基于人脸识别的对抗样本生成算法研究
Research on Adversarial Sample Generation Algorithm Based on Face Recognition
DOI: 10.12677/csa.2026.161027, PDF,    科研立项经费支持
作者: 王宇辰, 贾召弟:北华航天工业学院计算机学院,河北 廊坊
关键词: 人脸对抗样本生成生成对抗网络人脸识别深度学习Face Adversarial Sample Generation Generative Adversarial Network Face Recognition Deep Learning
摘要: 随着互联网的广泛应用,各种智能化系统的出现极大地提升了人们的生活质量和工作效率。在众多智能化系统中,人脸识别技术的应用最为广泛。人脸识别系统虽然在众多领域发挥了重要作用,但仍面临许多挑战。例如人脸识别系统容易被恶意攻击,亟待需要安全性测试。现有对抗样本存在攻击性弱,视觉效果差问题。本文提出的模型通过StyleNet风格–内容解耦编码、FusionNet多层次风格注入,辅以变形交叉注意力、频域融合和自适应融合金字塔等创新模块,实现了妆容风格从参考人脸到目标人脸的自然迁移。数学推导和实现细节表明,这些模块有效解决了妆容迁移中的局部特征对齐、色彩纹理分离控制、区域平滑融合等难点问题。本文提出的AdversarialMakeup模型在妆容迁移与隐私攻击的核心指标上取得了卓越的综合性能。定量评估表明,该方法在关键指标上达到平均攻击成功率(ASR(avg)) 0.15,同时保持了优异的视觉质量(LPIPS为0.34,SSIM为0.90)和颜色分布一致性(HistDist为0.095)。
Abstract: With the wide application of the Internet, the emergence of various intelligent systems has greatly improved people’s quality of life and work efficiency. Among the many intelligent systems, facial recognition technology is the most widely used. Although facial recognition systems have played an important role in many fields, they still face many challenges. For example, facial recognition systems are vulnerable to malicious attacks and urgently need security testing. Existing adversarial samples have weak attack capabilities and poor visual effects. The model proposed in this paper achieves natural transfer of makeup style from the reference face to the target face through StyleNet style-content decoupling encoding, FusionNet multi-level style injection, and innovative modules such as deformable cross-attention, frequency domain fusion, and adaptive fusion pyramid. Mathematical derivations and implementation details show that these modules effectively solve the difficult problems in makeup transfer, such as local feature alignment, color texture separation control, and regional smooth fusion. The AdversarialMakeup model proposed in this paper has achieved outstanding comprehensive performance in the core indicators of makeup transfer and privacy attack. Quantitative evaluation shows that this method achieves an average attack success rate (ASR(avg)) of 0.15 on key indicators, while maintaining excellent visual quality (LPIPS of 0.34, SSIM of 0.90) and color distribution consistency (HistDist of 0.095).
文章引用:王宇辰, 贾召弟. 基于人脸识别的对抗样本生成算法研究[J]. 计算机科学与应用, 2026, 16(1): 328-336. https://doi.org/10.12677/csa.2026.161027

参考文献

[1] Choi, Y., Choi, M., Kim. M., et al. (2018) Stargan: Unified Generative Adversarial Networks for Multi-Domain Image-to-Image Translation. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Salt Lake City, 18-23 June 2018, 8789-8797. [Google Scholar] [CrossRef
[2] Liu, M., Ding, Y., Xia, M., et al. (2019) Stgan: A Unified Selective Transfer Network for Arbitrary Image Attribute Editing. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Long Beach, 15-20 June 2019, 3673-3682. [Google Scholar] [CrossRef
[3] He, Z., Zuo, W., Kan, M., et al. (2019) Attgan: Facial Attribute Editing by Only Changing What You Want. IEEE Transactions on Image Processing, 28, 5464-5478. [Google Scholar] [CrossRef
[4] 王鑫, 肖韬睿. 基于生成对抗网络的人脸识别对抗攻击[J]. 计算机与现代化, 2023(10): 115-120+126.
[5] Henry, J., Natalie, T. and Madsen, D. (2021) Pix2pix Gan for Image-to-Image Translation. Research Gate Publication, 2021, 1-5.
[6] Zhu, J., Park, T., Isola, P. and Efros, A.A. (2017) Unpaired Image-To-Image Translation Using Cycle-Consistent Adversarial Networks. 2017 IEEE International Conference on Computer Vision (ICCV), Venice, 22-29 October 2017, 2223-2232. [Google Scholar] [CrossRef
[7] Karras, T., Aila, T., Laine, S., et al. (2017) Progressive Growing of Gans for Improved Quality, Stability, and Variation. arXiv:1710.10196, 2017.
[8] Chang, H., Lu, J., Yu, F. and Finkelstein, A. (2018) PairedCycleGAN: Asymmetric Style Transfer for Applying and Removing Makeup. 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, 18-23 June 2018, 40-48. [Google Scholar] [CrossRef
[9] Xiao, C., Li, B., Zhu, J., He, W., Liu, M. and Song, D. (2018) Generating Adversarial Examples with Adversarial Networks. Proceedings of the 27th International Joint Conference on Artificial Intelligence, Stockholm, 13-19 July 2018, 3905-3911. [Google Scholar] [CrossRef
[10] Jiang, L., Qiao, K., Qin, R., Wang, L., Yu, W., Chen, J., et al. (2020) Cycle-Consistent Adversarial GAN: The Integration of Adversarial Attack and Defense. Security and Communication Networks, 2020, 1-9. [Google Scholar] [CrossRef
[11] Li, T., Qian, R., Dong, C., et al. (2018) Beautygan: Instance-Level Facial Makeup Transfer with Deep Generative Adversarial Network. Proceedings of the 26th ACM International Conference on Multimedia, Seoul, 22-26 October 2018, 645-653. [Google Scholar] [CrossRef
[12] Zhang, R., Isola, P., Efros, A.A., et al. (2018) The Unreasonable Effectiveness of Deep Features as a Perceptual Metric. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Salt Lake City, 18-23 June 2018, 586-595. [Google Scholar] [CrossRef
[13] Peng, P. and Li, Z.N. (2011) Self-Information Weighting for Image Quality Assessment. 2011 4th International Congress on Image and Signal Processing, 4, 1728-1732. [Google Scholar] [CrossRef
[14] Jiang, W., Liu, S., Gao, C., et al. (2020) Psgan: Pose and Expression Robust Spatial-Aware Gan for Customizable Makeup Transfer. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle, 13-19 June 2020, 5194-5202. [Google Scholar] [CrossRef