Accessorize to a Crime - Real and Stealthy Attacks on State-Of-The-Art Face Recognition

Explore a conference talk that delves into real and stealthy attacks on state-of-the-art face recognition systems. Learn about the vulnerabilities of machine learning in ubiquitous applications, particularly in face recognition used for surveillance and access control. Discover how adversaries can manipulate inputs to affect outputs in deep neural networks, and examine specific attack methods targeting facial features and eyeglasses. Investigate experiments conducted in digital environments and the challenges of creating physically realizable impersonations. Gain insights into the risks posed by impersonation attacks and their potential extensions. Understand the implications of these findings for the security of face recognition technology.

Intro
Machine Learning Is Ubiquitous
What Do You See?
The Difference
What Are the Adversary's Capabilities? To generate attacks, attacker needs to know how changing input affects output
What's a (Deep) Neural Network?
Face Recognition . Applications: surveillance, access control...
Face Recognition: Our Attacks
Deep Face Recognition
Apply Changes to Face Only
Apply Changes to Eyeglasses
Experiments in Digital Environment
Smooth Transitions Natural images tend to be smooth
Printable Eyeglasses Chalenge: Cannot print all colors
Robust Perturbations
Putting All the Pieces Together - Physically realizable impersonation
Does This Work?
Experiment: Realized Impersonations
Impersonation Attacks Pose Real Risk!
Extensions (See Paper)
Conclusions