Abstract
In this paper, we tackle the challenge of white-box false positive adversarial attacks on contrastive loss-based offline handwritten signature verification models. We propose a novel attack method that treats the attack as a style transfer between closely related but distinct writing styles. To guide the generation of deceptive images, we introduce two new loss functions that enhance the attack success rate by perturbing the Euclidean distance between the embedding vectors of the original and synthesized samples, while ensuring minimal perturbations by reducing the difference between the generated image and the original image. Our method demonstrates state-of-the-art performance in white-box attacks on contrastive loss-based offline handwritten signature verification models, as evidenced by our experiments. The key contributions of this paper include a novel false positive attack method, two new loss functions, effective style transfer in handwriting styles, and superior performance in white-box false positive attacks compared to other white-box attack methods.
Abstract (translated)
在本文中,我们解决了白色盒中对基于对比度损失的 offline 手写签名验证模型的对抗攻击挑战。我们提出了一种新的攻击方法,将其视为 closely related but distinct 写作风格的风格转移。为了指导生成欺骗性图像,我们引入了两个新的损失函数,通过改变原始和合成样本的嵌入向量之间的欧几里得距离,提高了攻击成功的概率,同时通过减少生成图像和原始图像之间的差异,确保了最小化干扰。我们的方法证明了在白色盒对基于对比度损失的 offline 手写签名验证模型的对抗攻击中最先进的性能,我们的实验证据表明。本文的关键贡献包括一种新的 False positive 攻击方法、两个新的损失函数、手写风格的有效风格转移,以及与其他白色盒攻击方法相比,在白色盒 False positive 攻击中表现出更好的性能。
URL
https://arxiv.org/abs/2308.08925