In this work, we investigate the potential threat of adversarial examples to the security of face recognition systems. Although previous research has explored the adversarial risk to individual components of FRSs, our study presents an initial exploration of an adversary simultaneously fooling multiple components: the face detector and feature extractor in an FRS pipeline. We propose three multi-objective attacks on FRSs and demonstrate their effectiveness through a preliminary experimental analysis on a target system. Our attacks achieved up to 100% Attack Success Rates against both the face detector and feature extractor and were able to manipulate the face detection probability by up to 50% depending on the adversarial objective. This research identifies and examines novel attack vectors against FRSs and suggests possible ways to augment the robustness by leveraging the attack vector's knowledge during training of an FRS's components.

翻译：本文研究了对抗样本对人脸识别系统安全的潜在威胁。尽管已有研究探讨了对抗风险对FRS各独立组件的影响，但本研究首次探索了攻击者同时欺骗多个组件（即FRS流水线中的人脸检测器与特征提取器）的可能性。我们提出了三种针对FRS的多目标攻击方法，并通过目标系统的初步实验分析验证了其有效性。所提攻击对人脸检测器和特征提取器的攻击成功率最高可达100%，且能根据对抗目标将人脸检测概率操纵高达50%。本研究识别并分析了针对FRS的新型攻击向量，同时提出通过在FRS组件训练过程中利用攻击向量知识来增强系统鲁棒性的可能途径。