Thwart Physical and Digital Domain's Adversarial Attack Methods on Face Detection

Abstract

Face detection is a classic problem widely focused on the field of computer vision. It has essential values in security monitoring, human-computer interaction, social interaction, and other fields. Face detection technology has been widely integrated into digital cameras, smartphones, and other end-to-end devices to realize the functions of finding out and focusing on faces. For example, beauty camera applications use face detection to identify faces in preparation for subsequent beauty functions. Face recognition relies on face detection to provide support and assurance. Unfortunately, face detection security problems are constantly emerging in the public's vision with the widespread use of face detection technology. Research on attacking and defending methods on face detection has become a hot research topic about artificial intelligence security. By studying the adversarial attack methods on face detection, we can better evaluate the face detection models' security, and at the same time, can give beneficial help to improve the security of face detection. Among these methods, the most popular attacking method is adversarial attacks. In this paper, we have rationalized and classified the methods of adversarial attacks on face detection according to the attacking principles, the attacking domain, and the attacker's understanding of the face detection models. According to the domain to make classification, it includes digital-domain attack, physical-domain attack; according to the attacker's understanding of the face detection models, it includes black-box attack, white-box attack, grey-box attack. Finally, according to the problems in its current development situation, we proposed the possible solutions and predicted its future development trend.