Face recognition (FR) systems powered by deep learning have become widely used in various applications. However, they are vulnerable to adversarial attacks, especially those based on local adversarial patches that can be physically applied to real-world objects. In this paper, we propose RADAP, a robust and adaptive defense mechanism against diverse adversarial patches in both closed-set and open-set FR systems. RADAP employs innovative techniques, such as FCutout and F-patch, which use Fourier space sampling masks to improve the occlusion robustness of the FR model and the performance of the patch segmenter. Moreover, we introduce an edge-aware binary cross-entropy (EBCE) loss function to enhance the accuracy of patch detection. We also present the split and fill (SAF) strategy, which is designed to counter the vulnerability of the patch segmenter to complete white-box adaptive attacks. We conduct comprehensive experiments to validate the effectiveness of RADAP, which shows significant improvements in defense performance against various adversarial patches, while maintaining clean accuracy higher than that of the undefended Vanilla model.

翻译：基于深度学习的 人脸识别（FR）系统已广泛应用于各类场景。然而，此类系统易受对抗攻击影响，尤其是可物理作用于现实物体的局部对抗补丁攻击。本文提出RADAP——一种针对闭集与开集FR系统中多样化对抗补丁的鲁棒自适应防御机制。RADAP采用Fourier空间采样掩膜等创新技术（如FCutout与F-patch），提升FR模型的遮挡鲁棒性与补丁分割器的性能。此外，我们引入边缘感知二元交叉熵（EBCE）损失函数以提高补丁检测精度，并提出分割填充（SAF）策略，旨在应对补丁分割器在完全白盒自适应攻击下的脆弱性。通过综合实验验证，RADAP在维持干净准确率高于未防御Vanilla模型的前提下，显著提升了针对多种对抗补丁的防御性能。