Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition

Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K. Reiter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

600 Scopus citations

Abstract

Machine learning is enabling a myriad innovations, including new algorithms for cancer diagnosis and self-driving cars. The broad use of machine learning makes it important to understand the extent to which machine-learning algorithms are subject to attack, particularly when used in applications where physical security or safety is at risk. In this paper, we focus on facial biometric systems, which are widely used in surveillance and access control. We define and investigate a novel class of attacks: attacks that are physically realizable and inconspicuous, and allow an attacker to evade recognition or impersonate another individual. We develop a systematic method to automatically generate such attacks, which are realized through printing a pair of eyeglass frames. When worn by the attacker whose image is supplied to a state-of-the-art face-recognition algorithm, the eyeglasses allow her to evade being recognized or to impersonate another individual. Our investigation focuses on white-box face-recognition systems, but we also demonstrate how similar techniques can be used in black-box scenarios, as well as to avoid face detection.

Original languageEnglish (US)
Title of host publicationCCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages1528-1540
Number of pages13
ISBN (Electronic)9781450341394
DOIs
StatePublished - Oct 24 2016
Externally publishedYes
Event23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria
Duration: Oct 24 2016Oct 28 2016

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
Volume24-28-October-2016
ISSN (Print)1543-7221

Other

Other23rd ACM Conference on Computer and Communications Security, CCS 2016
Country/TerritoryAustria
CityVienna
Period10/24/1610/28/16

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition'. Together they form a unique fingerprint.

Cite this