Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks

Ren Hung Hwang*, Jia You Lin, Sun Ying Hsieh, Hsuan Yu Lin, Chia Liang Lin

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee attendance monitoring, automatic border control, and face scan payment. However, deep learning models are vulnerable to adversarial attacks conducted by perturbing probe images to generate adversarial examples, or using adversarial patches to generate well-designed perturbations in specific regions of the image. Most previous studies on adversarial attacks assume that the attacker hacks into the system and knows the architecture and parameters behind the deep learning model. In other words, the attacked model is a white box. However, this scenario is unrepresentative of most real-world adversarial attacks. Consequently, the present study assumes the face recognition system to be a black box, over which the attacker has no control. A Generative Adversarial Network method is proposed for generating adversarial patches to carry out dodging and impersonation attacks on the targeted face recognition system. The experimental results show that the proposed method yields a higher attack success rate than previous works.

Original languageEnglish
Article number853
Issue number2
StatePublished - Jan 2023


  • adversarial attack
  • adversarial examples
  • adversarial patches
  • deep learning
  • face recognition
  • Generative Adversarial Network
  • perturbation


Dive into the research topics of 'Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks'. Together they form a unique fingerprint.

Cite this