Politecnico di Torino (logo)

Exploring poisoning attacks against a face recognition system

Garofalo, Giuseppe

Exploring poisoning attacks against a face recognition system.

Rel. Silvia Anna Chiusano. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2018

PDF (Tesi_di_laurea) - Tesi
Accesso al documento: Accesso libero
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB) | Preview

Face recognition systems are being widely adopted today as identification tools. The main reason for this trend is the rise of machine learning algorithms, which allows for efficient and usable authenticators. However, intelligent adversaries may target these algorithms, and prior works have underlined the effectiveness of such attacks. One example is the poisoning of the training set, where the attacker changes the input on which the model re-trains to modify the learned function. In this work, we apply an existing poisoning attack against an authentication system based on a state-of-the-art face recognition technique. In particular, we target a SVM classifier which extends a deep neural network for feature extraction. Moreover, we present a novel reverse mapping technique to craft real-world image starting from a feature vector. Our attack shows a drop in the accuracy of ~45% by just adding one sample to the training set. This work underlines that poisoning poses a real threat to face authenticators and that security vulnerabilities should be considered when designing such systems.

Relatori: Silvia Anna Chiusano
Anno accademico: 2018/19
Tipo di pubblicazione: Elettronica
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Ente in cotutela: KUL - Katholieke Universiteit Leuven (BELGIO)
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/8486
Modifica (riservato agli operatori) Modifica (riservato agli operatori)