Deep neural networks are susceptible to adversarial attacks,which make the Al system misclassify the input data(e.g.,image data)by making small modifications to it.Many current attack methods are prone to problems such as noise and artifacts in the image,and the attack methods are poorly generalized.In this paper,an adversarial attack method for face recognition models is proposed,the identity decoupling technique is adopted to adaptively ex-tract the face identity features which are quite essential for the discrimination of the face recognition model and the o-riginal visual effect could be well maintained,so as to guide the optimization of the adversarial attack on StyleGAN latent space and pixel space.Through experiments of adversarial attack on face recognition models as well as com-mercial face recognition systems,it is proved that the method in this paper improves the success rate of the generated adversarial face image attack by an average of 11%and the visual quality by about 3%compared to SOT A.
维普
万方数据