Identity card authentication scenarios often use text recognition models to extract,recognize,and au-thenticate ID card images,which poses a significant privacy breach risk.Besides,most of current adversarial attack algorithms for text recognition models only consider simple background data(such as print)and white-box condi-tions,making it difficult to achieve ideal attack effects in the physical world,and is not suitable for complex back-grounds,data,and black-box conditions.In order to alleviate the above problems,this paper proposes a black-box attack algorithm for the ID card text recognition model by taking into account the more complex image back-ground,more stringent black-box conditions and attack effects in the physical world.By using the transfer-based black-box attack algorithm,the proposed algorithm introduces binarization mask and space transformation,which improves the visual effect of adversarial examples and the robustness in the physical world while ensuring the at-tack success rate.By exploring the performance upper limit and the influence of key hyper-parameters of the trans-fer-based black-box attack algorithm under different norm constraints,the proposed algorithm achieves 100%at-tack success rate on the Baidu ID card recognition model.The ID card dataset will be made publicly available in the future.
关键词
对抗样本/黑盒攻击/身份证文本识别/物理世界/二值化掩码
Key words
Adversarial examples/black-box attack/ID card text recognition/physical world/binarization mask
维普
万方数据