Presentation attack detection with shuffled patch-wise binary supervision

Abstract

Face recognition systems have been one of the most commonly used biometrics in various different applications, such as mobile payments, smart phone security, and accessing to high-security areas. However, face presentation attacks created by people who obtain biometric data covertly from a person or through hacked systems are among the major threats to face recognition systems. Presentation attacks are easy to make, especially for face presentation attacks, as malicious individuals only need a high-quality face image of any enrolled user to bypass the biometric system. In order to detect these attacks, Convolutional Neural Network (CNN) based systems have gained significant popularity recently. Convolutional Neural Networks provide end-to-end systems for presentation attacks. They also offer fast inference, which is helpful for the biometric systems. However, CNN-based systems need a substantial amount of data to train. It is hard to acquire presentation attacks as for each attack, a human should physically attack to the sensor. Unlike face recognition datasets that utilize millions of face images crawled from the internet, presentation attacks have to be captured explicitly for the dataset. Therefore, publicly available datasets are significantly smaller. As neural networks require massive amount of data to generalize, CNN-based presentation attack detection systems perform very well on intra-dataset experiments. Yet, they fail to generalize to the datasets that they have not been trained on. This indicates that they tend to memorize dataset-specific spoof traces. To mitigate this crucial problem, we propose a new presentation attack detection training approach that combines pixel-wise binary supervision with patch-based Convolutional Neural Networks. We call our method as Deep Patch-wise Supervision Presentation Attack Detection (DPS-PAD). %Our method can be seen as an augmentation method as it only changes how inputs are created. The proposed method combines different patches of different attacks and bona fide images of the dataset and creates a new training data this way. Our experiments show that the proposed patch-based method forces the model not to memorize the background information or dataset-specific traces. We extensively tested the proposed method on widely used presentation attack detection datasets ---Replay-Mobile, OULU-NPU--- and on a real-world dataset that has been collected for real-world presentation attack detection use cases. The proposed approach is found to be superior in challenging experimental setups. Namely, it achieves higher performance on OULU-NPU Protocol 3, 4 and on inter-dataset real-world experiments.