Terhörst, Philipp ; Bierbaum, Florian ; Huber, Marco ; Damer, Naser ; Kirchbuchner, Florian ; Raja, Kiran ; Kuijper, Arjan (2022)
On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations.
International Joint Conference on Biometrics (IJCB). Abu Dhabi, UAE (10.10.2022-13.10.2022)
doi: 10.1109/IJCB54206.2022.10007976
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
A MasterFace is a face image that can successfully match against a large portion of the population. Since their generation does not require access to the information of the enrolled subjects, MasterFace attacks represent a potential security risk for widely-used face recognition systems. Previous works proposed methods for generating such images and demonstrated that these attacks can strongly compromise face recognition. However, previous works followed evaluation settings consisting of older recognition models, limited cross-dataset and cross-model evaluations, and the use of low-scale testing data. This makes it hard to state the generalizability of these attacks. In this work, we comprehensively analyse the generalizability of MasterFace attacks in empirical and theoretical investigations. The empirical investigations include the use of six state-of-theart face recognition models, cross-dataset and cross-model evaluation protocols, and utilizing testing datasets of significantly higher size and variance. The results indicate a low generalizability when MasterFaces are training on a different face recognition model than the one used for testing. In these cases, the attack performance is similar to zero-effort imposter attacks. In the theoretical investigations, we define and estimate the face capacity and the maximum MasterFace coverage under the assumption that identities in the face space are well separated. The current trend of increasing the fairness and generalizability in face recognition indicates that the vulnerability of future systems might further decrease. Future works might analyse the utility of MasterFaces for understanding and enhancing the robustness of face recognition models.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2022 |
Autor(en): | Terhörst, Philipp ; Bierbaum, Florian ; Huber, Marco ; Damer, Naser ; Kirchbuchner, Florian ; Raja, Kiran ; Kuijper, Arjan |
Art des Eintrags: | Bibliographie |
Titel: | On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations |
Sprache: | Englisch |
Publikationsjahr: | 2022 |
Verlag: | IEEE |
Buchtitel: | 2022 IEEE International Joint Conference on Biometrics |
Veranstaltungstitel: | International Joint Conference on Biometrics (IJCB) |
Veranstaltungsort: | Abu Dhabi, UAE |
Veranstaltungsdatum: | 10.10.2022-13.10.2022 |
DOI: | 10.1109/IJCB54206.2022.10007976 |
Kurzbeschreibung (Abstract): | A MasterFace is a face image that can successfully match against a large portion of the population. Since their generation does not require access to the information of the enrolled subjects, MasterFace attacks represent a potential security risk for widely-used face recognition systems. Previous works proposed methods for generating such images and demonstrated that these attacks can strongly compromise face recognition. However, previous works followed evaluation settings consisting of older recognition models, limited cross-dataset and cross-model evaluations, and the use of low-scale testing data. This makes it hard to state the generalizability of these attacks. In this work, we comprehensively analyse the generalizability of MasterFace attacks in empirical and theoretical investigations. The empirical investigations include the use of six state-of-theart face recognition models, cross-dataset and cross-model evaluation protocols, and utilizing testing datasets of significantly higher size and variance. The results indicate a low generalizability when MasterFaces are training on a different face recognition model than the one used for testing. In these cases, the attack performance is similar to zero-effort imposter attacks. In the theoretical investigations, we define and estimate the face capacity and the maximum MasterFace coverage under the assumption that identities in the face space are well separated. The current trend of increasing the fairness and generalizability in face recognition indicates that the vulnerability of future systems might further decrease. Future works might analyse the utility of MasterFaces for understanding and enhancing the robustness of face recognition models. |
Freie Schlagworte: | Biometrics, Machine learning, Deep learning, Face recognition, Attack detection |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Graphisch-Interaktive Systeme 20 Fachbereich Informatik > Mathematisches und angewandtes Visual Computing |
Hinterlegungsdatum: | 06 Mär 2023 10:33 |
Letzte Änderung: | 08 Aug 2023 15:25 |
PPN: | 510451160 |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |