FAIC-Attack: An Adversarial Watermarking Attack against Face Age based on Identity Constraint

Recently, there has been increasing concern about the security of facial recognition systems, especially in the context of black-box attacks. As attackers continue to devise new ways to exploit vulnerabilities, attention to age estimation in facial recognition becomes critical. Age estimation is also a critical task for a variety of applications, evolving with advances in computer vision and deep learning. In this paper, an identity-constrained face age against Watermark attack (FAIC) method based on DDE algorithm is proposed. The method finds the optimal solution of watermark addition by changing the position of the watermark in the host image, the transparency of the watermark, the size of the watermark, and the rotation angle to deceive deep neural networks. In addition, we also try to constrain the face identity in the attack to achieve the effect of only changing the face age without changing the face identity after the attack. A series of experiments show that our method can improve the stability of face identity while attacking face age, and improve the success rate of attack by changing the watermark size and rotation angle, which proves that our added parameter settings are effective. The proposed FAIC method and the constraint on face identity provide an effective and stable method for the black box attack of face age estimation.

Conference paper

In The 7th International Conference on Machine Vision and Applications