Open Access

ARTICLE

VeriFace: Defending against Adversarial Attacks in Face Verification Systems

Awny Sayed¹, Sohair Kinlany², Alaa Zaki², Ahmed Mahfouz^2,3,*

1 Information Technology Department, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia
2 Computer Science Department, Faculty of Science, Minia University, Al Minya, Egypt
3 Faculty of Computer Studies, Arab Open University, Muscat, Oman

* Corresponding Author: Ahmed Mahfouz. Email:

Computers, Materials & Continua 2023, 76(3), 3151-3166. https://doi.org/10.32604/cmc.2023.040256

Received 11 March 2023; Accepted 13 June 2023; Issue published 08 October 2023

Abstract

Face verification systems are critical in a wide range of applications, such as security systems and biometric authentication. However, these systems are vulnerable to adversarial attacks, which can significantly compromise their accuracy and reliability. Adversarial attacks are designed to deceive the face verification system by adding subtle perturbations to the input images. These perturbations can be imperceptible to the human eye but can cause the system to misclassify or fail to recognize the person in the image. To address this issue, we propose a novel system called VeriFace that comprises two defense mechanisms, adversarial detection, and adversarial removal. The first mechanism, adversarial detection, is designed to identify whether an input image has been subjected to adversarial perturbations. The second mechanism, adversarial removal, is designed to remove these perturbations from the input image to ensure the face verification system can accurately recognize the person in the image. To evaluate the effectiveness of the VeriFace system, we conducted experiments on different types of adversarial attacks using the Labelled Faces in the Wild (LFW) dataset. Our results show that the VeriFace adversarial detector can accurately identify adversarial images with a high detection accuracy of 100%. Additionally, our proposed VeriFace adversarial removal method has a significantly lower attack success rate of 6.5% compared to state-of-the-art removal methods.

---

Keywords

---