Adversarial face examples possess two critical properties: Visual Quality and Transferability. However, existing approaches rarely address these properties simultaneously, leading to subpar results. To address this issue, we propose a novel adversarial attack technique known as Adversarial Restoration (AdvRestore), which enhances both visual quality and transferability of adversarial face examples by leveraging a face restoration prior. In our approach, we initially train a Restoration Latent Diffusion Model (RLDM) designed for face restoration. Subsequently, we employ the inference process of RLDM to generate adversarial face examples. The adversarial perturbations are applied to the intermediate features of RLDM. Additionally, by treating RLDM face restoration as a sibling task, the transferability of the generated adversarial face examples is further improved. Our experimental results validate the effectiveness of the proposed attack method.

翻译：对抗性人脸样本具有两个关键特性：视觉质量与迁移性。然而，现有方法很少同时兼顾这两个特性，导致效果欠佳。为解决这一问题，我们提出一种新型对抗攻击技术——对抗修复（AdvRestore），该技术通过利用人脸修复先验，同时增强对抗性人脸样本的视觉质量与迁移性。具体方法中，我们首先训练一个专门用于人脸修复的修复潜在扩散模型（RLDM）。随后，利用RLDM的推理过程生成对抗性人脸样本，对抗扰动被施加于RLDM的中间特征。此外，通过将RLDM人脸修复视为一项辅助任务，进一步提升了所生成对抗性人脸样本的迁移性。实验结果验证了所提出攻击方法的有效性。