网络与信息安全学报2025,Vol.11Issue(1):129-140,12.DOI:10.11959/j.issn.2096-109x.2025001
基于多尺度频率分解与元学习的人脸识别有目标攻击算法
Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning
摘要
Abstract
As the prevalence of facial recognition technology continued to grow,concerns about personal privacy breaches were also gradually intensifying.Despite recent studies attempting to safeguard photo privacy by generat-ing adversarial examples to prevent unauthorized facial recognition systems from identifying individuals,these methods were often constrained by low attack success rates and weak transferability.To address this issue,a facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning was pro-posed.This algorithm initially devised a multiscale frequency decomposition module that meticulously partitioned the target facial image into frequency bands comprising distinct components.This module integrated frequency in-formation with spatial information,thereby enabling the extraction of comprehensive information from the target fa-cial image.Subsequently,a cycle-consistent generative adversarial networks(CycleGAN)-based adversarial attack algorithm with makeup transfer as its core was constructed.This algorithm employed a source facial image to gen-erate high-quality makeup.During this process,a meta-learning attack module was introduced to calculate the loss function and update parameters.The meta-learning attack module enabled precise makeup processing,by which the target face's features were embedded into the makeup to create adversarial makeup images.This enabled the tar-geted attacks that were the focus of this study.The meta-learning attack module addressed the overfitting and gener-alization issues present in previous white-box model ensemble attacks,thereby enhancing the efficacy and general-ization ability of the generated adversarial examples.The results of experimental analysis of different attack strate-gies demonstrate that the combination of multiscale frequency decomposition and meta-learning significantly en-hances the success rate and robustness of attacks on facial recognition systems.关键词
人脸识别有目标攻击算法/多尺度频率分解/循环生成对抗网络/元学习Key words
facial recognition targeted attack algorithm/multiscale frequency decomposition/CycleGAN/meta-learning分类
信息技术与安全科学引用本文复制引用
蔡骏,黄添强,郑翱鲲,叶锋,徐超..基于多尺度频率分解与元学习的人脸识别有目标攻击算法[J].网络与信息安全学报,2025,11(1):129-140,12.基金项目
国家自然科学基金(62072106) (62072106)
福建省科技创新平台项目(2023-P-003) (2023-P-003)
福建省自然科学基金(2022J01188) (2022J01188)
福建省教育厅中青年教师教育科研项目(JAT210051) (JAT210051)
福建省自然科学基金(福建省科技厅校企合作项目)(2022J01190) The National Natural Science Foundation of China(62072106),Fujian Province Science and Technology Innovation Platform Project(2023-P-003),The Natural Science Foundation of Fujian Province(2022J01188),Fujian Provincial Department of Education Young and Middle-aged Teachers Education Research Project(JAT210051),The Natural Science Foundation of Fujian Province(Fujian Provincial Science and Technology Department School-Enterprise Cooperation Project)(2022J01190) (福建省科技厅校企合作项目)
