TU Darmstadt / ULB / TUbiblio

On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations

Terhörst, Philipp ; Bierbaum, Florian ; Huber, Marco ; Damer, Naser ; Kirchbuchner, Florian ; Raja, Kiran ; Kuijper, Arjan (2022)
On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations.
International Joint Conference on Biometrics (IJCB). Abu Dhabi, UAE (10.10.2022-13.10.2022)
doi: 10.1109/IJCB54206.2022.10007976
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

A MasterFace is a face image that can successfully match against a large portion of the population. Since their generation does not require access to the information of the enrolled subjects, MasterFace attacks represent a potential security risk for widely-used face recognition systems. Previous works proposed methods for generating such images and demonstrated that these attacks can strongly compromise face recognition. However, previous works followed evaluation settings consisting of older recognition models, limited cross-dataset and cross-model evaluations, and the use of low-scale testing data. This makes it hard to state the generalizability of these attacks. In this work, we comprehensively analyse the generalizability of MasterFace attacks in empirical and theoretical investigations. The empirical investigations include the use of six state-of-theart face recognition models, cross-dataset and cross-model evaluation protocols, and utilizing testing datasets of significantly higher size and variance. The results indicate a low generalizability when MasterFaces are training on a different face recognition model than the one used for testing. In these cases, the attack performance is similar to zero-effort imposter attacks. In the theoretical investigations, we define and estimate the face capacity and the maximum MasterFace coverage under the assumption that identities in the face space are well separated. The current trend of increasing the fairness and generalizability in face recognition indicates that the vulnerability of future systems might further decrease. Future works might analyse the utility of MasterFaces for understanding and enhancing the robustness of face recognition models.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2022
Autor(en): Terhörst, Philipp ; Bierbaum, Florian ; Huber, Marco ; Damer, Naser ; Kirchbuchner, Florian ; Raja, Kiran ; Kuijper, Arjan
Art des Eintrags: Bibliographie
Titel: On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations
Sprache: Englisch
Publikationsjahr: 2022
Verlag: IEEE
Buchtitel: 2022 IEEE International Joint Conference on Biometrics
Veranstaltungstitel: International Joint Conference on Biometrics (IJCB)
Veranstaltungsort: Abu Dhabi, UAE
Veranstaltungsdatum: 10.10.2022-13.10.2022
DOI: 10.1109/IJCB54206.2022.10007976
Kurzbeschreibung (Abstract):

A MasterFace is a face image that can successfully match against a large portion of the population. Since their generation does not require access to the information of the enrolled subjects, MasterFace attacks represent a potential security risk for widely-used face recognition systems. Previous works proposed methods for generating such images and demonstrated that these attacks can strongly compromise face recognition. However, previous works followed evaluation settings consisting of older recognition models, limited cross-dataset and cross-model evaluations, and the use of low-scale testing data. This makes it hard to state the generalizability of these attacks. In this work, we comprehensively analyse the generalizability of MasterFace attacks in empirical and theoretical investigations. The empirical investigations include the use of six state-of-theart face recognition models, cross-dataset and cross-model evaluation protocols, and utilizing testing datasets of significantly higher size and variance. The results indicate a low generalizability when MasterFaces are training on a different face recognition model than the one used for testing. In these cases, the attack performance is similar to zero-effort imposter attacks. In the theoretical investigations, we define and estimate the face capacity and the maximum MasterFace coverage under the assumption that identities in the face space are well separated. The current trend of increasing the fairness and generalizability in face recognition indicates that the vulnerability of future systems might further decrease. Future works might analyse the utility of MasterFaces for understanding and enhancing the robustness of face recognition models.

Freie Schlagworte: Biometrics, Machine learning, Deep learning, Face recognition, Attack detection
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Graphisch-Interaktive Systeme
20 Fachbereich Informatik > Mathematisches und angewandtes Visual Computing
Hinterlegungsdatum: 06 Mär 2023 10:33
Letzte Änderung: 08 Aug 2023 15:25
PPN: 510451160
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen