Poster Paper Proc. of Int. Conf. on Advances in Computer Engineering 2011
Face Recognition Systems under Spoofing Attack Zahid Akhtar1, Nasir Alfarid2, and Sandeep Kale3 1
3
Dept. of Electrical and Electronic Engineering University of Cagliari, Cagliari, Italy Email: z.momin@diee.unica.it 2 Cognizant Technology Solutions, Hyderabad, India Dept. of Electronic Science, University of Pune, Pune, India biometric system is that it does not require much cooperation from user and the acquisition process is simpler and cheaper than the acquisition of other biometric traits such as the fingerprint or the iris. Each biometric trait used for authentication process is supposed to pose attributes like uniqueness, universality, acceptability and hard to forge [1]. However, recent researches have shown that an impostor can steal, copy, capture and reproduce the biometric traits without the consent of genuine user to attack the biometric systems [4-6]. For example, taking a picture of a person without his/her awareness. This kind of attack is called spoofing or direct attack which is carried out at sensor level. The most important point about this kind of attack is that it does not require any information about the system’s internal operational mechanism. For instance, 60% false acceptance rate on fingerprint system was reported in [6], when spoofing attacks were created by using gum and gelatin. As a possible solution, most researchers suggest is to carry out “liveness detection” at sensors [7]. Liveness detection denotes the methods used to discriminate real human traits (live or nonlive) from synthetic human traits. According to literature review, no effective liveness detection method exists, so far. Moreover, when the system is coupled with liveness detection methods it increases false rejection rate: percentage of genuine users being rejected as impostor. The contribution of this paper is three folds. First, comparative study of robustness of individual face recognition algorithms under spoofing attack. Second, robustness of three multi-algorithm based face recognition systems under spoofing attack. Third, use of quality measure of biometric samples to improve robustness of the systems against spoofing attack.
Abstract—Face recognition system is one of the most successful application of computer vision, which has been deployed largely in recent years. In last decade, several algorithms for face recognition have been proposed in the literature. To increase reliability of face recognition systems, the systems must be able to differentiate between real genuine faces and fake faces (spoofed faces). In this paper, we investigate the robustness under spoofing attack of the well-known face recognition algorithms: PCA (Principal Component Analysis), LDA (Linear Discriminant Analysis) and EBGM (Elastic Bunch Graph Matching). In particular, we analyze the robustness of fusion of multiple face recognition algorithms with quality of face image samples. Experimental results show that these algorithms are very vulnerable to spoofing attacks. However, robustness can be improved by fusing multiple algorithms. We found that fusion of diverse category based algorithms ameliorate robustness of the system higher than fusion of algorithms of the same category. We also found that utilizing quality information improves the robustness of face recognition systems against spoofing attacks. Robustness increases as the number of sources of information being fused increases. Index Terms— Face recognition, Computer vision, Biometrics, Spoofing attacks
I. INTRODUCTION Biometrics, that recognize or identify a person based on his or her physiological or behavioral characteristics such as face, fingerprint and so on, has been widely accepted by individuals and governments due to the increasing requirement for security [1-3]. Biometrics has the potential to accurately distinguish between an authorized person and an impostor. A face based recognition system is a computer vision application to identify or to verify automatically a person from a image or a video source by comparing selected facial features from the image and a facial database. In recent years, due to exponential growth in requirement of security, face recognition system has been largely employed and received significant attention. Several researchers in computer vision, biometrics, pattern recognition, machine learning and human-machine interface communities have been focusing their research to face recognition. In high-tech information era, face recognition has become a popular area of research because of it’s prospective practical utilization in access control, surveillance, information safety, multimedia communication, law enforcement and human-machine interface etc. The main advantage of face recognition based
II. FACE RECOGNITION SYSTEMS A. Principal Component Analysis (PCA) Principal component analysis (PCA) has been adopted widely in face recognition field because of it’s dimensionality reduction ability. Let X be a n-dimensional feature vector. In our case, n is equal to the number of pixel of each face image. Principal Component Analysis [8, 9] is defined by the following linear transformation: Yi =Wtxi
Where xi X n,i=1,…m (m samples) and W is a ndimensional matrix whose columns are eigenvectors associated to the eigenvalues computed as follows:
ei = Sei
1
corresponding author: Zahid Akhtar, University of Cagliari, Italy. Email: z.momin@diee.unica.it
© 2011 ACEEE DOI: 02.ACE.2011.02. 132
(1)
The total scatter matrix S is defined as: 155
(2)
Poster Paper Proc. of Int. Conf. on Advances in Computer Engineering 2011
m
S (x i )(x i ) t
(3)
i1
where is the mean image of all samples. Since obtained eigenvectors have the same dimension as the original images, they are know as “eigenfaces”.
Third, elastic bunch graphs matching: Matching a FBG on a new image is done by maximizing a graph similarity between an image graph and the FBG of identical pose. It depends on the jet similarities and a topography term, which takes into account the distortion of the image grid relative to the FBG grid. For an image graph GI with nodes n = 1,…, N and edges e =1,…, E and an FBG B with model graphs m =1,…, M the similarity is defined as
B. Linear Discriminant Analysis (LDA) Linear dicriminant analysis also know as Fisher Linear Discriminant (FLD) is computed as transformation as follows in such a way that the ratio of the between-class scatter and the within-class scatter is maximized [10]: yi = Wtxi (4) The columns of W are the eigenvectors of where Sw is the within-class scatter matrix, and Sb is the betweenclass scatter matrix. The matrices are computed as follows: c
mj
Sw (x ij j )(x ij j ) t
where determines the relative importance of jet similarities and the topography term. Jn are the jets at node n and are the distance vectors used as labels at edges e. After having extracted model graphs from the gallery images and image graphs from the probe images, recognition is done by comparing an image graph to all model graphs and selecting the one with the highest similarity value. The similarity function used for comparing graphs is an average over the similarities between pairs of corresponding jets. More details of this algorithm can be found in [13].
(5)
j 1 i 1
where xij is the i-th pattern of j-th class, and nj is number of patterns for the j-th class while c and m are the number of classes and samples, respectively. c
S b (n j )(n j ) t
(6)
j 1
Let y and t be input image and template, respectively, of the claimed identity, both feature vector of length k. Then we can calculate the matching score by PCA and LDA as euclidean distance [11-12]:
D. Multi-algorithm based face recognition system Fusion of multiple biometric algorithms is a reasonable and powerful solution aimed to increase the performance of the personal verification systems [14]. In this study we used score-level fusion with sum rule. Sum rule was adopted because, in general, face image input to the systems tends to be noisy and sum rule outperforms other fusion rules for noisy data [15]. Several researches have shown that the quality of biometric samples has a significant impact on the performance improvement of the system [16]. Hence, we also studied the quality measure of face images with fusion of algorithms.
k
score t y
(x
i
yi )2
(7)
i1
C. Elastic Bunch Graph Matching (EBGM) This method fits an Elastic Bunch Graph to the facial image [13]. The method involves following three main steps. First, at each landmark location, a bunch of Gabor Jets is defined, which consists of 40 different Gabor features. Gabor features can be calculated using a convolution with a Gabor filter, with different orientations and frequencies. A jet describes a small patch of grey values in an image around a given pixel and defined as follows:
where is the wave vector and = 2. Second, A labeled graph G representing a face consists of N nodes connected by E edges is generated. The nodes are located at facial landmarks called fiducial points, e.g., the pupils, the corners of the mouth, the tip of the nose, the top and bottom of the ears, etc. A representative set of M individual model graphs G B m (m = 1,…, M) into stack like structure called a face bunch graph (FBG). A set of jets referring to one fiducial point is called a bunch. The corresponding FBG B is then given the same grid structure as the individual graphs, its nodes are labeled with the bunches of jets JnBm and its edges are labeled with the average distances: © 2011 ACEEE DOI: 02.ACE.2011.02.132
(b) Figure 1. Score fusion scheme adopted in this paper: System (a) without quality measure (b) with quality measure; T stands for decision threshold.
156
Poster Paper Proc. of Int. Conf. on Advances in Computer Engineering 2011 III. EPERIMENTAL RESULTS
TABLE I. FAR(%) OF THE THREE INDIVIDUAL FACE RECOGNITION SYSTEMS WHEN THE FACE IS SPOOFED, AT THREE OPERATIONAL POINTS.
A. Experimental Setup Since no face data set including spoofing attack samples are available publicly. Therefore, we used Essex face data set [17] and created spoofing attacks. The data set used in the experiments contains face images of 100 individuals, with 10 genuine samples and 10 fake samples (spoofing attacks) per individual. Spoofed face images were created with a “photo attack” method [18]. We put in front of the camera the photo of each individual, displayed on a laptop screen. We used the IQM algorithm of [19] to measure the face image quality. The IQM software calculates a quality measure using the modulation transfer function (MTF) of an image. All the scores were normalized using the hyperbolic tangent method [20]. Using the above mentioned face recognition algorithms, we built three different multi-algorithm based face recognition systems by pairing these algorithms in all possible ways. The resulting systems are therefore PCA - LDA system (denoting the system with Principal Component Analysis and Linear Discriminant Analysis), PCA – EBGM, and LDA – EBGM systems. In our experiments, in order to focus on the effect of spoofing attacks under the optimal configuration of the system, the decision thresholds for the considered operational points and the parameters were evaluated on the whole data sets. In particular, the decision thresholds were evaluated on the original data sets (without spoofing attack samples), while the performance of the systems under attack was evaluated by replacing impostor score with respective spoofed score. The false acceptance rate (FAR) is the fraction of impostors being accepted as genuine users, to provide high security biometric systems operate at a low FAR operational point. To investigate the robustness issue, we evaluated the increase of the FAR due to spoofing attacks at 0%, 0.01% and 0.1% FAR operational points, known as the lowest threshold values that result into FAR on training data equal, respectively, to the operational points.
C. Multi-algorithm based face recognition system We report results obtained under spoofing attack, on three multi-algorithms face recognition systems in Table II (without quality measure of face image samples) and Table III (with quality measure of face image samples). Many empirical studies have shown that information fusion in biometrics or in computer vision improves the TABLE II FAR(%) OF THE THREE MULTI-ALGORITHM BASED FACE RECOGNITION SYSTEMS WHEN THE FACE IS SPOOFED, AT THREE OPERATIONAL POINTS WITHOUT QUALITY MEASURE
TABLE I. FAR(%) OF THE THREE MULTI-ALGORITHM BASED FACE RECOGNITION SYSTEMS WHEN THE FACE IS SPOOFED, AT THREE OPERATIONAL POINTS WITH QUALITY MEASURE.
performance of the system [14]. Our result show that fusion of different face recognition algorithms not only improves the accuracy of the system under normal operational condition (absence of spoofing attacks) but also enhance the robustness of the system against spoofing attacks. For instance, at 0.1 % FAR operational point, the FAR under spoofing attack in LDA individual algorithm (Table I) is 21.93 % while it is 18.44 %, when LDA is fused with EBGM (multialgorithm system, Table II). Similar effect can be seen on different systems and at different operational points. In Table II, It can be observed that LDA-EBGM system is most robust among three multi-algorithm based face recognition systems, then PCA-EBGM is robust and least robust one is PCA-LDA. It means, fusion of diverse sources of information (LDAEBGM, PCA-EBGM) ameliorate robustness of the system better than fusion of sources of same type (PCA-LDA). As LDA and PCA are the holistic methods while EBGM is feature based method. Several researches have shown that the quality of biometric samples has a significant impact on the performance improvement of the system [16]. Results on three systems with quality measure of face images (Table III) show that robustness of the system against spoofing attack is better than system without quality measure (Table II). Hence, quality
B. Individual Face Recognition Algorithms We report results obtained under spoofing attack, on individual face recognition systems in Table I. The three face recognition algorithms are vulnerable to spoofing attacks. For instance, from the Table I, it can been seen that even at 0.1% FAR operational point the FAR under attack attained value up to 26.30%. Results show that LDA is most robust among the algorithms being studied because of it’s inherent characteristic of finding a base of vectors providing the best discrimination among the classes, trying to maximize the between-class differences, minimizing the within-class ones. In our experiment, PCA is the least resilient to spoofing attacks, as it deals with the input data in their entirety, without paying any attention for the underlying structure while EBGM is more resilient than PCA, as it also considers the non-linear characteristics for transformation.
© 2011 ACEEE DOI: 02.ACE.2011.02. 132
157
Poster Paper Proc. of Int. Conf. on Advances in Computer Engineering 2011 measure can also play important role in amplifying the robustness of the systems against spoofing attacks. Comparison of reported results in Tables II and III show that robustness of the systems against spoof attacks increases as the number of sources being fused increases. This phenomenon is materialized due to the effective variance reduction of the final fused scores with respect to the variance of the original scores [21].
[5] X. He, Y. Lu, P. Shi, “A Fake Iris Detection Method Based on FFT and Quality Assessment”, Proc. Chinese Conf. on Pattern Recognition, pp. 316-319, 2008. [6] T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, “Impact of Artificial Gummy Fingers on Fingerprint Systems”, Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 of Proc. of SPIE, pp. 275-289, 2002. [7] Kollreider, K., Fronthaler, H., Bigun, J., “Non-intrusive liveness detection by face images”, J. of Image Vision Comput, vol. 27, no. 3, pp. 233-244, 2009. [8] M. Turk, and A. Pentland,” Eigenfaces for face recognition”, Journal of Cognitive Neuroscience, vol. 3 no.1, pp. 71-86, 1991. [9] Kyungnam Kim, “Face recognition using principal component analysis”, Department of Computer Science, University of Maryland, College Park, MD 20742, USA. [10] W. Zhao, R. Chellappa, A. Krishnaswamy,” Discriminant analysis of principal components for face recognition”, Proc. IEEE Conf. Comput. Vis. Patt. Recogn, pp 336-341, 1998. [11] V. Perlibakas, “Distance measures for PCA-based face recognition”, Pattern Recognition Lett., vol. 25, no. 6, pp. 711-724, 2004. [12] Ming-Yuan Shieh, Choung-Ming Hsieh, Jian-Yuan Chen, Juing - Shian Chiou, “PCA and LDA based Fuzzy Face Recognition System”, SICE Annual Conference 2010, pp. 18-21, August 2010. [13] Laurenz Wiskott, Jean-Marc Fellous, Norbert Krüger, and Christoph von der Malsburg, “Face Recognition by Elastic Bunch Graph Matching”, IEEE Tran. PAMI, vol. 19, no. 7, july 1997. [14] A. Ross, K. Nandakumar, A.K. Jain (Eds.), Handbook of multibiometrics, Springer, 2006. [15] J. Kittler, M. Hatef, R. Duin, and J. Matas, “On Combining Classifiers”, IEEE Trans. on Pattern Analysis and Machine Intelligence, vol. 20, no. 3, pp. 226-239, Mar 1998. [16] J. Fierrez-Aguilar, Y. Chen, J. Ortega-Garcia and A. K. Jain, “Incorporating image quality in multi-algorithm fingerprint verification”, Proc. International Conference on Biometrics (ICB), pp. 213-220, january, 2006. [17] http://dces.essex.ac.uk/mv/allfaces/index.html [18] G. Pan, Z. Wu and L. Sun, “Liveness detection for face recognition”, Recent Advances in Face Recognition, pp. 236-252, 2008. [19] http://www.mitre.org/tech/mtf/ [20] A. Ross, K. Nandakumar, A.K. Jain, Ó Handbook of MultibiometricsÓ, Springer, 2006. [21] Norman Poh, Samy Bengio, “Why Do Multi-Stream, MultiBand and Multi-Modal Approaches Work on Biometric User Authentication Tasks?”, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing, pp. 893-896, 2004.
CONCLUSIONS Our empirical investigation on real spoofing attack samples verify that face recognition systems are not intrinsically robust against spoofing attacks. PCA is most robust among LDA, PCA and EBGM face recognition algorithms. Robustness of the face recognition system can be improved by using more than one face matching algorithms. Fusing diverse category based face recognition algorithms mitigate spoofing attacks better than fusion of the same category based face recognition systems. Further resiliency enhancement of the system against spoofing attacks can be achieved by using quality measure of face image. Robustness goes on increasing with the increase of sources of information being fused. In the future, we will analyze the robustness of the state-of-the-art 2D and 3D face recognition systems by constructing proper large data set containing spoofing attacks fabricated by several different spoofing techniques. REFERENCES [1] A. K. Jain, A. Ross and S. Prabhakar, “An Introduction to Biometric Recognition”, IEEE Tran. on Circuits and Systems for Video Tech. Sp. Issue on Image- and Video-Based Biometrics, vol. 14, no. 1, pp. 4-20, January 2004. [2] G. L. Marcialis and Fabio Roli, “High security fingerprint verification by perceptron-based fusion of multiple matchers”, 5th Int. Workshop on Multiple Classifiers Systems (MCS04), vol. 3077, pp. 364-373, April 2004 [3] Nalini Ratha and Venu Govindaraju (Editors), “Advances in Biometrics: Sensors, Systems and Algorithms”, Springer, Oct 2007. [4] Y. Kim, J. Na, S. Yoon, J. Yi, “Masked Fake Face Detection using Radiance Measurements”, J. Opt. Soc. Am. - A, vol. 26, no. 4, pp. 760-766, 2009.
© 2011 ACEEE DOI: 02.ACE.2011.02.132
158