Double Privacy Guard: Robust Traceable Adversarial Watermarking against Face Recognition

arXiv:2404.14693v1 Announce Type: cross
Abstract: The wide deployment of Face Recognition (FR) systems poses risks of privacy leakage. One countermeasure to address this issue is adversarial attacks, which deceive malicious FR searches but simultaneously interfere the normal identity verification of trusted authorizers. In this paper, we propose the first Double Privacy Guard (DPG) scheme based on traceable adversarial watermarking. DPG employs a one-time watermark embedding to deceive unauthorized FR models and allows authorizers to perform identity verification by extracting the …

abstract adversarial adversarial attacks arxiv attacks cs.cr cs.cv deployment eess.iv face face recognition identity identity verification issue normal paper privacy recognition risks robust systems traceable type verification watermarking