CNNs under attack. On the vulnerability of deep neural networks based face recognition to image morphing

Facial recognition has become a critical constituent of common automatic border control gates. Despite many advances in recent years, face recognition systems remain susceptible to an ever evolving diversity of spoofing attacks. It has recently been shown that high-quality face morphing or splicing can be employed to deceive facial recognition systems in a border control scenario. Moreover, facial morphs can easily be produced by means of open source software and with minimal technical knowledge. The purpose of this work is to quantify the severeness of the problem using a large dataset of morphed face images. We employ a state-of-the-art face recognition algorithm based on deep convolutional neural networks and measure its performance on a dataset of 7260 high-quality facial morphs with varying blending factor. Using the Inception-ResNet-v1 architecture we train a deep neural model on 4 million images to obtain a validation rate of 99.96% at 0.04% false acceptance rate (FAR) on the original, unmodified images. The same model fails to repel 1.13% of all morphing attacks, accepting both the impostor and the document owner. Based on these results, we discuss the observed weaknesses and possible remedies.