[R] AdvHat: Real-world adversarial attack on ArcFace Face ID system
Hi! We have done some interesting research on breaking the current best public Face ID system – ArcFace – using the adversarial attack technique. It’s quite ordinary but what we succeed is to do it in the real world (i.e. made it not in digital domain only): someone can print the color sticker and stick it to a hat, and after that the similarity with the ground truth drops significantly. Even some sort of attack transferability to other top Face ID models from insightface exists.
Video demonstration: https://www.youtube.com/watch?v=a4iNg0wWBsQ
Any comments are welcome!