Although face recognition starts to play an important role in our daily life, we need to pay attention that data-driven face recognition vision systems are vulnerable to adversarial attacks. However, the current two categories of adversarial attacks, namely digital attacks and physical attacks both have drawbacks, with the former ones impractical and the latter one conspicuous, high-computational and inexecutable. To address the issues, we propose a practical, executable, inconspicuous and low computational adversarial attack based on LED illumination modulation. To fool the systems, the proposed attack generates imperceptible luminance changes to human eyes through fast intensity modulation of scene LED illumination and uses the rolling shutter effect of CMOS image sensors in face recognition systems to implant luminance information perturbation to the captured face images. In summary,we present a denial-of-service (DoS) attack for face detection and a dodging attack for face verification. We also evaluate their effectiveness against well-known face detection models, Dlib, MTCNN and RetinaFace , and face verification models, Dlib, FaceNet,and ArcFace.The extensive experiments show that the success rates of DoS attacks against face detection models reach 97.67%, 100%, and 100%, respectively, and the success rates of dodging attacks against all face verification models reach 100%.

翻译：尽管人脸识别已开始在我们的日常生活中发挥重要作用，但需注意数据驱动的人脸识别视觉系统易受对抗性攻击。然而，当前两类对抗性攻击——数字攻击与物理攻击——均存在缺陷：前者缺乏实用性，后者则具有显眼性、高计算成本及不可执行性。为解决上述问题，我们提出一种基于LED照度调制的实用、可执行、隐蔽且低计算成本的对抗性攻击。为欺骗系统，该攻击通过快速调制场景LED照度的强度，产生人眼无法察觉的亮度变化，并利用人脸识别系统中CMOS图像传感器的卷帘快门效应，将亮度信息扰动植入所捕获的人脸图像中。简而言之，我们针对人脸检测提出了一种拒绝服务攻击，针对人脸验证提出了一种躲避攻击。我们还评估了这些攻击在知名人脸检测模型Dlib、MTCNN和RetinaFace以及人脸验证模型Dlib、FaceNet和ArcFace上的有效性。大量实验表明：针对人脸检测模型的拒绝服务攻击成功率分别达到97.67%、100%和100%，而针对所有人脸验证模型的躲避攻击成功率均达到100%。