Face recognition (FR) technology plays a crucial role in various applications, but its vulnerability to adversarial attacks poses significant security concerns. Existing research primarily focuses on transferability to different FR models, overlooking the direct transferability to victim's face images, which is a practical threat in real-world scenarios. In this study, we propose a novel adversarial attack method that considers both the transferability to the FR model and the victim's face image, called NeRFTAP. Leveraging NeRF-based 3D-GAN, we generate new view face images for the source and target subjects to enhance transferability of adversarial patches. We introduce a style consistency loss to ensure the visual similarity between the adversarial UV map and the target UV map under a 0-1 mask, enhancing the effectiveness and naturalness of the generated adversarial face images. Extensive experiments and evaluations on various FR models demonstrate the superiority of our approach over existing attack techniques. Our work provides valuable insights for enhancing the robustness of FR systems in practical adversarial settings.

翻译：人脸识别技术在各类应用中发挥着关键作用，但其对对抗攻击的脆弱性引发了重大安全隐患。现有研究主要关注对不同人脸识别模型的可迁移性，却忽略了向受害者人脸图像的直接可迁移性——这一真实场景中的实际威胁。本研究提出了一种兼顾人脸识别模型与受害者人脸图像可迁移性的新型对抗攻击方法，名为NeRFTAP。通过利用基于NeRF的3D-GAN，我们为源对象和目标对象生成新视角人脸图像，以增强对抗补丁的可迁移性。我们引入风格一致性损失函数，确保在0-1掩码下对抗UV图与目标UV图之间的视觉相似性，从而提升生成对抗人脸图像的有效性与自然度。针对多种人脸识别模型的广泛实验与评估表明，我们的方法相较现有攻击技术具有显著优势。本研究为在实际对抗场景中增强人脸识别系统的鲁棒性提供了重要见解。