Template Inversion Attack Against Face Recognition Systems in Smart Cities with a Tiny Dataset

Document Type

Article

Publication Date

6-24-2025

Department

Department of Computer Science

Abstract

In smart cities, face recognition (FR) systems are ubiquitous and they have been extensively used for public safety, traffic management, and other smart services. An FR system usually stores a facial template (i.e., facial feature extracted from face images of enrolled users) dataset and uses it for face recognition. Recent work has shown that FR systems are vulnerable to template inversion (TI) attacks, in which the adversary (who accesses the template dataset) can train a machine learning (ML) model to reconstruct face images from their corresponding templates. However, when only a tiny surrogate dataset is available, these prior learning-based TI attacks fail to achieve good attack performance. To address this issue, we design an Image-Template-Guided GAN (ITGGAN) which can be trained with the guide of face images (in the tiny surrogate dataset) and available templates. ITGGAN can be used to generate a massive number of diversified images, which helps to train a high-quality TI network to launch TI attacks. Additionally, we develop an interactive training strategy where the ITGGAN and the TI network are trained alternately. Applying this strategy, higher diversified images can be used to train the TI network, thereby continuously boosting the attack performance. Our experimental results show that, compared with prior TI attacks, the proposed TI attack achieves the highest ASR (over 99 %) with only 1,000 training samples across four different FR systems and two face datasets.

Publication Title

2024 20th International Conference on Mobility, Sensing and Networking (MSN)

Link to Full Text

Share

COinS