Abstract
With the increasing demand for reliable face mask detection systems during the COVID-19 pandemic, deep learning (DL) and machine learning (ML) algorithms have been widely used. However, these models are vulnerable to adversarial attacks, which pose a significant challenge to their reliability. This study investigates the susceptibility of a DL-based face mask detection model to a black box adversarial attack using a substitute model approach. A transfer learning-based face mask detection model is employed as the target model, while a CNN model acts as the substitute model for generating adversarial examples. The experiment is conducted under the assumption of a black-box attack, where attackers have limited access to the target model’s architecture and gradients but access to training data. The results demonstrate the successful reduction of the face mask detection model’s classification accuracy from 97.18% to 46.52% through the black-box adversarial attack, highlighting the vulnerability of current face mask detection methods to such attacks. These findings underscore the need for robust defense measures to be implemented in face mask detection systems to ensure their reliability in practical applications.
Similar content being viewed by others
Data availability
The datasets generated during and/or analyzed during the current study are available in the KAGGLE repository, https://www.kaggle.com/datasets/shiekhburhan/face-mask-dataset
The code generated during and/or analyzed during the current study is available from the corresponding author upon reasonable request.
References
Ahmad M, Khursheed F (2022) A novel image tamper detection approach by blending forensic tools and optimized CNN: Sealion customized firefly algorithm. Multimed Tools Appl 81(2):2577–2601
Ahmad M, Khursheed F (2022) Detection and localization of image tampering in digital images with fused features. Concurr Comput Pract Exp 34:7191
Alrashed S, Min-Allah N, Ali I, Mehmood R (2022) COVID-19 outbreak and the role of digital twin. Multimed Tools Appl 81(19):26857–26871. https://doi.org/10.1007/s11042-021-11664-8
Bania RK (2023) Ensemble of deep transfer learning models for real-time automatic detection of face mask. Multimed Tools Appl 82:25131–25153. https://doi.org/10.1007/s11042-023-14408-y
Chen PY, Zhang H, Sharma Y, Yi J, Hsieh CJ (2017, November 3) ZOO. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. https://doi.org/10.1145/3128572.3140448
“Coronavirus disease (COVID-19).” (n.d.) https://www.who.int/news-room/q-a-detail/coronavirus-disease-covid-19. Accessed 11 Apr. 2021
Das D, Biswas SK, Bandyopadhyay S (2022) Perspective of AI system for COVID-19 detection using chest images: a review. Multimed Tools Appl 81(15):21471–21501. https://doi.org/10.1007/s11042-022-11913-4
Deng J, Dong W, Socher R, Li LJ, Li K, Li F-F (2009, June) ImageNet: A large-scale hierarchical image database. 2009 IEEE Conference on Computer Vision and Pattern Recognition. https://doi.org/10.1109/cvpr.2009.5206848
Ellis R (2020) WHO changes stance, says public should wear masks. WebMD https://www.webmd.com/lung/news/20200608/who-changes-stance-says-public-should-wear-masks
Feng S, Shen C, Xia N, Song W, Fan M, Cowling BJ (2020, May) Rational use of face masks in the COVID-19 pandemic. The Lancet. Respir Med 8(5):434–436. https://doi.org/10.1016/s2213-2600(20)30134-x
Gao J, Lanchantin J, Soffa ML, Qi Y (2018, May) Black-Box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers. 2018 IEEE Security and Privacy Workshops (SPW). https://doi.org/10.1109/spw.2018.00016
Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572
Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, ..., Bengio Y (2014) Generative adversarial nets. Advances in neural information processing systems, 27
Goyal H, Sidana K, Singh C, Jain A, Jindal S (2022) A real time face mask detection system using convolutional neural network. Multimed Tools Appl 81(11):14999–15015. https://doi.org/10.1007/s11042-022-12166-x
Haque SBU, Zafar A, Roshan K (2023) Security vulnerability in face mask monitoring system. In: 2023 10th International conference on computing for sustainable global development (INDIACom). New Delhi, India, 231–237
Hirano H, Koga K, Takemoto K (2020) Vulnerability of deep neural networks for detecting COVID-19 cases from chest X-ray images to universal adversarial attacks. PLoS One 15(12):e0243963. https://doi.org/10.1371/journal.pone.0243963
Ilyas A, Engstrom L, Athalye A, Lin J (2018, July) Black-box adversarial attacks with limited queries and information. In International conference on machine learning. PMLR, pp. 2137–2146
Javed I, Butt MA, Khalid S, Shehryar T, Amin R, Syed AM, Sadiq M (2022) Face mask detection and social distance monitoring system for COVID-19 pandemic. Multimed Tools Appl 82:14135–14152. https://doi.org/10.1007/s11042-022-13913-w
Jayaswal R, Dixit M (2022) AI-based face mask detection system: a straightforward proposition to fight with Covid-19 situation. Multimed Tools Appl 82:13241–13273. https://doi.org/10.1007/s11042-022-13697-z
Kuchana M, Srivastava A, Das R, Mathew J, Mishra A, Khatter K (2020) AI aiding in diagnosing, tracking recovery of COVID-19 using deep learning on Chest CT scans. Multimed Tools Appl 80(6):9161–9175. https://doi.org/10.1007/s11042-020-10010-8
Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial examples in the physical world. In: Proceedings of the 5th International Conference on Learning Representations (ICLR) Workshop Track, pp. 1–14
Liu W, Anguelov D, Erhan D, Szegedy C, Reed S, Fu CY, Berg AC (2016) SSD: Single Shot MultiBox Detector. Comput Vis – ECCV 2016:21–37. https://doi.org/10.1007/978-3-319-46448-0_2
Lu H, Zhuang Z (2022) ULN: An efficient face recognition method for person wearing a mask. Multimed Tools Appl 81(29):42393–42411. https://doi.org/10.1007/s11042-022-13495-7
Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2017) Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083
Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017, July) Universal Adversarial Perturbations. 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). https://doi.org/10.1109/cvpr.2017.17
Oztel I, Yolcu Oztel G, Akgun D (2022, October 21) A hybrid LBP-DCNN based feature extraction method in YOLO: An application for masked face and social distance detection. Multimed Tools Appl 82(1):1565–1583. https://doi.org/10.1007/s11042-022-14073-7
Pal B, Gupta D, Rashed-Al-Mahfuz M, Alyami SA, Moni MA (2021) Vulnerability in Deep Transfer Learning Models to Adversarial Fast Gradient Sign Attack for COVID-19 Prediction from Chest Radiography Images. Appl Sci 11(9):4233. https://doi.org/10.3390/app11094233
Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016, March) The Limitations of Deep Learning in Adversarial Settings. 2016 IEEE European Symposium on Security and Privacy (EuroS&P). https://doi.org/10.1109/eurosp.2016.36
Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017, April 2) Practical Black-Box Attacks against Machine Learning. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. https://doi.org/10.1145/3052973.3053009
Qi G, Gong L, Song Y, Ma K, Zheng Y (2021) Stabilized medical image attacks. arXiv preprint arXiv:2103.05232
Rahman A, Hossain MS, Alrajeh NA, Alsolami F (2021, June 15) Adversarial Examples—Security Threats to COVID-19 Deep Learning Systems in Medical IoT Devices. IEEE Internet Things J 8(12):9603–9610. https://doi.org/10.1109/jiot.2020.3013710
Redmon J, Farhadi A (2018) Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767
Ren K, Zheng T, Qin Z, Liu X (2020) Adversarial Attacks and Defenses in Deep Learning. Engineering 6(3):346–360. https://doi.org/10.1016/j.eng.2019.12.012
Roshan K, Zafar A, Haque SBU (2023) A novel deep learning based model to defend network intrusion detection system against adversarial attacks. In: 2023 10th international conference on computing for sustainable global development (INDIACom). New Delhi, India, 386-391
Sandler M, Howard A, Zhu M, Zhmoginov A, Chen LC (2018) Mobilenetv2: Inverted residuals and linear bottlenecks. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4510–4520
Sheikh B, Zafar A (2023) Beyond accuracy and precision: a robust deep learning framework to enhance the resilience of face mask detection models against adversarial attacks. Evolving Systems. https://doi.org/10.1007/s12530-023-09522-z
Sheikh B, Zafar A (2023) RRFMDS: Rapid Real-Time Face Mask Detection System for Effective COVID-19 Monitoring. SN Comput Sci 4:288. https://doi.org/10.1007/s42979-023-01738-9
Sheikh BUH, Zafar A (2023) Untargeted white-box adversarial attack to break into deep learning based COVID-19 monitoring face mask detection system. Multimed Tools Appl:1–27. https://doi.org/10.1007/s11042-023-15405-x
Singh S, Ahuja U, Kumar M, Kumar K, Sachdeva M (2021) Face mask detection using YOLOv3 and faster R-CNN models: COVID-19 environment. Multimed Tools Appl 80(13):19753–19768. https://doi.org/10.1007/s11042-021-10711-8
Su X, Gao M, Ren J, Li Y, Dong M, Liu X (2021) Face mask detection and classification via deep transfer learning. Multimed Tools Appl 81(3):4475–4494. https://doi.org/10.1007/s11042-021-11772-5
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2013) Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.
Szegedy C, Vanhoucke V, Ioffe S, Shlens J, Wojna Z (2016) Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 2818–2826
Ullah N, Javed A, Ali Ghazanfar M, Alsufyani A, Bourouis S (2022) A novel DeepMaskNet model for face mask detection and masked facial recognition. J King Saud Univ - Comput Inf Sci 34(10):9905–9914. https://doi.org/10.1016/j.jksuci.2021.12.017
Wang L, Lin ZQ, Wong A (2020) COVID-Net: a tailored deep convolutional neural network design for detection of COVID-19 cases from chest X-ray images. Sci Rep 10(1):19549. https://doi.org/10.1038/s41598-020-76550-z
Wani MH, Faridi AR (2022) Deep learning-based video action recognition: A Review. In: 2022 international conference on computing, communication, and intelligent systems (ICCCIS). Greater Noida, India, 243–249. https://doi.org/10.1109/ICCCIS56430.2022.10037736
World Health Organization. (2020) Advice on the use of masks in the context of COVID-19: interim guidance, June 5 2020 (No. WHO/2019-nCoV/IPC_Masks/2020.4). World Health Organization
"WHO Director-General's opening remarks at the media briefing on COVID-19 - March 11 2020." https://www.who.int/director-general/speeches/detail/who-director-general-s-opening-remarks-at-the-media-briefing-on-covid-19%2D%2D-11-march-2020. Accessed 11 April 2021
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
sheikh, B.U.H., Zafar, A. Unlocking adversarial transferability: a security threat towards deep learning-based surveillance systems via black box inference attack- a case study on face mask surveillance. Multimed Tools Appl 83, 24749–24775 (2024). https://doi.org/10.1007/s11042-023-16439-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-16439-x