An Adversarial Perturbation Approach Against CNN-based Soft Biometrics Detection

The use of biometric-based authentication systems spread over daily life consumer electronics. Over the years, researchers’ interest shifted from hard (such as fingerprints, voice and keystroke dynamics) to soft biometrics (such as age, ethnicity and gender), mainly by using the latter to improve the authentication systems effectiveness. While newer approaches are constantly being proposed by domain experts, in the last years Deep Learning has raised in many computer vision tasks, also becoming the current state-of-art for several biometric approaches. However, since the automatic processing of data rich in sensitive information could expose users to privacy threats associated to their unfair use (i.e. gender or ethnicity), in the last years researchers started to focus on the development of defensive strategies in the view of a more secure and private AI. The aim of this work is to exploit Adversarial Perturbation, namely approaches able to mislead state-of-the-art CNNs by injecting a suitable small perturbation over the input image, to protect subjects against unwanted soft biometrics-based identification by automatic means. In particular, since ethnicity is one of the most critical soft biometrics, as a case of study we will focus on the generation of adversarial stickers that, once printed, can hide subjects ethnicity in a real-world scenario.

[1]  E. K. Loo,et al.  The influence of ethnicity in facial gender estimation , 2018, 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA).

[2]  Thirimachos Bourlai,et al.  Gender and ethnicity classification using deep learning in heterogeneous face recognition , 2016, 2016 International Conference on Biometrics (ICB).

[3]  Bir Bhanu,et al.  Deep Learning for Biometrics , 2017, Advances in Computer Vision and Pattern Recognition.

[4]  Ming Yang,et al.  DeepFace: Closing the Gap to Human-Level Performance in Face Verification , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[5]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  David Zhang,et al.  Automated Biometrics: Technologies and Systems , 2000 .

[7]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[8]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[9]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[10]  Sarah L Desmarais,et al.  Performance of recidivism risk assessment instruments in U.S. correctional settings. , 2016, Psychological services.

[11]  Luc Van Gool,et al.  DEX: Deep EXpectation of Apparent Age from a Single Image , 2015, 2015 IEEE International Conference on Computer Vision Workshop (ICCVW).

[12]  Anil K. Jain,et al.  Fingerprint Spoof Buster: Use of Minutiae-Centered Patches , 2018, IEEE Transactions on Information Forensics and Security.

[13]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[14]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]  Michael S. Bernstein,et al.  ImageNet Large Scale Visual Recognition Challenge , 2014, International Journal of Computer Vision.

[16]  Lujo Bauer,et al.  Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition , 2016, CCS.

[17]  Arun Ross,et al.  Convolutional Neural Networks for Iris Presentation Attack Detection: Toward Cross-Dataset and Cross-Sensor Generalization , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[18]  Kiran B. Raja,et al.  Transferable deep convolutional neural network features for fingervein presentation attack detection , 2017, 2017 5th International Workshop on Biometrics and Forensics (IWBF).

[19]  Paul A. Viola,et al.  Rapid object detection using a boosted cascade of simple features , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[20]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[21]  Xiaogang Wang,et al.  Deep Learning Face Representation by Joint Identification-Verification , 2014, NIPS.

[22]  Derek C. Rose,et al.  Age, Gender, and Fine-Grained Ethnicity Prediction Using Convolutional Neural Networks for the East Asian Face Dataset , 2017, 2017 12th IEEE International Conference on Automatic Face & Gesture Recognition (FG 2017).

[23]  Martín Abadi,et al.  Adversarial Patch , 2017, ArXiv.

[24]  Vitaly Shmatikov,et al.  Privacy-preserving deep learning , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[25]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[26]  Katherine Freeman Algorithmic Injustice: How the Wisconsin Supreme Court Failed to Protect Due Process Rights in State v. Loomis , 2016 .

[27]  John J. Soraghan,et al.  Electrocardiogram (ECG) Biometric Authentication Using Pulse Active Ratio (PAR) , 2011, IEEE Transactions on Information Forensics and Security.

[28]  Michael Carl Tschantz,et al.  Automated Experiments on Ad Privacy Settings , 2014, Proc. Priv. Enhancing Technol..

[29]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[30]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[31]  Vincenzo Piuri,et al.  Biometric Recognition in Automated Border Control , 2016, ACM Comput. Surv..

[32]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[33]  Junbin Gao,et al.  Fingerprint Matching using A Hybrid Shape and Orientation Descriptor , 2011 .

[34]  N. Criado,et al.  Digital Discrimination , 2019, Algorithmic Regulation.

[35]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[36]  Julian Fiérrez,et al.  Soft Biometrics and Their Application in Person Recognition at a Distance , 2014, IEEE Transactions on Information Forensics and Security.

[37]  N. Hamdy,et al.  Soft and hard biometrics fusion for improved identity verification , 2004, The 2004 47th Midwest Symposium on Circuits and Systems, 2004. MWSCAS '04..

[38]  Sungroh Yoon,et al.  Security and Privacy Issues in Deep Learning , 2018, ArXiv.

[39]  Arun Ross,et al.  What Else Does Your Biometric Data Reveal? A Survey on Soft Biometrics , 2016, IEEE Transactions on Information Forensics and Security.

[40]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[41]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[42]  Kouichi Sakurai,et al.  One Pixel Attack for Fooling Deep Neural Networks , 2017, IEEE Transactions on Evolutionary Computation.

[43]  Sergio Escalera,et al.  From Apparent to Real Age: Gender, Age, Ethnic, Makeup, and Expression Bias Analysis in Real Age Estimation , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[44]  Andrew Zisserman,et al.  Deep Face Recognition , 2015, BMVC.

[45]  Musheer Ahmed,et al.  Prediction of Human Ethnicity from Facial Images Using Neural Networks , 2018 .

[46]  Mark S. Nixon,et al.  Soft Biometrics; Human Identification Using Comparative Descriptions , 2014, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[47]  Johannes Peltola,et al.  Soft biometrics - combining body weight and fat measurements with fingerprint biometrics , 2006, Pattern Recognit. Lett..