Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Towards Certifiably Robust Face Recognition: Analyses and Improvements

Authors
Paik, SeunghunKim, DongsooHwang, ChanwooKim, SunpillSeo, Jae Hong
Issue Date
Mar-2026
Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Keywords
Robustness; Accuracy; Perturbation methods; Face recognition; Training; Neural networks; Image classification; Noise; Analytical models; Smoothing methods; Adversarial robustness; certifiable robustness; face recognition
Citation
IEEE TRANSACTIONS ON BIOMETRICS, BEHAVIOR, AND IDENTITY SCIENCE, v.8, no.2, pp 255 - 269
Pages
15
Indexed
SCOPUS
ESCI
Journal Title
IEEE TRANSACTIONS ON BIOMETRICS, BEHAVIOR, AND IDENTITY SCIENCE
Volume
8
Number
2
Start Page
255
End Page
269
URI
https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/214308
DOI
10.1109/TBIOM.2025.3644396
ISSN
2637-6407
2637-6407
Abstract
Adversarial perturbations have been one of the most notable threats against the safe and trustworthy applications of deep learning. For security-critical applications, e.g., face recognition (FR), the importance of a theoretically robust defense against adversarial perturbations has been spotlighted. Certifiable robustness aims to defend against adversarial perturbations in a provable manner, and several studies have been conducted to achieve certifiable robustness in various domains. However, most existing studies for certifiable robustness are about classifiers, and adapting their techniques for FR is a non-trivial problem. In this study, we show that, similar to the image classifications, the 1-Lipschitz condition is sufficient for certifiable robustness of the face recognition system against any ℓ<inf>p</inf> norm adversaries for p ∈ N∪{∞}. In addition, we investigate the trade-off between accuracy drop and certifiable robustness in 1-Lipschitz FR models, and propose several techniques to reconcile such a trade-off. We conduct extensive theoretical and experimental analyses on our findings. Notably, our techniques improve the standard (certifiably robust, resp.) accuracy by 6.98% (at most 13.35%, resp.) in the LFW benchmark against ℓ<inf>2</inf> norm adversaries compared to accuracies without them.
Files in This Item
Go to Link
Appears in
Collections
서울 자연과학대학 > 서울 수학과 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Seo, Jae Hong photo

Seo, Jae Hong
COLLEGE OF NATURAL SCIENCES (DEPARTMENT OF MATHEMATICS)
Read more

Altmetrics

Total Views & Downloads

BROWSE