The privacy and security of face data on social media are facing unprecedented challenges as it is vulnerable to unauthorized access and identification. A common practice for solving this problem is to modify the original data so that it could be protected from being recognized by malicious face recognition (FR) systems. However, such ``adversarial examples'' obtained by existing methods usually suffer from low transferability and poor image quality, which severely limits the application of these methods in real-world scenarios. In this paper, we propose a 3D-Aware Adversarial Makeup Generation GAN (3DAM-GAN). which aims to improve the quality and transferability of synthetic makeup for identity information concealing. Specifically, a UV-based generator consisting of a novel Makeup Adjustment Module (MAM) and Makeup Transfer Module (MTM) is designed to render realistic and robust makeup with the aid of symmetric characteristics of human faces. Moreover, a makeup attack mechanism with an ensemble training strategy is proposed to boost the transferability of black-box models. Extensive experiment results on several benchmark datasets demonstrate that 3DAM-GAN could effectively protect faces against various FR models, including both publicly available state-of-the-art models and commercial face verification APIs, such as Face++, Baidu and Aliyun.

翻译：社交媒体上面部数据的隐私与安全正面临前所未有的挑战，因其易受未经授权的访问和身份识别。解决该问题的常见做法是修改原始数据，使其免受恶意人脸识别（FR）系统的识别。然而，现有方法获得的此类“对抗样本”通常存在迁移性低、图像质量差等问题，严重限制了这些方法在真实场景中的应用。本文提出一种三维感知对抗化妆生成生成对抗网络（3DAM-GAN），旨在提升用于身份信息隐藏的合成妆容的质量与迁移性。具体而言，我们设计了一种基于UV映射的生成器，包含新颖的妆容调整模块（MAM）和妆容迁移模块（MTM），借助人脸的对称特性生成逼真且鲁棒的妆容。此外，提出一种结合集成训练策略的妆容攻击机制，以增强对黑盒模型的迁移性。在多个基准数据集上的大量实验结果表明，3DAM-GAN能够有效保护面部免受多种FR模型的侵犯，包括公开的最先进模型以及Face++、百度、阿里云等商业人脸验证API。