Generating Master Faces for Use in Performing Wolf Attacks on Face Recognition Systems (2006.08376v1)

Abstract: Due to its convenience, biometric authentication, especial face authentication, has become increasingly mainstream and thus is now a prime target for attackers. Presentation attacks and face morphing are typical types of attack. Previous research has shown that finger-vein- and fingerprint-based authentication methods are susceptible to wolf attacks, in which a wolf sample matches many enrolled user templates. In this work, we demonstrated that wolf (generic) faces, which we call "master faces," can also compromise face recognition systems and that the master face concept can be generalized in some cases. Motivated by recent similar work in the fingerprint domain, we generated high-quality master faces by using the state-of-the-art face generator StyleGAN in a process called latent variable evolution. Experiments demonstrated that even attackers with limited resources using only pre-trained models available on the Internet can initiate master face attacks. The results, in addition to demonstrating performance from the attacker's point of view, can also be used to clarify and improve the performance of face recognition systems and harden face authentication systems.

• The paper demonstrates that master faces can be generated to effectively exploit vulnerabilities in face recognition systems through wolf attacks.
• It leverages a StyleGAN-based latent variable evolution strategy to iteratively optimize facial images against enrolled templates.
• Empirical evaluations report false acceptance rates between 6% and 35%, highlighting significant security risks and the need for robust countermeasures.

Master Faces for Wolf Attacks on Face Recognition Systems

The paper presented in the paper titled "Generating Master Faces for Use in Performing Wolf Attacks on Face Recognition Systems" explores a novel type of biometric vulnerability in face recognition systems, termed as "wolf attacks". These attacks are characterized by the creation of master faces that exhibit high similarity across numerous user templates within the system, thereby compromising the authentication mechanism. Considering the increasing deployment of face authentication systems in various applications including financial services and personal devices, understanding such vulnerabilities becomes crucial.

The authors leverage the StyleGAN, a state-of-the-art generative adversarial network, to synthesize high-quality facial images termed "master faces". These face images are optimized using a process known as latent variable evolution (LVE), which involves the iterative generation and refinement of facial images by optimizing a similarity score against a face recognition system's enrolled templates. The performance of the generated master faces is measured based on their false acceptance rate (FAR) when matched against several face recognition systems.

In empirical evaluations, the authors demonstrate that the proposed method can be executed with minimal resources. Specifically, using publicly available pre-trained models and databases, the paper reports achieving FARs between 6% and 35%, highlighting a significant risk presented by master face attacks in real-world systems. These results underline the ability of even a generic attack vector to achieve substantial compromise across various datasets and systems.

The paper's findings have crucial implications. Practically, they call for revisiting the security protocols of existing face recognition systems, urging the implementation of robust countermeasures such as presentation attack detection mechanisms and media forensics solutions to mitigate the risks associated with biometric systems being fooled by synthetic data. Theoretically, it poses questions about the disparity in the training data of such systems, indicating the need for FR systems to better generalize across diverse datasets and to handle synthetic face samples more effectively.

Looking forward, this work sets the stage for enhancements in both offensive and defensive strategies concerning biometric authentication systems. Further research is warranted to explore the characteristics of master faces and their potential variability across different demographic attributes such as age, race, and gender. Moreover, enhancing the robustness of detection systems against such attacks would be an essential step toward securing face recognition technologies in the broader AI landscape.