Researchers Defeated Advanced Facial Recognition Tech Using Makeup (vice.com) 23
An anonymous reader quotes a report from Motherboard: Researchers have found a new and surprisingly simple method for bypassing facial recognition software using makeup patterns. A new study from Ben-Gurion University of the Negev found that software-generated makeup patterns can be used to consistently bypass state-of-the-art facial recognition software, with digitally and physically-applied makeup fooling some systems with a success rate as high as 98 percent. In their experiment, the researchers defined their 20 participants as blacklisted individuals so their identification would be flagged by the system. They then used a selfie app called YouCam Makeup to digitally apply makeup to the facial images according to the heatmap which targets the most identifiable regions of the face. A makeup artist then emulated the digital makeup onto the participants using natural-looking makeup in order to test the target model's ability to identify them in a realistic situation.
The researchers tested the attack method in a simulated real-world scenario in which participants wearing the makeup walked through a hallway to see whether they would be detected by a facial recognition system. The hallway was equipped with two live cameras that streamed to the MTCNN face detector while evaluating the system's ability to identify the participant. The experiment saw 100 percent success in the digital experiments on both the FaceNet model and the LResNet model, according to the paper. In the physical experiments, the participants were detected in 47.6 percent of the frames if they weren't wearing any makeup and 33.7 percent of the frames if they wore randomly applied makeup. Using the researchers' method of applying makeup to the highly identifiable parts of the attacker's face, they were only recognized in 1.2 percent of the frames.
The researchers tested the attack method in a simulated real-world scenario in which participants wearing the makeup walked through a hallway to see whether they would be detected by a facial recognition system. The hallway was equipped with two live cameras that streamed to the MTCNN face detector while evaluating the system's ability to identify the participant. The experiment saw 100 percent success in the digital experiments on both the FaceNet model and the LResNet model, according to the paper. In the physical experiments, the participants were detected in 47.6 percent of the frames if they weren't wearing any makeup and 33.7 percent of the frames if they wore randomly applied makeup. Using the researchers' method of applying makeup to the highly identifiable parts of the attacker's face, they were only recognized in 1.2 percent of the frames.
So...Juggalo crime spree imminent? (Score:2)
U break, U buy. (Score:2)
Researchers have found a new and surprisingly simple method for bypassing facial recognition software using makeup patterns.
Ah that's nothing. Ugly people have been defeating facial recognition for years.
Forget what you Saw. (Score:2)
Now we know anyone who shows up with spirals on their cheeks just wants to play a game.
So, like all the rest of mass surveillance tech, (Score:2)
"Pictures or it Didn't Happen" (Score:2)
None of the links (at least without paying a paywall for the newsie one) show pictures of what they're talking about.
Does anyone have a non-paywalled link to examples of their system's makeup prescriptions?
Re: (Score:2)
(Reason I asked: It would be nice to know if the stuff they got to work looks more like blaze camo / clown makeup or like a makeup style with potential to become trendy.)
Re: (Score:2)
(Reason I asked: It would be nice to know if the stuff they got to work looks more like blaze camo / clown makeup or like a makeup style with potential to become trendy.)
I know that women can look incredibly different with or without makeup. And a subtle application of shadowing that will still look "natural", and messing with other measurement parameters - I'd wager at least a cup of coffee that a person won't have to look like a Juggalo.
I think that men could even put some on that won't make it look like they are wearing makeup that will fool the FR.
Re: (Score:2)
This is ancient news and yes people do have to look like a juggalo IIRC, the evasion method I saw previously used high contrast shapes covering most of the face. But IDK, maybe fake contour shadowing would work too. I expect defeat measures would vary from one facial recognition system to the next.
Re: (Score:3)
Nope, they used shading, the lady looks pretty normal here:
https://www.youtube.com/watch?... [youtube.com]
Re: "Pictures or it Didn't Happen" (Score:2)
The first link has the PDF. It's very natural looking.
Re: (Score:2)
Only 15% zombie, not a bad look. Better than the ones with the grid on their face.
Re: (Score:2)
The first link has the PDF. It's very natural looking.
Thanks. But did you miss where I said: "(at least without paying a paywall for the newsie one)"?
I was (hopefully humorously) complaining that any images in the TFAs were behind paywalls and asking for a link to one that was free. (Fortunately, another poster has already replied with such a link.)
Re: "Pictures or it Didn't Happen" (Score:4, Informative)
At least watch the linked video ffs (Score:2)
The big deal isn't that you can smear your face in funny ways to make the AI spaz out. The big deal is that the make up looks all natural and isn't in any way "special" to the normal human eye. She looks just like any normal person to a normal person, just not to the algorithm.
Hard to attack from the outside (Score:2)
Haven't RTFA, but don't all these adversarial techniques rely on having access to the model and its data in order to extract the adversarial patterns? If so, while displaying the lack of reliability of the systems, it doesn't seem like a very viable in real life. If you have access to the model and data, you are already on the inside and all bets are off.
Just a matter of time (Score:2)
Solution: Use H266 DCT prediction (Score:2)
um...? (Score:2)
Haven't we been told for years that these systems are racist?
Wouldn't that mean you could defeat them even more simply by being born black?
Time to ban makeup. (Score:2)
Been there, done that (Score:2)
People have been scrambling facial recognition for years. Know the cues a system (or person) is looking for, change or hide them. One of the things that made The Americans [imdb.com] a hoot.
A few years ago I needed to conceal my midriff thanks to surgical drains after a tummy tuck. I opted for, in effect, dazzle camouflage. Tie a brightly coloured scarf around my middle. Yes, something is going on. No, I'm not going to let you see just what that something is.
...laura