The physical attack has been regarded as a kind of threat against real-world computer vision systems. Still, many existing defense methods are only useful for small perturbations attacks and can't detect physical attacks effectively. In this paper, we propose a random-patch based defense strategy to robustly detect physical attacks for Face Recognition System (FRS). Different from mainstream defense methods which focus on building complex deep neural networks (DNN) to achieve high recognition rate on attacks, we introduce a patch based defense strategy to a standard DNN aiming to obtain robust detection models. Extensive experimental results on the employed datasets show the superiority of the proposed defense method on detecting white-box attacks and adaptive attacks which attack both FRS and the defense method. Additionally, due to the simpleness yet robustness of our method, it can be easily applied to the real world face recognition system and extended to other defense methods to boost the detection performance.

本文提出了一种基于随机贴片的防御策略来检测人脸识别系统的物理攻击，该方法相较深度神经网络在检测攻击方面具有更好的鲁棒性。实验结果表明该方法在检测白盒攻击和自适应攻击方面的性能均优于传统防御方法，并且其易于实现，可推广至其他防御方法以提高检测性能。

基于随机补丁的人脸识别系统物理攻击防御策略