2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | IFS-2.1 | ||
| Paper Title | IDENTIFYING PHYSICALLY REALIZABLE TRIGGERS FOR BACKDOORED FACE RECOGNITION NETWORKS | ||
| Authors | Ankita Raj, Indian Institute of Technology Delhi, India; Ambar Pal, Johns Hopkins University, India; Chetan Arora, Indian Institute of Technology Delhi, India | ||
| Session | IFS-2: Information Forensics and Security | ||
| Location | Area K | ||
| Session Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Information Forensics and Security: Multimedia forensics | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | Backdoor attacks embed a hidden functionality into deep neural networks, causing the network to display anomalous behavior when activated by a predetermined pattern in the input (Trigger), while behaving well otherwise on public test data. Recent works have shown that backdoored face recognition (FR) systems can respond to natural-looking triggers like a particular pair of sunglasses. Such attacks pose a serious threat to the applicability of FR systems in high-security applications. We propose a novel technique to (1) detect whether an FR network is compromised with a natural, physically realizable trigger, and (2) identify such triggers given a compromised network. We demonstrate the effectiveness of our methods with a compromised FR network, where we are able to identify the trigger (e.g. green-sunglasses or red-bowtie) with a top-5 accuracy of 74%, whereas a naive brute force baseline achieves 56% accuracy. | ||