Skip to main content
SpringerLink
Log in

Unlocking adversarial transferability: a security threat towards deep learning-based surveillance systems via black box inference attack- a case study on face mask surveillance

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

With the increasing demand for reliable face mask detection systems during the COVID-19 pandemic, deep learning (DL) and machine learning (ML) algorithms have been widely used. However, these models are vulnerable to adversarial attacks, which pose a significant challenge to their reliability. This study investigates the susceptibility of a DL-based face mask detection model to a black box adversarial attack using a substitute model approach. A transfer learning-based face mask detection model is employed as the target model, while a CNN model acts as the substitute model for generating adversarial examples. The experiment is conducted under the assumption of a black-box attack, where attackers have limited access to the target model’s architecture and gradients but access to training data. The results demonstrate the successful reduction of the face mask detection model’s classification accuracy from 97.18% to 46.52% through the black-box adversarial attack, highlighting the vulnerability of current face mask detection methods to such attacks. These findings underscore the need for robust defense measures to be implemented in face mask detection systems to ensure their reliability in practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Algorithm 1
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Data availability

The datasets generated during and/or analyzed during the current study are available in the KAGGLE repository, https://www.kaggle.com/datasets/shiekhburhan/face-mask-dataset

The code generated during and/or analyzed during the current study is available from the corresponding author upon reasonable request.

References

  1. Ahmad M, Khursheed F (2022) A novel image tamper detection approach by blending forensic tools and optimized CNN: Sealion customized firefly algorithm. Multimed Tools Appl  81(2):2577–2601

  2. Ahmad M, Khursheed F (2022) Detection and localization of image tampering in digital images with fused features. Concurr Comput Pract Exp 34:7191

  3. Alrashed S, Min-Allah N, Ali I, Mehmood R (2022) COVID-19 outbreak and the role of digital twin. Multimed Tools Appl 81(19):26857–26871. https://doi.org/10.1007/s11042-021-11664-8

    Article  PubMed  PubMed Central  Google Scholar 

  4. Bania RK (2023) Ensemble of deep transfer learning models for real-time automatic detection of face mask. Multimed Tools Appl 82:25131–25153. https://doi.org/10.1007/s11042-023-14408-y

    Article  Google Scholar 

  5. Chen PY, Zhang H, Sharma Y, Yi J, Hsieh CJ (2017, November 3) ZOO. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. https://doi.org/10.1145/3128572.3140448

  6. “Coronavirus disease (COVID-19).” (n.d.) https://www.who.int/news-room/q-a-detail/coronavirus-disease-covid-19. Accessed 11 Apr. 2021

  7. Das D, Biswas SK, Bandyopadhyay S (2022) Perspective of AI system for COVID-19 detection using chest images: a review. Multimed Tools Appl 81(15):21471–21501. https://doi.org/10.1007/s11042-022-11913-4

    Article  PubMed  PubMed Central  Google Scholar 

  8. Deng J, Dong W, Socher R, Li LJ, Li K, Li F-F (2009, June) ImageNet: A large-scale hierarchical image database. 2009 IEEE Conference on Computer Vision and Pattern Recognition. https://doi.org/10.1109/cvpr.2009.5206848

  9. Ellis R (2020) WHO changes stance, says public should wear masks. WebMD https://www.webmd.com/lung/news/20200608/who-changes-stance-says-public-should-wear-masks

  10. Feng S, Shen C, Xia N, Song W, Fan M, Cowling BJ (2020, May) Rational use of face masks in the COVID-19 pandemic. The Lancet. Respir Med 8(5):434–436. https://doi.org/10.1016/s2213-2600(20)30134-x

    Article  CAS  Google Scholar 

  11. Gao J, Lanchantin J, Soffa ML, Qi Y (2018, May) Black-Box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers. 2018 IEEE Security and Privacy Workshops (SPW). https://doi.org/10.1109/spw.2018.00016

  12. Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572

  13. Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, ..., Bengio Y (2014) Generative adversarial nets. Advances in neural information processing systems, 27

  14. Goyal H, Sidana K, Singh C, Jain A, Jindal S (2022) A real time face mask detection system using convolutional neural network. Multimed Tools Appl 81(11):14999–15015. https://doi.org/10.1007/s11042-022-12166-x

    Article  PubMed  PubMed Central  Google Scholar 

  15. Haque SBU, Zafar A, Roshan K (2023) Security vulnerability in face mask monitoring system. In: 2023 10th International conference on computing for sustainable global development (INDIACom). New Delhi, India, 231–237

  16. Hirano H, Koga K, Takemoto K (2020) Vulnerability of deep neural networks for detecting COVID-19 cases from chest X-ray images to universal adversarial attacks. PLoS One 15(12):e0243963. https://doi.org/10.1371/journal.pone.0243963

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  17. Ilyas A, Engstrom L, Athalye A, Lin J (2018, July) Black-box adversarial attacks with limited queries and information. In International conference on machine learning. PMLR, pp. 2137–2146

  18. Javed I, Butt MA, Khalid S, Shehryar T, Amin R, Syed AM, Sadiq M (2022) Face mask detection and social distance monitoring system for COVID-19 pandemic. Multimed Tools Appl 82:14135–14152. https://doi.org/10.1007/s11042-022-13913-w

    Article  PubMed  PubMed Central  Google Scholar 

  19. Jayaswal R, Dixit M (2022) AI-based face mask detection system: a straightforward proposition to fight with Covid-19 situation. Multimed Tools Appl 82:13241–13273. https://doi.org/10.1007/s11042-022-13697-z

    Article  PubMed  PubMed Central  Google Scholar 

  20. Kuchana M, Srivastava A, Das R, Mathew J, Mishra A, Khatter K (2020) AI aiding in diagnosing, tracking recovery of COVID-19 using deep learning on Chest CT scans. Multimed Tools Appl 80(6):9161–9175. https://doi.org/10.1007/s11042-020-10010-8

    Article  PubMed  PubMed Central  Google Scholar 

  21. Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial examples in the physical world. In: Proceedings of the 5th International Conference on Learning Representations (ICLR) Workshop Track, pp. 1–14

  22. Liu W, Anguelov D, Erhan D, Szegedy C, Reed S, Fu CY, Berg AC (2016) SSD: Single Shot MultiBox Detector. Comput Vis – ECCV 2016:21–37. https://doi.org/10.1007/978-3-319-46448-0_2

    Article  Google Scholar 

  23. Lu H, Zhuang Z (2022) ULN: An efficient face recognition method for person wearing a mask. Multimed Tools Appl 81(29):42393–42411. https://doi.org/10.1007/s11042-022-13495-7

    Article  PubMed  PubMed Central  Google Scholar 

  24. Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2017) Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083

  25. Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017, July) Universal Adversarial Perturbations. 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). https://doi.org/10.1109/cvpr.2017.17

  26. Oztel I, Yolcu Oztel G, Akgun D (2022, October 21) A hybrid LBP-DCNN based feature extraction method in YOLO: An application for masked face and social distance detection. Multimed Tools Appl 82(1):1565–1583. https://doi.org/10.1007/s11042-022-14073-7

    Article  PubMed  PubMed Central  Google Scholar 

  27. Pal B, Gupta D, Rashed-Al-Mahfuz M, Alyami SA, Moni MA (2021) Vulnerability in Deep Transfer Learning Models to Adversarial Fast Gradient Sign Attack for COVID-19 Prediction from Chest Radiography Images. Appl Sci 11(9):4233. https://doi.org/10.3390/app11094233

    Article  CAS  Google Scholar 

  28. Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016, March) The Limitations of Deep Learning in Adversarial Settings. 2016 IEEE European Symposium on Security and Privacy (EuroS&P). https://doi.org/10.1109/eurosp.2016.36

  29. Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017, April 2) Practical Black-Box Attacks against Machine Learning. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. https://doi.org/10.1145/3052973.3053009

  30. Qi G, Gong L, Song Y, Ma K, Zheng Y (2021) Stabilized medical image attacks. arXiv preprint arXiv:2103.05232

  31. Rahman A, Hossain MS, Alrajeh NA, Alsolami F (2021, June 15) Adversarial Examples—Security Threats to COVID-19 Deep Learning Systems in Medical IoT Devices. IEEE Internet Things J 8(12):9603–9610. https://doi.org/10.1109/jiot.2020.3013710

    Article  PubMed  Google Scholar 

  32. Redmon J, Farhadi A (2018) Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767

  33. Ren K, Zheng T, Qin Z, Liu X (2020) Adversarial Attacks and Defenses in Deep Learning. Engineering 6(3):346–360. https://doi.org/10.1016/j.eng.2019.12.012

    Article  Google Scholar 

  34. Roshan K, Zafar A, Haque SBU (2023) A novel deep learning based model to defend network intrusion detection system against adversarial attacks. In: 2023 10th international conference on computing for sustainable global development (INDIACom). New Delhi, India, 386-391

  35. Sandler M, Howard A, Zhu M, Zhmoginov A, Chen LC (2018) Mobilenetv2: Inverted residuals and linear bottlenecks. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4510–4520

  36. Sheikh B, Zafar A (2023) Beyond accuracy and precision: a robust deep learning framework to enhance the resilience of face mask detection models against adversarial attacks. Evolving Systems. https://doi.org/10.1007/s12530-023-09522-z

  37. Sheikh B, Zafar A (2023) RRFMDS: Rapid Real-Time Face Mask Detection System for Effective COVID-19 Monitoring. SN Comput Sci 4:288. https://doi.org/10.1007/s42979-023-01738-9

  38. Sheikh BUH, Zafar A (2023) Untargeted white-box adversarial attack to break into deep learning based COVID-19 monitoring face mask detection system. Multimed Tools Appl:1–27. https://doi.org/10.1007/s11042-023-15405-x

  39. Singh S, Ahuja U, Kumar M, Kumar K, Sachdeva M (2021) Face mask detection using YOLOv3 and faster R-CNN models: COVID-19 environment. Multimed Tools Appl 80(13):19753–19768. https://doi.org/10.1007/s11042-021-10711-8

    Article  PubMed  PubMed Central  Google Scholar 

  40. Su X, Gao M, Ren J, Li Y, Dong M, Liu X (2021) Face mask detection and classification via deep transfer learning. Multimed Tools Appl 81(3):4475–4494. https://doi.org/10.1007/s11042-021-11772-5

    Article  PubMed  PubMed Central  Google Scholar 

  41. Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2013) Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.

  42. Szegedy C, Vanhoucke V, Ioffe S, Shlens J, Wojna Z (2016) Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 2818–2826

  43. Ullah N, Javed A, Ali Ghazanfar M, Alsufyani A, Bourouis S (2022) A novel DeepMaskNet model for face mask detection and masked facial recognition. J King Saud Univ - Comput Inf Sci 34(10):9905–9914. https://doi.org/10.1016/j.jksuci.2021.12.017

    Article  PubMed  PubMed Central  Google Scholar 

  44. Wang L, Lin ZQ, Wong A (2020) COVID-Net: a tailored deep convolutional neural network design for detection of COVID-19 cases from chest X-ray images. Sci Rep 10(1):19549. https://doi.org/10.1038/s41598-020-76550-z

    Article  ADS  CAS  PubMed  PubMed Central  Google Scholar 

  45. Wani MH, Faridi AR (2022) Deep learning-based video action recognition: A Review. In: 2022 international conference on computing, communication, and intelligent systems (ICCCIS). Greater Noida, India, 243–249. https://doi.org/10.1109/ICCCIS56430.2022.10037736

  46. World Health Organization. (2020) Advice on the use of masks in the context of COVID-19: interim guidance, June 5 2020 (No. WHO/2019-nCoV/IPC_Masks/2020.4). World Health Organization

  47. "WHO Director-General's opening remarks at the media briefing on COVID-19 - March 11 2020." https://www.who.int/director-general/speeches/detail/who-director-general-s-opening-remarks-at-the-media-briefing-on-covid-19%2D%2D-11-march-2020. Accessed 11 April 2021

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Aligarh Muslim University, Aligarh, Uttar Pradesh, 202002, India

    Burhan Ul Haque sheikh & Aasim Zafar

Authors
  1. Burhan Ul Haque sheikh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aasim Zafar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Burhan Ul Haque sheikh.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

sheikh, B.U.H., Zafar, A. Unlocking adversarial transferability: a security threat towards deep learning-based surveillance systems via black box inference attack- a case study on face mask surveillance. Multimed Tools Appl 83, 24749–24775 (2024). https://doi.org/10.1007/s11042-023-16439-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-023-16439-x

Keywords

Search

Navigation