Towards Certifiably Robust Face Recognition
- Authors
- Paik, Seunghun; Kim, Dongsoo; Hwang, Chanwoo; Kim, Sunpill; Seo, Jae Hong
- Issue Date
- Nov-2024
- Publisher
- Springer Verlag
- Keywords
- Certifiable Robustness; Face Recognition
- Citation
- Lecture Notes in Computer Science, v.15143, pp 143 - 161
- Pages
- 19
- Indexed
- SCOPUS
- Journal Title
- Lecture Notes in Computer Science
- Volume
- 15143
- Start Page
- 143
- End Page
- 161
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/202202
- DOI
- 10.1007/978-3-031-73013-9_9
- ISSN
- 0302-9743
1611-3349
- Abstract
- Adversarial perturbation is a severe threat to deep learning-based systems such as classification and recognition because it makes the system output wrong answers. Designing robust systems against adversarial perturbation in a certifiable manner is important, especially for security-related systems such as face recognition. However, most studies for certifiable robustness are about classifiers, which have quite different characteristics from recognition systems for verification; the former is used in the closed-set scenario, whereas the latter is used in the open-set scenario. In this study, we show that, similar to the image classifications, 1-Lipschitz condition is sufficient for certifiable robustness of the face recognition system. Furthermore, for the given pair of facial images, we derive the upper bound of adversarial perturbation where 1-Lipschitz face recognition system remains robust. At last, we find that this theoretical result should be carefully applied in practice; Applying a training method to typical face recognition systems results in a very small upper bound for adversarial perturbation. We address this by proposing an alternative training method to attain a certifiably robust face recognition system with large upper bounds. All these theoretical results are supported by experiments on proof-of-concept implementation. We released our source code to facilitate further study, which is available at github.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - 서울 자연과학대학 > 서울 수학과 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.