This project focuses on the issue of generating adversarial examples on image recognition.  The components of TroyGAN are as follow. Encoder extracts features of attackers’ face. Generator generates adversarial samples. Discriminator determines whether the generated image is face image or not. Classifier determines the attack ability of image. These four models confront each other to get a balanced adversarial image.

The adversarial sample that generated by TroyGAN  is able to attack the state-of-the-art deep learning face recognition system, and archive the high attack success rate with black-box attack. Compare with previous studies: 
1.Our adversarial samples is generated by random noise
2.Attack the model during training phase, but not testing phase.

TroyGAN has been proposed based on the architecture of generative adversarial network and the concept of adversarial examples.  The proposed method can apply in financial industry and image recognition industry:
(1)Biometric-based application
(2)Financial industry
(3)Information security industry