Towards Characterizing the Semantic Robustness of Face Recognition

Juan C. Pérez; Motasem Alfarra; Ali Thabet; Pablo Arbeláez; Bernard Ghanem

doi:10.1109/CVPRW59228.2023.00037

Towards Characterizing the Semantic Robustness of Face Recognition

Juan C. Pérez^*
, Motasem Alfarra
, Ali Thabet
, Pablo Arbeláez
, Bernard Ghanem

^*Corresponding author for this work

King Abdullah University of Science and Technology
Universidad de los Andes Mérida
Reality Labs

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Citations (Scopus)

Abstract

Deep Neural Networks (DNNs) lack robustness against imperceptible perturbations to their input. Face Recognition Models (FRMs) based on DNNs inherit this vulnerability. We propose a methodology for assessing and characterizing the robustness of FRMs against semantic perturbations to their input. Our methodology causes FRMs to malfunction by designing adversarial attacks that search for identity-preserving modifications to faces. In particular, given a face, our attacks find identity-preserving variants of the face such that an FRM fails to recognize the images belonging to the same identity. We model these identity-preserving semantic modifications via direction- and magnitude-constrained perturbations in the latent space of StyleGAN. We further propose to characterize the semantic robustness of an FRM by statistically describing the perturbations that induce the FRM to malfunction. Finally, we combine our methodology with a certification technique, thus providing (i) theoretical guarantees on the performance of an FRM, and (ii) a formal description of how an FRM may model the notion of face identity.

Original language	English
Title of host publication	Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023
Publisher	IEEE Computer Society
Pages	315-325
Number of pages	11
ISBN (Electronic)	9798350302493
DOIs	https://doi.org/10.1109/CVPRW59228.2023.00037
Publication status	Published - 2023
Externally published	Yes
Event	2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023 - Vancouver, Canada Duration: 18 Jun 2023 → 22 Jun 2023

Publication series

Name	IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops
Volume	2023-June
ISSN (Print)	2160-7508
ISSN (Electronic)	2160-7516

Conference

Conference	2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023
Country/Territory	Canada
City	Vancouver
Period	18/06/23 → 22/06/23

Access to Document

10.1109/CVPRW59228.2023.00037

Cite this

Pérez, J. C., Alfarra, M., Thabet, A., Arbeláez, P., & Ghanem, B. (2023). Towards Characterizing the Semantic Robustness of Face Recognition. In Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023 (pp. 315-325). (IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops; Vol. 2023-June). IEEE Computer Society. https://doi.org/10.1109/CVPRW59228.2023.00037

@inproceedings{bbd91375f62e4696bb3b01fb63aa40f8,

title = "Towards Characterizing the Semantic Robustness of Face Recognition",

abstract = "Deep Neural Networks (DNNs) lack robustness against imperceptible perturbations to their input. Face Recognition Models (FRMs) based on DNNs inherit this vulnerability. We propose a methodology for assessing and characterizing the robustness of FRMs against semantic perturbations to their input. Our methodology causes FRMs to malfunction by designing adversarial attacks that search for identity-preserving modifications to faces. In particular, given a face, our attacks find identity-preserving variants of the face such that an FRM fails to recognize the images belonging to the same identity. We model these identity-preserving semantic modifications via direction- and magnitude-constrained perturbations in the latent space of StyleGAN. We further propose to characterize the semantic robustness of an FRM by statistically describing the perturbations that induce the FRM to malfunction. Finally, we combine our methodology with a certification technique, thus providing (i) theoretical guarantees on the performance of an FRM, and (ii) a formal description of how an FRM may model the notion of face identity.",

author = "P{\'e}rez, \{Juan C.\} and Motasem Alfarra and Ali Thabet and Pablo Arbel{\'a}ez and Bernard Ghanem",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023 ; Conference date: 18-06-2023 Through 22-06-2023",

year = "2023",

doi = "10.1109/CVPRW59228.2023.00037",

language = "English",

series = "IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops",

publisher = "IEEE Computer Society",

pages = "315--325",

booktitle = "Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023",

address = "United States",

}

Pérez, JC, Alfarra, M, Thabet, A, Arbeláez, P & Ghanem, B 2023, Towards Characterizing the Semantic Robustness of Face Recognition. in Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023. IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, vol. 2023-June, IEEE Computer Society, pp. 315-325, 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023, Vancouver, Canada, 18/06/23. https://doi.org/10.1109/CVPRW59228.2023.00037

Towards Characterizing the Semantic Robustness of Face Recognition. / Pérez, Juan C.; Alfarra, Motasem; Thabet, Ali et al.
Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023. IEEE Computer Society, 2023. p. 315-325 (IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops; Vol. 2023-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards Characterizing the Semantic Robustness of Face Recognition

AU - Pérez, Juan C.

AU - Alfarra, Motasem

AU - Thabet, Ali

AU - Arbeláez, Pablo

AU - Ghanem, Bernard

PY - 2023

Y1 - 2023

N2 - Deep Neural Networks (DNNs) lack robustness against imperceptible perturbations to their input. Face Recognition Models (FRMs) based on DNNs inherit this vulnerability. We propose a methodology for assessing and characterizing the robustness of FRMs against semantic perturbations to their input. Our methodology causes FRMs to malfunction by designing adversarial attacks that search for identity-preserving modifications to faces. In particular, given a face, our attacks find identity-preserving variants of the face such that an FRM fails to recognize the images belonging to the same identity. We model these identity-preserving semantic modifications via direction- and magnitude-constrained perturbations in the latent space of StyleGAN. We further propose to characterize the semantic robustness of an FRM by statistically describing the perturbations that induce the FRM to malfunction. Finally, we combine our methodology with a certification technique, thus providing (i) theoretical guarantees on the performance of an FRM, and (ii) a formal description of how an FRM may model the notion of face identity.

AB - Deep Neural Networks (DNNs) lack robustness against imperceptible perturbations to their input. Face Recognition Models (FRMs) based on DNNs inherit this vulnerability. We propose a methodology for assessing and characterizing the robustness of FRMs against semantic perturbations to their input. Our methodology causes FRMs to malfunction by designing adversarial attacks that search for identity-preserving modifications to faces. In particular, given a face, our attacks find identity-preserving variants of the face such that an FRM fails to recognize the images belonging to the same identity. We model these identity-preserving semantic modifications via direction- and magnitude-constrained perturbations in the latent space of StyleGAN. We further propose to characterize the semantic robustness of an FRM by statistically describing the perturbations that induce the FRM to malfunction. Finally, we combine our methodology with a certification technique, thus providing (i) theoretical guarantees on the performance of an FRM, and (ii) a formal description of how an FRM may model the notion of face identity.

UR - https://www.scopus.com/pages/publications/85170828191

U2 - 10.1109/CVPRW59228.2023.00037

DO - 10.1109/CVPRW59228.2023.00037

M3 - Conference contribution

AN - SCOPUS:85170828191

T3 - IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops

SP - 315

EP - 325

BT - Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023

PB - IEEE Computer Society

T2 - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023

Y2 - 18 June 2023 through 22 June 2023

ER -

Pérez JC, Alfarra M, Thabet A, Arbeláez P, Ghanem B. Towards Characterizing the Semantic Robustness of Face Recognition. In Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023. IEEE Computer Society. 2023. p. 315-325. (IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops). doi: 10.1109/CVPRW59228.2023.00037

Towards Characterizing the Semantic Robustness of Face Recognition

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this