⚠️ 以下所有内容总结都来自于 大语言模型的能力,如有错误,仅供参考,谨慎使用
🔴 请注意:千万不要用于严肃的学术场景,只能用于论文阅读前的初筛!
💗 如果您觉得我们的项目对您有帮助 ChatPaperFree ,还请您给我们一些鼓励!⭐️ HuggingFace免费体验
2025-08-09 更新
From Detection to Correction: Backdoor-Resilient Face Recognition via Vision-Language Trigger Detection and Noise-Based Neutralization
Authors:Farah Wahida, M. A. P. Chamikara, Yashothara Shanmugarasa, Mohan Baruwal Chhetri, Thilina Ranbaduge, Ibrahim Khalil
Biometric systems, such as face recognition systems powered by deep neural networks (DNNs), rely on large and highly sensitive datasets. Backdoor attacks can subvert these systems by manipulating the training process. By inserting a small trigger, such as a sticker, make-up, or patterned mask, into a few training images, an adversary can later present the same trigger during authentication to be falsely recognized as another individual, thereby gaining unauthorized access. Existing defense mechanisms against backdoor attacks still face challenges in precisely identifying and mitigating poisoned images without compromising data utility, which undermines the overall reliability of the system. We propose a novel and generalizable approach, TrueBiometric: Trustworthy Biometrics, which accurately detects poisoned images using a majority voting mechanism leveraging multiple state-of-the-art large vision language models. Once identified, poisoned samples are corrected using targeted and calibrated corrective noise. Our extensive empirical results demonstrate that TrueBiometric detects and corrects poisoned images with 100% accuracy without compromising accuracy on clean images. Compared to existing state-of-the-art approaches, TrueBiometric offers a more practical, accurate, and effective solution for mitigating backdoor attacks in face recognition systems.
生物识别系统,例如由深度神经网络(DNN)驱动的人脸识别系统,依赖于大型且高度敏感的数据集。后门攻击可以通过操纵训练过程来破坏这些系统。通过在少数训练图像中插入一个小触发器,如贴纸、化妆或图案口罩,对手可以在后续的身份验证过程中呈现相同的触发器,被错误地识别为另一个人,从而获取未经授权的访问。现有的针对后门攻击的防御机制仍然面临着挑战,需要在不损害数据实用性的情况下精确地识别和缓解中毒图像,这破坏了系统的整体可靠性。我们提出了一种新颖且可推广的方法,名为TrueBiometric:可信生物识别,它使用多数投票机制和多态先进的视觉语言模型来准确检测中毒图像。一旦确定,中毒样本将使用有针对性的校准校正噪声进行校正。我们的广泛实验结果表明,TrueBiometric在不影响干净图像准确性的情况下,以100%的准确率检测和纠正中毒图像。与现有的最先进方法相比,TrueBiometric为缓解人脸识别系统中的后门攻击提供了更实用、准确和有效的解决方案。
论文及项目相关链接
PDF 19 Pages, 24 Figures
Summary
人脸识别系统依赖于大型敏感数据集,易受到后门攻击的影响。攻击者通过在训练过程中插入小触发物,如贴纸、化妆或图案面具,来误导系统。现有防御机制在识别有毒图像时仍面临挑战,可能损害数据的实用性,从而影响系统的整体可靠性。我们提出了一种新型且可推广的方法——TrueBiometric:可信生物识别,利用多数投票机制和多个最先进的视觉语言模型准确检测有毒图像。一经识别,用有针对性的校准校正噪声对中毒样本进行修正。大量实验结果表明,TrueBiometric在不影响清洁图像准确性的情况下,检测和纠正有毒图像准确率可达百分之百。与现有先进方法相比,TrueBiometric为人脸识别系统中的后门攻击提供了更实用、准确和有效的解决方案。
Key Takeaways
- 人脸识别系统依赖于大型敏感数据集,易受到后门攻击的影响。
- 后门攻击通过在训练图像中插入小触发物来误导系统。
- 现有防御机制在识别有毒图像时存在挑战,可能损害数据实用性。
- TrueBiometric方法利用多数投票机制和多个视觉语言模型准确检测有毒图像。
- TrueBiometric能够识别和纠正中毒图像,且不影响清洁图像的准确性。
- 与现有方法相比,TrueBiometric更实用、准确和有效。
点此查看论文截图
