Ensuring the reliability of face recognition systems against presentation attacks necessitates the deployment of face anti-spoofing techniques. Despite considerable advancements in this domain, the ability of even the most state-of-the-art methods to defend against adversarial examples remains elusive. While several adversarial defense strategies have been proposed, they typically suffer from constrained practicability due to inevitable trade-offs between universality, effectiveness, and efficiency. To overcome these challenges, we thoroughly delve into the coupled relationship between adversarial detection and face anti-spoofing. Based on this, we propose a robust face anti-spoofing framework, namely AdvFAS, that leverages two coupled scores to accurately distinguish between correctly detected and wrongly detected face images. Extensive experiments demonstrate the effectiveness of our framework in a variety of settings, including different attacks, datasets, and backbones, meanwhile enjoying high accuracy on clean examples. Moreover, we successfully apply the proposed method to detect real-world adversarial examples.

翻译：确保人脸识别系统在呈现攻击下的可靠性需要部署人脸防欺骗技术。尽管该领域已取得显著进展，但即使是最先进的方法也难以抵御对抗样本的攻击能力。虽然已有多种对抗防御策略被提出，但由于通用性、有效性和效率之间不可避免的权衡，这些方法通常受限于实际应用的可操作性。为克服这些挑战，我们深入探究了对抗检测与人脸防欺骗之间的耦合关系。基于此，我们提出了一种鲁棒的人脸防欺骗框架——AdvFAS，利用两个耦合分数精确区分正确检测与错误检测的人脸图像。大量实验证明，该框架在不同攻击方式、数据集和骨干网络等多种场景下均具有效性，同时在高清样本上保持高准确率。此外，我们将所提方法成功应用于真实对抗样本的检测。