TransFace is a framework to generate transferable adversarial examples against face recognition DNNs. We integrate multiple algorithms and deliberately designed technics to improve the transferability of the adversarial example generated by the local ensemble model. TransFace can be used as an out-of-the-box API to evaluate the robustness of a given face recognition DNN.

With the development of artificial intelligence, especially deep learning technology, face recognition has become one of the most practical tasks in the field. In real life, face recognition technology has been widely used, such as personal ID authentication, financial-level face payment and, access control, etc. However tiny pixel-level changes can be applied to the original face image, which can deceive the face recognition system and make it give wrong judgment results.

Our tool won 4th place in the 2021 OPPO Security AI Competition. The competition focus on adversarial attacks in the real-life face recognition scene. In order to simulate a real face recognition scene and increase the difficulty of the competition, it uses an ensemble of defensive models as black-box models in the background. Under the premise of not knowing the details of the model, the participants construct adversarial samples with or without targets. During the competition, the competitors modify the test samples provided offline, and evaluate the generated adversarial examples online.

Authors and Affiliation