Face authentication systems have brought significant convenience and advanced developments, yet they have become unreliable due to their sensitivity to inconspicuous perturbations, such as adversarial attacks. Existing defenses often exhibit weaknesses when facing various attack algorithms and adaptive attacks or compromise accuracy for enhanced security. To address these challenges, we have developed a novel and highly efficient non-deep-learning-based image filter called the Iterative Window Mean Filter (IWMF) and proposed a new framework for adversarial purification, named IWMF-Diff, which integrates IWMF and denoising diffusion models. These methods can function as pre-processing modules to eliminate adversarial perturbations without necessitating further modifications or retraining of the target system. We demonstrate that our proposed methodologies fulfill four critical requirements: preserved accuracy, improved security, generalizability to various threats in different settings, and better resistance to adaptive attacks. This performance surpasses that of the state-of-the-art adversarial purification method, DiffPure.

翻译：人脸认证系统带来了显著的便利和先进发展，但由于其对不易察觉的扰动（如对抗攻击）的敏感性，已变得不可靠。现有防御方法在面对各种攻击算法和自适应攻击时往往表现出弱点，或为增强安全性而牺牲准确性。为应对这些挑战，我们开发了一种新颖且高效的非深度学习图像滤波器，称为迭代窗口均值滤波（IWMF），并提出了一种新的对抗净化框架，命名为IWMF-Diff，该框架集成了IWMF和去噪扩散模型。这些方法可作为预处理模块，消除对抗扰动，而无需对目标系统进行进一步修改或重新训练。我们证明，我们提出的方法满足四个关键要求：保持准确性、提高安全性、对不同设置下的各种威胁具有泛化能力，以及对自适应攻击具有更强的抵抗力。该性能超越了最先进的对抗净化方法DiffPure。