Variance Dichotomy in Feature Spaces of Facial Recognition Systems is a Weak Defense from Simple Weight Manipulation Attacks
Abstract: We show that several leading pretrained facial recognition systems exhibit a variance dichotomy in their feature space. In other words, the feature vectors approximately lie in a lower dimensional linear subspace. We demonstrate that this variance dichotomy degrades the performance of an otherwise powerful scheme for anonymity/unlinkability and confusion attacks on facial recognition system devised by Zehavi et al. (2024), which is based on simple weight manipulations in only the last hidden layer. Lastly, we propose a method for the attacker to overcome this intrinsic defense of these pretrained facial recognition systems.
Submission Length: Regular submission (no more than 12 pages of main content)
Changes Since Last Submission: We have revised our paper in response to the reviewers' helpful comments. The introduction has been substantially rewritten, and we have reorganized the order of sections. Additionally, we have added new figures to better illustrate our findings. Throughout the paper, we have made numerous edits to enhance clarity.
Assigned Action Editor: ~Sanghyun_Hong1
Submission Number: 4369
Loading