Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

CNNs under attack. On the vulnerability of deep neural networks based face recognition to image morphing

: Wandzik, Lukasz; Vicente-Garcia, Raul; Kaeding, Gerald; Chen, Xi

Postprint urn:nbn:de:0011-n-4646437 (2.3 MByte PDF)
MD5 Fingerprint: 64652fa4a3a26eb512ab63abb363d656
The original publication is available at
Created on: 13.2.2019

Kraetzer, C.:
Digital forensics and watermarking. 16th International Workshop, IWDW 2017 : Magdeburg, Germany, August 23-25, 2017; Proceedings
Cham: Springer International Publishing, 2017 (Lecture Notes in Computer Science 10431)
ISBN: 978-3-319-64184-3 (Print)
ISBN: 978-3-319-64185-0 (Online)
International Workshop on Digital Forensics and Watermarking (IWDW) <16, 2017, Magdeburg>
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
147184; ANANAS
Conference Paper, Electronic Publication
Fraunhofer IPK ()
face recognition; biometric spoofing; face morphing; deep learning

Facial recognition has become a critical constituent of common automatic border control gates. Despite many advances in recent years, face recognition systems remain susceptible to an ever evolving diversity of spoofing attacks. It has recently been shown that high-quality face morphing or splicing can be employed to deceive facial recognition systems in a border control scenario. Moreover, facial morphs can easily be produced by means of open source software and with minimal technical knowledge. The purpose of this work is to quantify the severeness of the problem using a large dataset of morphed face images. We employ a state-of-the-art face recognition algorithm based on deep convolutional neural networks and measure its performance on a dataset of 7260 high-quality facial morphs with varying blending factor. Using the Inception-ResNet-v1 architecture we train a deep neural model on 4 million images to obtain a validation rate of 99.96% at 0.04% false acceptance rate (FAR) on the original, unmodified images. The same model fails to repel 1.13% of all morphing attacks, accepting both the impostor and the document owner. Based on these results, we discuss the observed weaknesses and possible remedies.