LAUSR

Abstract Face recognition as an identity authentication has been widely used in commodity mobile systems. However due to increasing attacks against face recognition algorithms, mobile systems users begin to concern about the security of face recognition modules in their mobile devices. In this paper, we focus on synthetic and adversarial face image attack on both Baidu and Face++ face comparison APIs. To make a fair comparison, we also tested on Google facenet as the baseline. The results show Both APIs are vulnerable to synthetic and adversarial attacks. Although liveness detection mechanisms could mitigate the synthetic attack in our experiment, not all APIs have this feature. The API without liveness detection mechanism(Face++) is vulnerable to presentation attack. The accept rate in Baidu API could be affected by security level of liveness detection control. Both dodging and impersonation adversarial image attacks are correlated to the perturbation level, the higher perturbation level the more likely to be successful in dodging attack, in the contrast,the lower perturbation level is more likely to lead a successful impersonation attack. In our experiment, Baidu Liveness detection mechanism can detect adversarial images as synthetic images and reject a majority of adversarial image attacks.