271-81.
  10. Xiong S, Li J. Optimizing many-to-many data aggregation in wireless sensor networks. InAsia-Pacific Web Conference 2009 Apr 2 (pp. 550-555). Berlin, Heidelberg: Springer Berlin Heidelberg.
  11. Pietikäinen M. Local binary patterns. Scholarpedia. 2010 Mar 3;5(3):9775.
  12. Abdi H, Williams LJ. Principal component analysis. Wiley interdisciplinary reviews: computational statistics. 2010 Jul;2(4):433-59.
  13. Dalal N, Triggs B. Histograms of oriented gradients for human detection. In2005 IEEE computer society conference on computer vision and pattern recognition (CVPR'05) 2005 Jun 20 (Vol. 1, pp. 886-893). Ieee.
  14. Wenjun D, Fatahizadeh M, Touchaei HG, Moayedi H, Foong LK. Application of six neural network-based solutions on bearing capacity of shallow footing on double-layer soils. Steel and Composite Structures. 2023;49(2):231-44.
  15. Dai W. Design of traffic improvement plan for line 1 Baijiahu station of Nanjing metro. Innovations in Applied Engineering and Technology. 2023 Dec 21;10.
  16. Dai W. Evaluation and improvement of carrying capacity of a traffic system. Innovations in Applied Engineering and Technology. 2022 Nov 22:1-9.
  17. Dai W. Safety evaluation of traffic system with historical data based on Markov process and deep-reinforcement learning. Journal of Computational Methods in Engineering Applications. 2021 Oct 21:1-4.
  18. Hao Y, Chen Z, Jin J, Sun X. Joint operation planning of drivers and trucks for semi-autonomous truck platooning. Transportmetrica A: Transport Science. 2023 Oct 7:1-37.
  19. Lei J, Nisar A. Investigating the Influence of Green Technology Innovations on Energy Consumption and Corporate Value: Empirical Evidence from Chemical Industries of China. Innovations in Applied Engineering and Technology. 2023 Nov 27:1-6.
  20. Xiong S, Zhang H, Wang M, Zhou N. Distributed Data Parallel Acceleration-Based Generative Adversarial Network for Fingerprint Generation. Innovations in Applied Engineering and Technology. 2022:1-2.
  21. Xiong S, Chen X, Zhang H. Deep Learning-Based Multifunctional End-to-End Model for Optical Character Classification and Denoising. Journal of Computational Methods in Engineering Applications. 2023 Nov 15:1-3.
  22. Xiong S, Li J. An efficient algorithm for cut vertex detection in wireless sensor networks. In2010 IEEE 30th International Conference on Distributed Computing Systems 2010 Jun 21 (pp. 368-377). IEEE.
  23. Li J, Xiong S. Efficient Pr-skyline query processing and optimization in wireless sensor networks. Wireless Sensor Network. 2010 Nov 19;2(11):838.
  24. Yu L, Li J, Cheng S, Xiong S. Secure continuous aggregation via sampling-based verification in wireless sensor networks. In2011 Proceedings IEEE INFOCOM 2011 Apr 10 (pp. 1763-1771). IEEE.
  25. Liu Y, Mao S, Mei X, Yang T, Zhao X. Sensitivity of adversarial perturbation in fast gradient sign method. In2019 IEEE symposium series on computational intelligence (SSCI) 2019 Dec 6 (pp. 433-436). IEEE.
  26. Naqvi SM, Shabaz M, Khan MA, Hassan SI. Adversarial attacks on visual objects using the fast gradient sign method. Journal of Grid Computing. 2023 Dec;21(4):52.
  27. Naseem I, Togneri R, Bennamoun M. Linear regression for face recognition. IEEE transactions on pattern analysis and machine intelligence. 2010 Jul 8;32(11):2106-12.
  28. Nixon M. Eye spacing measurement for facial recognition. InApplications of digital image processing VIII 1985 Dec 19 (Vol. 575, pp. 279-285). SPIE.
  29. Gray M. Urban surveillance and panopticism: will we recognize the facial recognition society?. Surveillance & Society. 2003;1(3):314-30.
  30. Xiong S, Zhang H, Wang M. Ensemble Model of Attention Mechanism-Based DCGAN and Autoencoder for Noised OCR Classification. Journal of Electronic & Information Systems. 2022;4(1):33-41.
  31. Yu L, Li J, Cheng S, Xiong S, Shen H. Secure continuous aggregation in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems. 2013 Mar 7;25(3):762-74.
  32. Xiong S, Yu L, Shen H, Wang C, Lu W. Efficient algorithms for sensor deployment and routing in sensor networks for network-structured environment monitoring. In2012 Proceedings IEEE INFOCOM 2012 Mar 25 (pp. 1008-1016). IEEE.
  33. Feng Z, Xiong S, Cao D, Deng X, Wang X, Yang Y, Zhou X, Huang Y, Wu G. Hrs: A hybrid framework for malware detection. InProceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics 2015 Mar 4 (pp. 19-26).
  34. Turk M, Pentland A. Eigenfaces for recognition. Journal of cognitive neuroscience. 1991 Jan 1;3(1):71-86.
  35. Belhumeur PN, Hespanha JP, Kriegman DJ. Eigenfaces vs. fisherfaces: Recognition using class specific linear projection. IEEE Transactions on pattern analysis and machine intelligence. 1997 Jul;19(7):711-20.
  36. Ahonen T, Hadid A, Pietikainen M. Face description with local binary patterns: Application to face recognition. IEEE transactions on pattern analysis and machine intelligence. 2006 Oct 30;28(12):2037-41.
  37. Taigman Y, Yang M, Ranzato MA, Wolf L. Deepface: Closing the gap to human-level performance in face verification. InProceedings of the IEEE conference on computer vision and pattern recognition 2014 (pp. 1701-1708).
  38. Schroff F, Kalenichenko D, Philbin J. Facenet: A unified embedding for face recognition and clustering. InProceedings of the IEEE conference on computer vision and pattern recognition 2015 (pp. 815-823).
  39. Liu W, Wen Y, Yu Z, Li M, Raj B, Song L. Sphereface: Deep hypersphere embedding for face recognition. InProceedings of the IEEE conference on computer vision and pattern recognition 2017 (pp. 212-220).
  40. Deng J, Guo J, Xue N, Zafeiriou S. Arcface: Additive angular margin loss for deep face recognition. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition 2019 (pp. 4690-4699).
  41. Lupart S, Clinchant S. A study on FGSM adversarial training for neural retrieval. InEuropean Conference on Information Retrieval 2023 Mar 17 (pp. 484-492). Cham: Springer Nature Switzerland.
  42. Sen J, Dasgupta S. Adversarial attacks on Image classification models: FGSM and patch attacks and their impact. arXiv preprint arXiv:2307.02055. 2023 Jul 5.
  43. Zhang Y. A better autoencoder for image: Convolutional autoencoder. InICONIP17-DCEC. Available online: http://users. cecs. anu. edu. au/Tom. Gedeon/conf/ABCs2018/paper/ABCs2018_paper_58. pdf (accessed on 23 March 2017) 2018 Mar.
  44. Guo X, Liu X, Zhu E, Yin J. Deep clustering with convolutional autoencoders. InNeural Information Processing: 24th International Conference, ICONIP 2017, Guangzhou, China, November 14-18, 2017, Proceedings, Part II 24 2017 (pp. 373-382). Springer International Publishing.
  45. Holden D, Saito J, Komura T, Joyce T. Learning motion manifolds with convolutional autoencoders. InSIGGRAPH Asia 2015 technical briefs 2015 Nov 2 (pp. 1-4).
  46. Qin Z, Zhang Z, Chen X, Wang C, Peng Y. Fd-mobilenet: Improved mobilenet with a fast downsampling strategy. In2018 25th IEEE International Conference on Image Processing (ICIP) 2018 Oct 7 (pp. 1363-1367). IEEE.
  47. Sinha D, El-Sharkawy M. Thin mobilenet: An enhanced mobilenet architecture. In2019 IEEE 10th annual ubiquitous computing, electronics & mobile communication conference (UEMCON) 2019 Oct 10 (pp. 0280-0285). IEEE.
  48. Selvaraju RR, Das A, Vedantam R, Cogswell M, Parikh D, Batra D. Grad-CAM: Why did you say that?. arXiv preprint arXiv:1611.07450. 2016 Nov 22.
  49. Selvaraju RR, Cogswell M, Das A, Vedantam R, Parikh D, Batra D. Grad-cam: Visual explanations from deep networks via gradient-based localization. InProceedings of the IEEE international conference on computer vision 2017 (pp. 618-626).