Towards Certifiably Robust Face Recognition: Analyses and Improvements
- Authors
- Paik, Seunghun; Kim, Dongsoo; Hwang, Chanwoo; Kim, Sunpill; Seo, Jae Hong
- Issue Date
- Mar-2026
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Robustness; Accuracy; Perturbation methods; Face recognition; Training; Neural networks; Image classification; Noise; Analytical models; Smoothing methods; Adversarial robustness; certifiable robustness; face recognition
- Citation
- IEEE TRANSACTIONS ON BIOMETRICS, BEHAVIOR, AND IDENTITY SCIENCE, v.8, no.2, pp 255 - 269
- Pages
- 15
- Indexed
- SCOPUS
ESCI
- Journal Title
- IEEE TRANSACTIONS ON BIOMETRICS, BEHAVIOR, AND IDENTITY SCIENCE
- Volume
- 8
- Number
- 2
- Start Page
- 255
- End Page
- 269
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/214308
- DOI
- 10.1109/TBIOM.2025.3644396
- ISSN
- 2637-6407
2637-6407
- Abstract
- Adversarial perturbations have been one of the most notable threats against the safe and trustworthy applications of deep learning. For security-critical applications, e.g., face recognition (FR), the importance of a theoretically robust defense against adversarial perturbations has been spotlighted. Certifiable robustness aims to defend against adversarial perturbations in a provable manner, and several studies have been conducted to achieve certifiable robustness in various domains. However, most existing studies for certifiable robustness are about classifiers, and adapting their techniques for FR is a non-trivial problem. In this study, we show that, similar to the image classifications, the 1-Lipschitz condition is sufficient for certifiable robustness of the face recognition system against any ℓ<inf>p</inf> norm adversaries for p ∈ N∪{∞}. In addition, we investigate the trade-off between accuracy drop and certifiable robustness in 1-Lipschitz FR models, and propose several techniques to reconcile such a trade-off. We conduct extensive theoretical and experimental analyses on our findings. Notably, our techniques improve the standard (certifiably robust, resp.) accuracy by 6.98% (at most 13.35%, resp.) in the LFW benchmark against ℓ<inf>2</inf> norm adversaries compared to accuracies without them.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 자연과학대학 > 서울 수학과 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.