Adversarial face examples possess two critical properties: Visual Quality and Transferability. However, existing approaches rarely address these properties simultaneously, leading to subpar results. To address this issue, we propose a novel adversarial attack technique known as Adversarial Restoration (AdvRestore), which enhances both visual quality and transferability of adversarial face examples by leveraging a face restoration prior. In our approach, we initially train a Restoration Latent Diffusion Model (RLDM) designed for face restoration. Subsequently, we employ the inference process of RLDM to generate adversarial face examples. The adversarial perturbations are applied to the intermediate features of RLDM. Additionally, by treating RLDM face restoration as a sibling task, the transferability of the generated adversarial face examples is further improved. Our experimental results validate the effectiveness of the proposed attack method.

翻译：对抗人脸样本具有两个关键特性：视觉质量与可迁移性。然而，现有方法很少同时兼顾这两个特性，导致效果欠佳。为解决这一问题，我们提出了一种新型对抗攻击技术——对抗修复（Adversarial Restoration, AdvRestore），通过利用人脸修复先验，同步增强对抗人脸样本的视觉质量与可迁移性。在该方法中，我们首先训练了一个专用于人脸修复的修复潜扩散模型（Restoration Latent Diffusion Model, RLDM）。随后，利用RLDM的推理过程生成对抗人脸样本，对抗扰动被施加于RLDM的中间特征。此外，通过将RLDM人脸修复视为关联任务，进一步提升了所生成对抗人脸样本的可迁移性。实验结果验证了所提攻击方法的有效性。