Presentation Attack Detection Research Articles

Lifelong iris presentation attack detection without forgetting

Lifelong iris presentation attack detection without forgetting

An Enhanced Generative Adversarial Network Model for Fingerprint Presentation Attack Detection

An Enhanced Generative Adversarial Network Model for Fingerprint Presentation Attack Detection

Fully supervised contrastive learning in latent space for face presentation attack detection

Fully supervised contrastive learning in latent space for face presentation attack detection

A new face presentation attack detection method based on face-weighted multi-color multi-level texture features

A new face presentation attack detection method based on face-weighted multi-color multi-level texture features

SFincBuster: Spoofed fingerprint buster via incremental learning using leverage bagging classifier

The fingerprint presentation attack detection (PAD) studies are extensively explored by investigators to augment the security aspects of human authentication in biometric systems. Although existing approaches yield promising results while evaluated on data having same distribution as the training data, but their performance is declined in scenarios when data is gathered from unknown environment. In these situations model is learned with the new type of fake samples by re-training the entire model. Nevertheless, it has been a non-trivial concern to re-train the entire system to tackle the newly created fake samples as unseen artifacts are generated continuously in real-time scenarios. In this work, we expound a novel incremental learning-based approach namely; SFincBuster that can work effectively in the challenging real-time scenarios and can handle both new data as well as new observations from old classes. We train a leveraging bagging ensemble (LBE) in incremental fashion regardless of the extracted deep-level features (using pre-trained VGG19 network) being too large to accommodate into system memory, it is still possible to train our model effectively. Furthermore, the LBE integrates the simplicity of classical bagging with augmented randomization to the input and outcome of the base classifiers. To tackle the issue of change in distribution that arises with gradual changes from learned fakes to entirely new fingerprint artifacts, the SFincBuster employs LBE with ADWIN (Adaptive WINDowing) technique that continuously evaluate the performance of underlying base model and whenever a change is detected the weakest classifier is substituted with a new one. Our approach achieves high classification accuracy, even though it is not prerequisite to access all features at once. The SFincBuster is trained and evaluated on LivDet 2009, LivDet 2011, LivDet 2013, LivDet 2015 and LivDet 2021 benchmark datasets and yields maximum average classification accuracy (ACA) of 98.65% on LivDet 2013 and LivDet 2015 datasets. The model exhibits stupendous generalization capabilities with an average classification error rate (ACER) of 1.39% for known fakes (KF) and 2.84% for unknown fakes (UF). Finally, the comparable investigation perceives that the SFincBuster model demonstrates a noteworthy performance gain over the similar state-of-the-art (SOTA) approaches and achieve an improved benchmark for real-time cross-sensor, cross-material and cross-dataset scenarios.

Face presentation attack detection: Research opportunities and perspectives

The rapid development of biometric methods and their implementation in practice has led to the widespread attacks called spoofing, which are purely biometric vulnerabilities, but are not used in conjunction with other IT security solutions. Although biometric recognition as a branch of computer science dates back to the 1960s, attacks on biometric systems have become more sophisticated since the 2010s due to great advances in pattern recognition. It should be noted that face recognition is the most attractive topic for deceiving recognition systems. Popular presentation attacks, such as print, replay and mask attacks, have demonstrated a high security risk for SOTA face recognition systems. Many Presentation Attack Detection (PAD) methods (also known as face anti-spoofing methods or countermeasures) have been proposed that can automatically detect and mitigate such targeted attacks. The article presents a systematic survey in face anti-spoofing with prognostic trends in this research area. A brief description of 16 outstanding previous surveys on the face PAD field is mentioned, from which it is possible to trace how this scientific topic has developed. SOTA in PAD provides an analysis of a wide range of the PAD methods, which are categorized into two unbalanced groups: digital (feature-based) and physical (sensor-based) methods. Generalization of deep learning methods as a recent trend aimed at improving recognition results requires special attention. This survey presents five types of generalization such as transfer learning, anomaly detection, few-shot and zero-shot learning, auxiliary supervision, and multi-spectral methods. A summary of over than 40 existing 2D/3D face spoofing databases is a guideline for those who want to select databases for experiments. One can also find a description of performance evaluation metrics and testing protocols. In addition, we discuss trends and perspectives in the emerging field of facial biometrics.

A presentation attack detection network based on dynamic convolution and multi-level feature fusion with security and reliability

In the Internet of Things environment, most facial recognition systems are highly susceptible to face spoofing attacks. To increase the security and reliability of such systems, this paper proposes an anti-spoofing method for facial recognition systems based on optical flow and texture features. The spoofing-detection algorithm first generates the optical flow field map of the face area using the optical flow method and a face-detection method, based on two consecutive frames of the captured face video. Then, the original RGB face area image and optical flow field map are input into a two-channel convolutional neural network to extract and fuse the features of the face. Finally, based on the optical flow and texture features, this method classifies real and fake faces. In addition, to better generate the optical flow field map containing liveness information, a motion amplification algorithm is applied to enhance the 0.04–0.4 Hz signal in the video frame by 20 times. For texture and optical flow presentation, we propose a lightweight network with dynamic convolution and multi-level feature fusion blocks. This paper used the Replay Attack spoofing dataset from IDIAP, consisting of 1300 videos, for model training, verification, and testing. Experiments showed that the algorithm proposed in the paper performed well on the Replay Attack data set and achieved a half total error rate of 0.66%.

Face presentation attack detection performances of facial regions with multi-block LBP features.

Biometric recognition systems are frequently used in daily life although they are vulnerable to attacks. Today, especially the increasing use of face authentication systems has made these systems the target of face presentation attacks (FPA). This has increased the need for sensitive systems detecting the FPAs. Recently surgical masks, frequently used due to the pandemic, directly affect the performance of face recognition systems. Researchers design face recognition systems only from the eye region. This motivated us to evaluate the FPA detection performance of the eye region. Based on this, in cases where the whole face is not visible, the FPA detection performance of other parts of the face has also been examined. Therefore, in this study, FPA detection performances of facial regions of wide face, cropped face, eyes, nose, and mouth was investigated. For this purpose, the facial regions were determined and normalized, and texture features were extracted using powerful texture descriptor local binary patterns (LBP) due to its easy computability and low processing complexity. Multi-block LBP features are used to obtain more detailed texture information. Generally uniform LBP patterns are used for feature extraction in the literature. In this study, the FPA detection performances of both uniform LBP patterns and all LBP patterns were investigated. The size of feature vector is reduced by principal component analysis, and real/fake classification is performed with support vector machines. Experimental results on NUAA, CASIA, REPLAY-ATTACK and OULU-NPU datasets show that the use of all patterns increased the performance of FPA detection.

A survey on face presentation attack detection mechanisms: hitherto and future perspectives.

The advances in human face recognition (FR) systems have recorded sublime success for automatic and secured authentication in diverse domains. Although the traditional methods have been overshadowed by face recognition counterpart during this progress, computer vision gains rapid traction, and the modern accomplishments address problems with real-world complexity. However, security threats in FR-based systems are a growing concern that offers a new-fangled track to the research community. In particular, recent past has witnessed ample instances of spoofing attacks where imposter breaches security of the system with an artifact of human face to circumvent the sensor module. Therefore, presentation attack detection (PAD) capabilities are instilled in the system for discriminating genuine and fake traits and anticipation of their impact on the overall behavior of the FR-based systems. To scrutinize exhaustively the current state-of-the-art efforts, provide insights, and identify potential research directions on face PAD mechanisms, this systematic study presents a review of face anti-spoofing techniques that use computational approaches. The study includes advancements in face PAD mechanisms ranging from traditional hardware-based solutions to up-to-date handcrafted features or deep learning-based approaches. We also present an analytical overview of face artifacts, performance protocols, and benchmark face anti-spoofing datasets. In addition, we perform analysis of the twelve recent state-of-the-art (SOTA) face PAD techniques on a common platform using identical dataset (i.e., REPLAY-ATTACK) and performance protocols (i.e., HTER and ACA). Our overall analysis investigates that despite prevalent face PAD mechanisms demonstrate potential performance, there exist some crucial issues that requisite a futuristic attention. Our analysis put forward a number of open issues such as; limited generalization to unknown attacks, inadequacy of face datasets for DL-models, training models with new fakes, efficient DL-enabled face PAD with smaller datasets, and limited discrimination of handcrafted features. Furthermore, the COVID-19 pandemic is an additional challenge to the existing face-based recognition systems, and hence to the PAD methods. Our motive is to present a complete reference of studies in this field and orient researchers to promising directions.

Adversarial liveness detector: Leveraging adversarial perturbations in fingerprint liveness detection

AbstractThe widespread use of fingerprint authentication systems (FASs) in consumer electronics opens for the development of advanced presentation attacks, that is, procedures designed to bypass a FAS using a forged fingerprint. As a consequence, FAS are often equipped with a fingerprint presentation attack detection (FPAD) module, to recognise live fingerprints from fake replicas. In this work, a novel FPAD approach based on Convolutional Neural Networks (CNNs) and on an ad hoc adversarial data augmentation strategy designed to iteratively increase the considered detector robustness is proposed. In particular, the concept of adversarial fingerprint, that is, fake fingerprints disguised by using ad hoc fingerprint adversarial perturbation algorithms was leveraged to help the detector focus only on salient portions of the fingerprints. The procedure can be adapted to different CNNs, adversarial fingerprint algorithms and fingerprint scanners, making the proposed approach versatile and easily customisable todifferent working scenarios. To test the effectiveness of the proposed approach, the authors took part in the LivDet 2021 competition, an international challenge gathering experts to compete on fingerprint liveness detection under different scanners and fake replica generation approach, achieving first place out of 23 participants in the ‘Liveness Detection in Action track’.

Monocular Facial Presentation–Attack–Detection: Classifying Near-Infrared Reflectance Patterns

This paper presents a novel material spectroscopy approach to facial presentation–attack–defense (PAD). Best-in-class PAD methods typically detect artifacts in the 3D space. This paper proposes similar features can be achieved in a monocular, single-frame approach by using controlled light. A mathematical model is produced to show how live faces and their spoof counterparts have unique reflectance patterns due to geometry and albedo. A rigorous dataset is collected to evaluate this proposal: 30 diverse adults and their spoofs (paper-mask, display-replay, spandex-mask and COVID mask) under varied pose, position, and lighting for 80,000 unique frames. A panel of 13 texture classifiers are then benchmarked to verify the hypothesis. The experimental results are excellent. The material spectroscopy process enables a conventional MobileNetV3 network to achieve 0.8% average-classification-error rate, outperforming the selected state-of-the-art algorithms. This demonstrates the proposed imaging methodology generates extremely robust features.

Prototype-Guided Autoencoder for OCT-Based Fingerprint Presentation Attack Detection

Anti-spoofing ability is vital for fingerprint identification systems. Conventional fingerprint scanning devices can only obtain information from the fingertip surfaces, and their performance is susceptible to skin conditions and presentation attacks (PAs). However, optical coherence tomography (OCT) can scan subcutaneous tissue and obtain 3D fingerprint structures, naturally enhancing its PA detection (PAD) ability from the perspective of hardware. Existing unsupervised PAD methods are based on image reconstruction. However, the reconstruction error is easily affected by OCT noise and the rich details of OCT images. Therefore we propose feature-based reconstruction to alleviate this problem, called the prototype-guided autoencoder. The model consists of a memory module and a denoising autoencoder without the requirement of PA fingerprints. As only bona fide fingerprints are available during the training phase, the memory module contains the prototype features of the bona fide fingerprints. During the inference phase, as the prototype memory module is frozen, the reconstructed representation of the bona fide input is close to the bona fide fingerprint features. Calculating the distance between the original features and the prototype reconstructed representation of the sample can achieve PAD. To obtain a better decision making boundary, we propose a representation consistency constraint, which reduces the bona fide representation reconstruction distance closer, so that it is easier to differentiate between fingerprints and PAs.

SpoofGAN: Synthetic Fingerprint Spoof Images

A major limitation to advances in fingerprint presentation attack detection (PAD) is the lack of publicly available, large-scale datasets, a problem which has been compounded by increased concerns surrounding privacy and security of biometric data. Furthermore, most state-of-the-art PAD algorithms rely on deep networks which perform best in the presence of a large amount of training data. This work aims to demonstrate the utility of synthetic (both bona fide and PA style) fingerprints in supplying these algorithms with sufficient data to improve the performance of fingerprint PAD algorithms beyond the capabilities when training on a limited amount of publicly available “real” datasets. First, we provide details of our approach in modifying a state-of-the-art generative architecture to synthesize high quality bona fide and PA fingerprints. Then, we provide quantitative and qualitative analysis to verify the quality of our synthetic fingerprints in mimicking the distribution of real data samples. We showcase the utility of our synthetic bona fide and PA fingerprints in training a deep network for fingerprint PAD, which dramatically boosts the performance across three different evaluation datasets compared to an identical model trained on real data alone. Finally, we demonstrate that only 25% of the original (real) dataset is required to obtain similar detection performance when augmenting the training dataset with synthetic data. We make our synthetic dataset and model publicly available to encourage further research on this topic: <uri xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">https://github.com/groszste/SpoofGAN</uri> .

Comprehensive Study in Open-Set Iris Presentation Attack Detection

Research in presentation attack detection (PAD) for iris recognition has largely moved beyond evaluation in “closed-set” scenarios, to emphasize ability to generalize to presentation attack types not present in the training data. This paper offers multiple contributions to understand and extend the state-of-the-art in open-set iris PAD. First, it describes the most authoritative evaluation to date of iris PAD. We have curated the largest publicly-available image dataset for this problem, drawing from 26 benchmarks previously released by various groups, and adding 150,000 images being released with this paper, to create a set of 450,000 images representing authentic iris and seven types of presentation attack instrument (PAI). We formulate a leave-one-PAI-out evaluation protocol, and show that even the best algorithms in the closed-set evaluations exhibit catastrophic failures on multiple attack types in the open-set scenario. This includes algorithms performing well in the most recent LivDet-Iris 2020 competition, which may come from the fact that the LivDet-Iris protocol emphasizes sequestered images rather than unseen attack types. Second, we evaluate the accuracy of five open-source iris presentation attack algorithms available today, one of which is newly-proposed in this paper, and build an ensemble method that beats the winner of the LivDet-Iris 2020 by a substantial margin. This paper demonstrates that closed-set iris PAD, when all PAIs are known during training, is a solved problem, with multiple algorithms showing very high accuracy, while open-set iris PAD, when evaluated correctly, is far from being solved. The newly-created dataset, new open-source algorithms, and evaluation protocol, all made publicly available with this paper, provide experimental artifacts that researchers can use to measure progress on this important problem.

Asymmetric Modality Translation for Face Presentation Attack Detection

Face presentation attack detection (PAD) is an essentialmeasure to protect face recognition systems from being spoofed by malicious users and has attracted great attention from both academia and industry. Although most of the existing methods can achieve desired performance to some extent, the generalization issue of face presentation attack detection under cross-domain settings (e.g., the setting of unseen attacks and varying illumination) remains to be solved. In this paper, we propose a novel framework based on asymmetric modality translation for face presentation attack detection in bi-modality scenarios. Under the framework, we establish connections between two modality images of genuine faces. Specifically, a novel modality fusion scheme is presented that the image of one modality is translated to the other one through an asymmetric modality translator, then fused with its corresponding paired image. The fusion result is fed as the input to a discriminator for inference. The training of the translator is supervised by an asymmetric modality translation loss. Besides, an illumination normalization module based on Pattern of Local Gravitational Force (PLGF) representation is used to reduce the impact of illumination variation. We conduct extensive experiments on three public datasets, which validate that our method is effective in detecting various types of attacks and achieves state-of-the-art performance under different evaluation protocols.

Leveraging Deep Learning to Fingerprint Spoof Detectors: Hitherto and Futuristic Perspectives

Fingerprints being the most widely employed biometric trait, due to their high acceptability and low sensing cost, have replaced the traditional methods of human authentication. Although, the deployment of these biometrics-based recognition systems is accelerating, they are still susceptible to spoofing attacks where an attacker presents a fake artifact generated from silicone, candle wax, gelatin, etc. To safeguard sensor modules from these attacks, there is a requirement of an anti-deception mechanism known as fingerprint spoof detectors (FSD) also known as anti-spoofing mechanisms. A lot of research work has been carried out to design fingerprint anti-spoofing techniques in the past decades and currently, it is oriented towards deep learning (DL)-based modeling. In the field of fingerprint anti-spoofing, since the 2014, the paradigm has shifted from manually crafted features to deep features engineering. Hence, in this study, we present a detailed analysis of the recent developments in DL based FSDs. Additionally, we provide a brief comparative study of standard evaluation protocols that include benchmark anti-spoofing datasets as well as performance evaluation metrics. Although significant progress has been witnessed in the field of DL-based FSDs, still challenges are manifold. Therefore, we investigated these techniques critically to list open research issues along with their viable remedies that may put forward a future direction for the research community. The majority of the research work reveals that deep feature extraction for fingerprint liveness detection demonstrates promising performance in the case of cross-sensor scenarios. Though convolution neural network (CNN) models extract deep-level features to improve the classification accuracy, their increased complexity and training overhead is a tradeoff between both the parameters. Furthermore, enhancing the performance of presentation attack detection (PAD) techniques in the cross-material scenario is still an open challenge for researchers.

Toward Generalizable Facial Presentation Attack Detection Based on the Analysis of Facial Regions

Toward Generalizable Facial Presentation Attack Detection Based on the Analysis of Facial Regions

Unknown Face Presentation Attack Detection via Localized Learning of Multiple Kernels

Unknown Face Presentation Attack Detection via Localized Learning of Multiple Kernels

Synthetic ID Card Image Generation for Improving Presentation Attack Detection

Currently, it is ever more common to access online services for activities which formerly required physical attendance. From banking operations to visa applications, a significant number of processes have been digitised, especially since the advent of the COVID-19 pandemic, requiring remote biometric authentication of the user. On the downside, some subjects intend to interfere with the normal operation of remote systems for personal profit by using fake identity documents, such as passports and ID cards. Deep learning solutions to detect such frauds have been presented in the literature. However, due to privacy concerns and the sensitive nature of personal identity documents, developing a dataset with the necessary number of examples for training deep neural networks is challenging. This work explores three methods for synthetically generating ID card images to increase the amount of data while training fraud-detection networks. These methods include computer vision algorithms and Generative Adversarial Networks. Our results indicate that databases can be supplemented with synthetic images without any loss in performance for the print/scan Presentation Attack Instrument Species (PAIS) and a loss in performance of 1% for the screen capture PAIS.

Late Deep Fusion of Color Spaces to Enhance Finger Photo Presentation Attack Detection in Smartphones

Finger photo recognition represents a promising touchless technology that offers portable and hygienic authentication solutions in smartphones, eliminating physical contact. Public spaces, such as banks and staff-less stores, benefit from contactless authentication considering the current public health sphere. The user captures the image of their own finger by using the camera integrated in a mobile device. Although recent research has pushed boundaries of finger photo matching, the security of this biometric methodology still represents a concern. Existing systems have been proven to be vulnerable to print attacks by presenting a color paper-printout in front of the camera and photo attacks that consist of displaying the original image in front of the capturing device. This paper aims to improve the performance of finger photo presentation attack detection (PAD) algorithms by investigating deep fusion strategies to combine deep representations obtained from different color spaces. In this work, spoofness is described by combining different color models. The proposed framework integrates multiple convolutional neural networks (CNNs), each trained using patches extracted from a specific color model and centered around minutiae points. Experiments were carried out on a publicly available database of spoofed finger photos obtained from the IIITD Smartphone Finger photo Database with spoof data, including printouts and various display attacks. The results show that deep fusion of the best color models improved the robustness of the PAD system and competed with the state-of-the-art.