The widespread deployment of Deep Learning-based Face Recognition Systems raises many security concerns. While prior research has identified backdoor vulnerabilities on isolated components, Backdoor Attacks on real-world, unconstrained pipelines remain underexplored. This SoK paper presents the first comprehensive system-level analysis and measurement of the impact of Backdoor Attacks on fully-fledged Face Recognition Systems. We combine the existing Supervised Learning backdoor literature targeting face detectors, face antispoofing, and face feature extractors to demonstrate a system-level vulnerability. By analyzing 20 pipeline configurations and 15 attack scenarios in a holistic manner, we reveal that an attacker only needs a single backdoored model to compromise an entire Face Recognition System. Finally, we discuss the impact of such attacks and propose best practices and countermeasures for stakeholders.
翻译:基于深度学习的人脸识别系统广泛部署引发了诸多安全隐患。尽管先前研究已识别出孤立组件中的后门漏洞,但针对现实世界无约束流程的后门攻击仍缺乏深入探索。本系统化知识论文首次对后门攻击在完整人脸识别系统中的影响进行了全面的系统级分析与量化评估。我们整合了现有针对人脸检测器、人脸活体检测和人脸特征提取器的监督学习后门研究,揭示了系统级漏洞。通过对20种流程配置和15种攻击场景进行整体分析,我们发现攻击者仅需植入单个后门模型即可危及整个人脸识别系统。最后,我们讨论了此类攻击的影响,并为相关利益方提出了最佳实践方案与防御对策。