Adversarial attacks have become an important direction in the research of their security by generating adversarial samples or physically interfering to deceive face recognition systems. This study compares the two methods of digital and physical attacks, aiming to evaluate their effects and differences in practical applications. In this paper, the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) methods are used to generate antagonistic samples, and physical attacks are simulated by adding eyeglasses stickers in the digital environment. The experimental results show that the FGSM and PGD attacks reduce the model accuracy from 97.70% to 42.45% and 21.58%, respectively, while the physical attack causes the accuracy to drop to 71.25% by adding eyeglasses stickers, which verifies that the adversarial attack is a significant threat to the face recognition system. These findings explain the potential threat of adversarial attacks on face recognition systems and can provide an important basis for improving system security.
T. Ma (Wed,) studied this question.