A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models

Zhongliang Guo; Weiye Li; Yifei Qian; Ognjen Arandelovic; Lei Fang

A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models

Zhongliang Guo^*, Weiye Li, Yifei Qian, Ognjen Arandelovic^*, Lei Fang

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, we tackle the challenge of white-box false positive adversarial attacks on contrastive loss based offline handwritten signature verification models. We propose a novel attack method that treats the attack as a style transfer between closely related but distinct writing styles. To guide the generation of deceptive images, we introduce two new loss functions that enhance the attack success rate by perturbing the Euclidean distance between the embedding vectors of the original and synthesized samples, while ensuring minimal perturbations by reducing the difference between the generated image and the original image. Our method demonstrates state-of-the-art performance in white-box attacks on contrastive loss based offline handwritten signature verification models, as evidenced by our experiments. The key contributions of this paper include a novel false positive attack method, two new loss functions, effective style transfer in handwriting styles, and superior performance in white-box false positive attacks compared to other white-box attack methods.

Original language	English
Title of host publication	Proceedings of The 27th International Conference on Artificial Intelligence and Statistics
Subtitle of host publication	2-4 May 2024, Palau de Congressos, Valencia, Spain
Editors	Sanjoy Dasgupta, Stephan Mandt, Yingzhen Li
Publisher	PMLR
Pages	901-909
Number of pages	11
Publication status	Published - 5 Feb 2025
Event	27th International Conference on Artificial Intelligence and Statistics - Palau de Congressos, Valencia, Spain Duration: 2 May 2024 → 4 May 2024 https://aistats.org/aistats2024/

Publication series

Name	Proceedings of Machine Learning Research
Volume	238
ISSN (Electronic)	2640-3498

Conference

Conference	27th International Conference on Artificial Intelligence and Statistics
Abbreviated title	AISTATS 2024
Country/Territory	Spain
City	Valencia
Period	2/05/24 → 4/05/24
Internet address	https://aistats.org/aistats2024/

Access to Document

Guo_2024_White-box-attack-method-signature-verification-models_CC
© 2024 The Author(s). Licensed under Creative Commons Attribution Share-Alike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/).
Final published version, 830 KBLicence: CC BY-SA

Cite this

Guo, Z., Li, W., Qian, Y., Arandelovic, O., & Fang, L. (2025). A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models. In S. Dasgupta, S. Mandt, & Y. Li (Eds.), Proceedings of The 27th International Conference on Artificial Intelligence and Statistics: 2-4 May 2024, Palau de Congressos, Valencia, Spain (pp. 901-909). (Proceedings of Machine Learning Research; Vol. 238). PMLR. https://proceedings.mlr.press/v238/guo24a.html

Guo, Zhongliang ; Li, Weiye ; Qian, Yifei et al. / A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models. Proceedings of The 27th International Conference on Artificial Intelligence and Statistics: 2-4 May 2024, Palau de Congressos, Valencia, Spain. editor / Sanjoy Dasgupta ; Stephan Mandt ; Yingzhen Li. PMLR, 2025. pp. 901-909 (Proceedings of Machine Learning Research).

@inproceedings{35f8e9c1d2f34105bd460b339b3f17de,

title = "A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models",

abstract = "In this paper, we tackle the challenge of white-box false positive adversarial attacks on contrastive loss based offline handwritten signature verification models. We propose a novel attack method that treats the attack as a style transfer between closely related but distinct writing styles. To guide the generation of deceptive images, we introduce two new loss functions that enhance the attack success rate by perturbing the Euclidean distance between the embedding vectors of the original and synthesized samples, while ensuring minimal perturbations by reducing the difference between the generated image and the original image. Our method demonstrates state-of-the-art performance in white-box attacks on contrastive loss based offline handwritten signature verification models, as evidenced by our experiments. The key contributions of this paper include a novel false positive attack method, two new loss functions, effective style transfer in handwriting styles, and superior performance in white-box false positive attacks compared to other white-box attack methods.",

author = "Zhongliang Guo and Weiye Li and Yifei Qian and Ognjen Arandelovic and Lei Fang",

note = "Funding: The first author Zhongliang Guo acknowledges the financial support through the China Scholarship Council – University of St Andrews Scholarship (Grant No.202208060113).; 27th International Conference on Artificial Intelligence and Statistics, AISTATS 2024 ; Conference date: 02-05-2024 Through 04-05-2024",

year = "2025",

month = feb,

day = "5",

language = "English",

series = "Proceedings of Machine Learning Research",

publisher = "PMLR",

pages = "901--909",

editor = "Sanjoy Dasgupta and Stephan Mandt and Yingzhen Li",

booktitle = "Proceedings of The 27th International Conference on Artificial Intelligence and Statistics",

url = "https://aistats.org/aistats2024/",

}

Guo, Z, Li, W, Qian, Y, Arandelovic, O & Fang, L 2025, A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models. in S Dasgupta, S Mandt & Y Li (eds), Proceedings of The 27th International Conference on Artificial Intelligence and Statistics: 2-4 May 2024, Palau de Congressos, Valencia, Spain. Proceedings of Machine Learning Research, vol. 238, PMLR, pp. 901-909, 27th International Conference on Artificial Intelligence and Statistics, Valencia, Spain, 2/05/24. <https://proceedings.mlr.press/v238/guo24a.html>

A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models. / Guo, Zhongliang; Li, Weiye; Qian, Yifei et al.
Proceedings of The 27th International Conference on Artificial Intelligence and Statistics: 2-4 May 2024, Palau de Congressos, Valencia, Spain. ed. / Sanjoy Dasgupta; Stephan Mandt; Yingzhen Li. PMLR, 2025. p. 901-909 (Proceedings of Machine Learning Research; Vol. 238).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models

AU - Guo, Zhongliang

AU - Li, Weiye

AU - Qian, Yifei

AU - Arandelovic, Ognjen

AU - Fang, Lei

N1 - Funding: The first author Zhongliang Guo acknowledges the financial support through the China Scholarship Council – University of St Andrews Scholarship (Grant No.202208060113).

PY - 2025/2/5

Y1 - 2025/2/5

N2 - In this paper, we tackle the challenge of white-box false positive adversarial attacks on contrastive loss based offline handwritten signature verification models. We propose a novel attack method that treats the attack as a style transfer between closely related but distinct writing styles. To guide the generation of deceptive images, we introduce two new loss functions that enhance the attack success rate by perturbing the Euclidean distance between the embedding vectors of the original and synthesized samples, while ensuring minimal perturbations by reducing the difference between the generated image and the original image. Our method demonstrates state-of-the-art performance in white-box attacks on contrastive loss based offline handwritten signature verification models, as evidenced by our experiments. The key contributions of this paper include a novel false positive attack method, two new loss functions, effective style transfer in handwriting styles, and superior performance in white-box false positive attacks compared to other white-box attack methods.

AB - In this paper, we tackle the challenge of white-box false positive adversarial attacks on contrastive loss based offline handwritten signature verification models. We propose a novel attack method that treats the attack as a style transfer between closely related but distinct writing styles. To guide the generation of deceptive images, we introduce two new loss functions that enhance the attack success rate by perturbing the Euclidean distance between the embedding vectors of the original and synthesized samples, while ensuring minimal perturbations by reducing the difference between the generated image and the original image. Our method demonstrates state-of-the-art performance in white-box attacks on contrastive loss based offline handwritten signature verification models, as evidenced by our experiments. The key contributions of this paper include a novel false positive attack method, two new loss functions, effective style transfer in handwriting styles, and superior performance in white-box false positive attacks compared to other white-box attack methods.

UR - https://www.scopus.com/pages/publications/85194186771

M3 - Conference contribution

T3 - Proceedings of Machine Learning Research

SP - 901

EP - 909

BT - Proceedings of The 27th International Conference on Artificial Intelligence and Statistics

A2 - Dasgupta, Sanjoy

A2 - Mandt, Stephan

A2 - Li, Yingzhen

PB - PMLR

T2 - 27th International Conference on Artificial Intelligence and Statistics

Y2 - 2 May 2024 through 4 May 2024

ER -

Guo Z, Li W, Qian Y, Arandelovic O , Fang L. A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models. In Dasgupta S, Mandt S, Li Y, editors, Proceedings of The 27th International Conference on Artificial Intelligence and Statistics: 2-4 May 2024, Palau de Congressos, Valencia, Spain. PMLR. 2025. p. 901-909. (Proceedings of Machine Learning Research). Epub 2024 Oct 31.

A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Building trustworthy computer vision: adversarial techniques for robustness assessment and misuse prevention

Towards fully automated analysis of crowd counting in images

Cite this

A white-box false positive adversarial attack method on contrastive loss based offline handwritten signature verification models

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Student theses

Building trustworthy computer vision: adversarial techniques for robustness assessment and misuse prevention

Towards fully automated analysis of crowd counting in images

Cite this