ML based Anti spoofing Methods for Facial Recognition Software

Machine Learning-based Anti spoofing Methods for Facial Recognition Software

Facial-recognition spoofing emerged to combat accurate identification from facial recognition software. For example, Business Insider reported that in 2018 Chinese children started using a photo of a sleeping parent to bypass age and time-limit restrictions for playing popular video games online.

Photos of many people are found on social media. It is sometimes possible to fool facial recognition software with these photos by printing them, using a screenshot, or using the photo for 3D model mapping of full facial representation.

Developers of facial recognition software responded to spoofing attempts by creating various anti-spoofing methods to add more protection when giving access to confidential information. The anti-spoofing procedures make it more difficult for unauthorized persons to bypass facial-identification. This helps reduce fraud.

It seems like facial recognition should be effective; however, vulnerabilities exist. Anti-spoofing methods are used with facial identification to reduce these vulnerabilities. Advanced facial identification systems detect whether a person seeking authorization is alive. This double-check determines if the person is really there or if they are trying to spoof the facial recognition system with a photograph, that is called a 2D presentation attack.

A software product to prevent the spoofing attempts must meet the following criteria:

  • Identify 2D static and dynamic spoofing attempts.
  • Work with image captures.
  • Require minimal interactions from users and create positive UX.
  • Integrate easily with an existing facial recognition system.

Here are five machine learning-based anti-spoofing methods to consider.

Eye-Blinking Detection Method

A very reliable test for a person’s aliveness is detecting eye blinking. Photos do not blink. Humans do blink frequently. The average person blinks about 30 incidences each minute. During blinking, the eyes close for around 250, or so, milliseconds. Video frames rates are around 50, or so, milliseconds per frame with 30 separate frames recorded each second.

A test of a photographed subject being alive is taking a number count of closed eyes in the frames to determine if the amount matches expected averages. Facial landmarks allow a calculation of the blinking eyes area to see if it matches an authorized person’s measurements.

CNN-based Method

Anti-spoofing is enhanced by the ability of convolutional neural networks (CNN) to recognize real people’s faces from spoofs.

The solution relies on the identification of spoof patterns it recognizes out of the data that it uses for training. There is not a specific group of spoofing parameters to rely upon, especially in the beginning.

Look at this example:

These photos are both spoofing attempts. There are different distortions in the images, even not visible by human eye in the left one, but a trained neural network would recognize the spoofing attempt with both photos.

A problem is, the accurate classification is limited to the features learned from training data that may have specific lighting, quality, contrast, and so on. Different real-world conditions will cause inaccuracies and narrow down the use cases.

Challenge-Response Method

This is a useful method for anti-spoofing. The person is asked to perform a specific action or actions, known as a challenge. Then, an analysis of the recorded video is made to see if the person completed the specific challenges.

Challenge actions may include:

  • A smile.
  • An emotional expression, such as sadness or happiness.
  • Certain facial or head movements.

A challenge technique works well; however, it violates our desire to make the person’s interaction minimal, which degrades the person’s experience.

3D Camera-used Method

3D camera gives accurate pixel-depth information and is a very reliable way to differentiate between a live human face and a presentation attack. The challenge for this methodology is that people need to have a 3D camera to use this facial authorization system.

These 3D cameras will become more prolific over the coming years. For now, the anti-spoofing methods need to work with only 2D photography.

Active Flashing Method

The technique uses a flash of light that reflects off the person’s face. The system recognizes an actual reflection from the face of a human compared to a spoofing attempt.
This method compares a frame taken before the flash occurs with one taken along with the flash. The difference between frames makes it possible to separate live and spoofed faces. The methodology works well for certain use cases.
Success Benchmarks

Anti-spoofing Methods Comparison

All of these anti-spoofing methods have certain advantages and disadvantages, below you can see a visualization  of summarized comparison.

While some may be used alone, improvements come from additional complexity and using the anti-spoofing methods in combinations.

The accuracy of an anti-spoofing methodology may be evaluated by analyzing the performance metrics. Two key metrics are the false rejection rate (FRR) and the false acceptance rate (FAR). All biometric identification systems are measured using these two factors.

If the goal of the system is to completely eliminate unauthorized access, then, the FAR needs to be close to zero. However, if the user experience is the most important factor, then, the FRR needs to be zero. In most systems, there is a trade-off between allowing some FAR and some FRR to a level of acceptable tolerance of both.

The success of anti-spoofing methods depends heavily on deep-learning neural networks to create accurate results. The best practices are to combine the anti-spoofing techniques and measure the system outcomes for the desired results. Future innovations in machine learning will improve success in identifying authorized users.

You can watch video explaining how anti-spoofing works

This article has been published from the source link without modifictions to the text. Only the headline has been changed.

Source link