Skip to main content
SpringerLink
Log in

Artificial Immune System of Secure Face Recognition Against Adversarial Attacks

  • Published:
International Journal of Computer Vision Aims and scope Submit manuscript

Abstract

Deep learning-based face recognition models are vulnerable to adversarial attacks. In contrast to general noises, the presence of imperceptible adversarial noises can lead to catastrophic errors in deep face recognition models. The primary difference between adversarial noise and general noise lies in its specificity. Adversarial attack methods give rise to noises tailored to the characteristics of the individual image and recognition model at hand. Diverse samples and recognition models can engender specific adversarial noise patterns, which pose significant challenges for adversarial defense. Addressing this challenge in the realm of face recognition presents a more formidable endeavor due to the inherent nature of face recognition as an open set task. In order to tackle this challenge, it is imperative to employ customized processing for each individual input sample. Drawing inspiration from the biological immune system, which can identify and respond to various threats, this paper aims to create an artificial immune system to provide adversarial defense for face recognition. The proposed defense model incorporates the principles of antibody cloning, mutation, selection, and memory mechanisms to generate a distinct “antibody” for each input sample, wherein the term “antibody” refers to a specialized noise removal manner. Furthermore, we introduce a self-supervised adversarial training mechanism that serves as a simulated rehearsal of immune system invasions. Extensive experimental results demonstrate the efficacy of the proposed method, surpassing state-of-the-art adversarial defense methods. The source code is available here, or you can visit this website: https://github.com/RenMin1991/SIDE

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Data Availibility

The data that support the findings of this study are available in Large-scale CelebFaces Attributes (CelebA) Dataset: https://mmlab.ie.cuhk.edu.hk/projects/CelebA.html, Labeled Faces in the Wild: http://vis-www.cs.umass.edu/lfw/, and MegaFace Dataset: http://megaface.cs.washington.edu/dataset/download.html.

Notes

  1. http://vis-www.cs.umass.edu/lfw/pairs.txt.

References

  • Aamir, M., Salman, K., Munawar, H., Roland, G., Jianbing, S., & Ling, S. (2019). Adversarial defense by restricting the hidden space of deep neural networks. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 3385–3394).

  • Aleksander, M., Aleksandar, M., Ludwig, S., Dimitris, T., & Adrian, V. (2018). Towards deep learning models resistant to adversarial attacks. In Proceedings of the international conference on learning representations.

  • Bai, Y., Feng, Y., Wang, Y., Dai, T., Xia, S.-T., & Jiang, Y. (2019). Hilbert-based generative defense for adversarial examples. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 4784–4793).

  • Burnet, F. M. (1957). A modification of Jerne’s theory of antibody production using the concept of clonal selection. The Australian Journal of Science, 20, 67–69.

    Google Scholar 

  • Chandrasekaran, M., Asokan, P., Kumanan, S., Balamurugan, T., & Nickolas, S. (2006). Solving job shop scheduling problems using artificial immune system. The International Journal of Advanced Manufacturing Technology, 31(5–6), 580–593.

    Article  Google Scholar 

  • Chaoning, Z., Philipp, B., Adil, K., & So, K. I. (2021). Data-free universal adversarial perturbation and black-box attack. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 7868–7877).

  • Chuan, G., Mayank, R., Moustapha, C., & Laurens, V. D. M. (2017). Countering adversarial images using input transformations. arXiv:1711.00117

  • Cutello, V., Nicosia, G., Pavone, M., & Timmis, J. (2007). An immune algorithm for protein structure prediction on lattice models. IEEE Transactions on Evolutionary Computation, 11(1), 101–117.

    Article  Google Scholar 

  • Das, N., Shanbhogue, M., Chen, S. T., Hohman, F., Chen, L., Kounavis, M. E., & Chau, D. H. (2017). Keeping the bad guys out: Protecting and vaccinating deep learning with jpeg compression. arXiv:1705.02900

  • Deng, J., Guo, J., Xue, N., & Zafeiriou, S. (2018). ArcFace: Additive angular margin loss for deep face recognition. arXiv:1801.07698

  • Dolatabadi, H. M., Erfani, S. M., & Leckie, C. (2023). Adversarial coreset selection for efficient robust training. International Journal of Computer Vision, 131(12), 3307–3331.

    Article  Google Scholar 

  • Dong, Y., Su, H., Wu, B., Li, Z., Liu, W., Zhang, T., & Zhu, J. (2019). Efficient decision-based black-box adversarial attacks on face recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 7714–7722).

  • Duong, C. N., Quach, K. G., Jalata, I., Le, N., & Luu, K. (2019). MobiFace: A lightweight deep learning face recognition on mobile devices. In IEEE 10th international conference on biometrics theory, applications and systems (pp. 1–6). IEEE.

  • Florian, T., Alexey, K., Nicolas, P., Ian, G., Dan, B., & Patrick, M. (2018). Ensemble adversarial training: Attacks and defenses. In: Proceedings of the international conference on learning representations.

  • Gaojie, J., Xinping, Y., Dengyu, W., Ronghui, M., & Xiaowei, H. (2023). Randomized adversarial training via Taylor expansion. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 16447–16457).

  • George, C., Calvin, M., & Simon, L. (2021). Architectural adversarial robustness: The case for deep pursuit. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 7150–7158).

  • Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv:1412.6572

  • Gupta, P., & Rahtu, E. (2019). Ciidefence: Defeating adversarial attacks by fusing class-specific image inpainting and image denoising. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 6708–6717).

  • Hao-Yun, C., Jhao-Hong, L., Shih-Chieh, C., Jia-Yu, P., Yu-Ting, C., Wei, W., & Da-Cheng, J. (2019). Improving adversarial robustness via guided complement entropy. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 4881–4889).

  • He, K., Gkioxari, G., Dollár, P., & Girshick, R. (2017). Mask R-CNN. In Proceedings of the IEEE international conference on computer vision (pp. 2961–2969).

  • He, K., Zhang, X., Ren, S., & Sun, J. (2016). Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 770–778).

  • Heng-Jie L. I., Hao, X.-H., & Zhang, L. (2008). Clonal selection algorithm for multi-objective optimization. Science Technology & Engineering, 453–482.

  • Hu, J., Shen, L., Albanie, S., Sun, G., & Wu, E. (2018). Squeeze-and-excitation networks. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 7132–7141).

  • Huang, G. B., Mattar, M., Berg, T., & Eric, L.-M. (2008). Labeled faces in the wild: A database for studying face recognition in unconstrained environments. In Workshop on faces in ’Real-Life’ images: Detection, alignment, and recognition.

  • Huang, G., Liu, Z., Maaten, L., & Weinberger, K. Q. (2017). Densely connected convolutional networks. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 4700–4708).

  • Hyeungill, L., Sungyeob, H., & Jungwoo, L. (2017). Generative adversarial trainer: Defense to adversarial perturbations with GAN. arXiv:1705.03387

  • Jiawei, S., Vasconcellos, V. D., & Kouichi, S. (2019). One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5), 828–841.

    Article  Google Scholar 

  • Kaiming, H., Haoqi, F., Yuxin, W., Saining, X., & Ross, G. (2020). Momentum contrast for unsupervised visual representation learning. In IEEE/CVF conference on computer vision and pattern recognition.

  • Kemelmacher-Shlizerman, I., Seitz, S. M., Miller, D., & Brossard, E. (2016). The MegaFace benchmark: 1 million faces for recognition at scale. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 4873–4882).

  • Komkov, S., & Petiushko, A. (2021a). AdvHat: Real-world adversarial attack on ArcFace face id system. In 2020 25th international conference on pattern recognition (ICPR) (pp. 819–826). IEEE.

  • Komkov, S., & Petiushko, A. (2021b). AdvHat: Real-world adversarial attack on ArcFace face id system. In Proceedings of the international conference on pattern recognition.

  • Krizhevsky, A., Sutskever, I., & Hinton, G. E. (2012). ImageNet classification with deep convolutional neural networks. Advances in Neural Information Processing Systems, 25, 1097–1105.

    Google Scholar 

  • Kurakin, A., Goodfellow, I., & Bengio, S. (2017). Adversarial machine learning at scale. In Proceedings of the international conference on learning representations.

  • LeCun, Y., Bottou, L., Bengio, Y., & Haffner, P. (1998). Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11), 2278–2324.

    Article  Google Scholar 

  • Lei, H., Yun-Yun, T., Pin-Yu, C., & Tsung-Yi, H. (2023). Towards compositional adversarial robustness: Generalizing adversarial training to composite semantic perturbations. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 24658–24667).

  • Li, Z., Yin, B., Yao, T., Guo, J., Ding, S., Chen, S., & Liu, C. (2023). Sibling-attack: Rethinking transferable adversarial attacks against face recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 24626–24637).

  • Liang, K., & Xiao, B. (2023). Styless: Boosting the transferability of adversarial examples. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 8163–8172).

  • Liao, F., Liang, M., Dong, Y., Pang, T., Hu, X., & Zhu, J. (2018). Defense against adversarial attacks using high-level representation guided denoiser. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 1778–1787).

  • Liu, A., Tang, S., Liu, X., Chen, X., Huang, L., Tu, Z., Song, D., & Tao, D. (2023). Towards defending multiple adversarial perturbations via gated batch normalization. International Journal of Computer Vision.

  • Liu, W., Wen, Y., Yu, Z., Li, M., Raj, B., & Song, L. (2017). Sphereface: Deep hypersphere embedding for face recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 212–220).

  • Liu, Z., Xu, Y., Ji, X., & Chan, A. B. (2023). Twins: A fine-tuning framework for improved transferability of adversarial robustness and generalization. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 16436–16446).

  • Long, J., Shelhamer, E., & Darrell, T. (2015). Fully convolutional networks for semantic segmentation. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 3431–3440).

  • Mazda, M., & Soheil, F. (2021). Sample efficient detection and classification of adversarial attacks via self-supervised embeddings. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 7677–7686).

  • Meng, D., & Chen, H. (2017). Magnet: a two-pronged defense against adversarial examples. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (pp. 135–147).

  • Min, R., Yuhao, Z., Yunlong, W., & Zhenan, S. (2022). Perturbation inactivation based adversarial defense for face recognition. IEEE Transactions on Information Forensics and Security, 17, 2947–2962.

    Article  Google Scholar 

  • Min, R., Yunlong, W., Yuhao, Z., Kunbo, Z., & Zhenan, S. (2023). Multiscale dynamic graph representation for biometric recognition with occlusions. IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(12), 15120–15136.

    Article  Google Scholar 

  • Moosavi-Dezfooli, S. M., Fawzi, A., Fawzi, O., & Frossard, P. (2014). Universal adversarial perturbations. In Proceedings of the IEEE conference on computer vision and pattern recognition.

  • Moosavi-Dezfooli, S.-M., Shrivastava, A., & Tuzel, O. (2018). Divide, denoise, and defend against adversarial attacks. arXiv:1802.06806

  • Nicholas, C., David, & W. (2017). Towards evaluating the robustness of neural networks. In 2017 IEEE symposium on security and privacy (SP) (pp. 39–57). IEEE.

  • Nicolas, P., Patrick, M., Xi, W., Somesh, J., & Ananthram, S. (2016). Distillation as a defense to adversarial perturbations against deep neural networks. In 2016 IEEE symposium on security and privacy (SP) (pp. 582–597). IEEE

  • Nunes, D. C. L., & Jonathan, T. (2002). Artificial immune systems: A new computational intelligence approach. Springer.

  • Peilan, L. T. X. (2019). A clonal selection algorithm for dynamic multimodal function optimization. Swarm and Evolutionary Computation, 50, 100459.

    Article  Google Scholar 

  • Qian, L., Yuxiao, H., Ye, L., Dongxiao, Z., Xin, J., & Yuntian, C. (2023). Discrete point-wise attack is not enough: Generalized manifold adversarial attack for face recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 20575–20584).

  • Redmon, J., Divvala, S., Girshick, R., & Farhadi, A. (2016). You only look once: Unified, real-time object detection. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 779–788).

  • Ren, M., Wang, Y., Sun, Z., & Tan, T. (2020). Dynamic graph representation for occlusion handling in biometrics. In Proceedings of the AAAI conference on artificial intelligence (pp. 11940–11947).

  • Ren, S., He, K., Girshick, R., & Sun, J. (2015). Faster R-CNN: Towards real-time object detection with region proposal networks. Advances in Neural Information Processing Systems, 28, 91–99.

    Google Scholar 

  • Ronneberger, O., Fischer, P., & Brox, T. (2015). U-net: Convolutional networks for biomedical image segmentation. In Medical image computing and computer-assisted intervention–MICCAI 2015: 18th international conference, Munich, Germany, October 5–9, 2015, Proceedings, Part III 18 (pp. 234–241). Springer.

  • Ross, A. S., & Doshi-Velez, F. (2018). Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. In: Proceedings of the thirty-second AAAI conference on artificial intelligence and thirtieth innovative applications of artificial intelligence conference.

  • Schroff, F., Kalenichenko, D., & Philbin, J. (2015). Facenet: A unified embedding for face recognition and clustering. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition.

  • Seyed-Mohsen, M.-D., Alhussein, F., & Pascal, F. (2016). DeepFool: A simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 2574–2582).

  • Shao, R., Perera, P., Yuen, P. C., & Patel, V. M. (2022). Open-set adversarial defense with clean-adversarial mutual learning. International Journal of Computer Vision, 130(4), 1070–1087.

    Article  Google Scholar 

  • Sharif, M., Bhagavatula, S., Bauer, L., & Reiter, M. K. (2016). Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1528–1540).

  • Simonyan, K., & Zisserman, A. (2015). Very deep convolutional networks for large-scale image recognition. In Proceedings of the international conference on learning representations (pp. 1–10).

  • Song, Y., Kim, T., Nowozin, S., Ermon, S., & Kushman, N. (2017). PixelDefend: Leveraging generative models to understand and defend against adversarial examples. arXiv:1710.10766

  • Sun, B., Tsai, N.-h., Liu, F., Yu, R., & Su, H. (2019). Adversarial defense by stratified convolutional sparse coding. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 11447–11456).

  • Sun, Y., Wang, X., & Tang, X. (2014). Deep learning face representation from predicting 10,000 classes. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition.

  • Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Erhan, D., Vanhoucke, V., & Rabinovich, A. (2015). Going deeper with convolutions. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 1–9).

  • Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks.

  • Taesik, N., Hwan, K. J., & Saibal, M. (2018). Cascade adversarial machine learning regularized with a unified embedding. In Proceedings of the international conference on learning representations.

  • Taigman, Y., Yang, M., Ranzato, M., & Wolf, L. (2014). Deepface: Closing the gap to human-level performance in face verification. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition.

  • Transferable Adversarial LFW. http://www.whdeng.cn/TALFW/index.html

  • Turk, M. A., & Pentland, A. P. (1991). Face recognition using eigenfaces. In Proceedings. 1991 IEEE computer society conference on computer vision and pattern recognition (pp. 586–587). IEEE Computer Society.

  • Wang, H., Wang, Y., Zhou, Z., Ji, X., Li, Z., Gong, D., Zhou, J., & Liu, W. (2018). Cosface: Large margin cosine loss for deep face recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 5265–5274).

  • Wang, Z., Guo, H., Zhang, Z., Liu, W., Qin, Z., & Ren, K. (2021). Feature importance-aware transferable adversarial attacks. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 7639–7648).

  • Wang, Z., Yang, H., Feng, Y., Sun, P., Guo, H., Zhang, Z., & Ren, K. (2023). Towards transferable targeted adversarial examples. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 20534–20543).

  • Wei, X., Yu, J., & Huang, Y. (2023). Infrared adversarial patches with learnable shapes and locations in the physical world. International Journal of Computer Vision, 132, 1–17.

    Google Scholar 

  • Wu, X., He, R., Sun, Z., & Tan, T. (2018). A light CNN for deep face representation with noisy labels. IEEE Transactions on Information Forensics and Security, 13, 2884–2896.

    Article  Google Scholar 

  • Xiaoyu, C., & Zhenqiang, G. N. (2017). Mitigating evasion attacks to deep neural networks via region-based classification. In Proceedings of the 33rd annual computer security applications conference (pp. 278–287).

  • Xie, C., Wu, Y., Maaten, L. v. d., Yuille, A. L., & He, K. (2019). Feature denoising for improving adversarial robustness. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 501–509).

  • Yang, X., Liu, C., Xu, L., Wang, Y., Dong, Y., Chen, N., Su, H., & Zhu, J. (2023). Towards effective adversarial textured 3D meshes on physical face recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 4119–4128).

  • Yaoyao, Z., & Weihong, D. (2019). Adversarial learning with margin-based triplet embedding regularization. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 6549–6558).

  • Yuan, Z., Zhang, J., Jia, Y., Tan, C., Xue, T., & Shan, S. (2021). Meta gradient adversarial attack. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 7748–7757).

  • Yuhao, Z., Min, R., Hui, J., Linlin, D., Zhenan, S., & Ping, L. (2023). Joint holistic and masked face recognition. IEEE Transactions on Information Forensics and Security, 18, 3388–3400.

    Article  Google Scholar 

  • Yunseok, J., Tianchen, Z., Seunghoon, H., & Honglak, L. (2019). Adversarial defense via learning to generate diverse attacks. In Proceedings of the IEEE/CVF international conference on computer vision (pp 2740–2749).

  • Zhang, J., Huang, J.-t., Wang, W., Li, Y., Wu, W., Wang, X., Su, Y., & Lyu, M. R. (2023). Improving the transferability of adversarial samples by path-augmented method. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 8173–8182).

  • Zhang, J., Huang, Y., Wu, W., & Lyu, M. R. (2023). Transferable adversarial attacks on vision transformers with token gradient regularization. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 16415–16424).

  • Zhang, Y., Hou, J., & Yuan, Y. (2023). A comprehensive study of the robustness for lidar-based 3d object detectors against adversarial attacks. International Journal of Computer Vision, 132, 1–33.

    Google Scholar 

  • Zheng, Z., Zheng, L., Yang, Y., & Wu, F. (2023). U-turn: Crafting adversarial queries with opposite-direction features. International Journal of Computer Vision, 131(4), 835–854.

    Article  Google Scholar 

  • Zhezhi, H., Siraj, R. A., & Deliang, F. (2019). Parametric noise injection: Trainable randomness to improve deep neural network robustness against adversarial attack. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 588–597).

  • Zhong, Y., & Deng, W. (2020). Towards transferable adversarial attack against deep face recognition. IEEE Transactions on Information Forensics and Security, 16, 1452–1466.

    Article  Google Scholar 

  • Zhou, D., Wang, N., Peng, C., Gao, X., Wang, X., Yu, J., & Liu, T. (2021). Removing adversarial noise in class activation feature space. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 7878–7887).

  • Zhu, Z.-A., Lu, Y.-Z., & Chiang, C.-K. (2019). Generating adversarial examples by makeup attacks on face recognition. In 2019 IEEE international conference on image processing (ICIP) (pp. 2516–2520).

  • Ziwei, L., Ping, L., Xiaogang, W., & Xiaoou, T. (2015). Deep learning face attributes in the wild. In Proceedings of international conference on computer vision.

Download references

Acknowledgements

The authors would like to thank the associate editor and the reviewers for their valuable comments and advices.

Funding

This work is jointly supported by the National Key Research and Development Program of China (2022YFC3310400), the China Postdoctoral Science Foundation (BX20230044, 2023M730290), the National Natural Science Foundation of China (62276025, U23B2054, 62276263), and the Shenzhen Technology Plan Program (KQTD20170331093217368).

Author information

Author notes

  1. Min Ren and Yunlong Wang have contributed equally to this work.

Authors and Affiliations

  1. School of Artificial Intelligence, Beijing Normal University, Beijing, China

    Min Ren & Yongzhen Huang

  2. State Key Laboratory of Multimodal Artificial Intelligence Systems (MAIS), Institute of Automation, Chinese Academy of Sciences, Beijing, China

    Yunlong Wang, Zhenan Sun, Qi Li & Tieniu Tan

  3. Postgraduate Department, China Academy of Railway Sciences, Beijing, China

    Yuhao Zhu

Authors
  1. Min Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yunlong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuhao Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yongzhen Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhenan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Qi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Tieniu Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yongzhen Huang.

Additional information

Communicated by Segio Escalera.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ren, M., Wang, Y., Zhu, Y. et al. Artificial Immune System of Secure Face Recognition Against Adversarial Attacks. Int J Comput Vis (2024). https://doi.org/10.1007/s11263-024-02153-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11263-024-02153-0

Keywords

Search

Navigation