skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Inverting Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models
Authentication systems are vulnerable to model inversion attacks where an adversary is able to approximate the inverse of a target machine learning model. Biometric models are a prime candidate for this type of attack. This is because inverting a biometric model allows the attacker to produce a realistic biometric input to spoof biometric authentication systems. One of the main constraints in conducting a successful model inversion attack is the amount of training data required. In this work, we focus on iris and facial biometric systems and propose a new technique that drastically reduces the amount of training data necessary. By leveraging the output of multiple models, we are able to conduct model inversion attacks with 1/10th the training set size of Ahmad and Fuller (IJCB 2020) for iris data and 1/1000th the training set size of Mai et al. (Pattern Analysis and Machine Intelligence 2019) for facial data. We denote our new attack technique as structured random with alignment loss.  more » « less
Award ID(s):
2141033
PAR ID:
10420391
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2022 IEEE Interational Joint Conference on Biometrics
Page Range / eLocation ID:
1 to 11
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 2022 Symposium on Eye Tracking Research and Applications)
    Iris-based biometric authentication is a wide-spread biometric modality due to its accuracy, among other benefits. Improving the resistance of iris biometrics to spoofing attacks is an important research topic. Eye tracking and iris recognition devices have similar hardware that consists of a source of infra-red light and an image sensor. This similarity potentially enables eye tracking algorithms to run on iris-driven biometrics systems. The present work advances the state-of-the-art of detecting iris print attacks, wherein an imposter presents a printout of an authentic user’s iris to a biometrics system. The detection of iris print attacks is accomplished via analysis of the captured eye movement signal with a deep learning model. Results indicate better performance of the selected approach than the previous state-of-the-art. 
    more » « less
  2. ; ; ; ; ; (, IEEE)
    Attackers are increasingly using model inversion attacks, in which the outputs of the model can be used to reconstruct confidential or private information to target machine learning models, especially those that handle sensitive financial data. We propose an attack model that exploits the output of classification models to infer details about the training data. We implement our experiments on the HPCC Systems platform. HPCC Systems is known for its robust data processing capabilities. Our approach systematically exploits the output of financial data-based classification models to reconstruct sensitive attributes, thereby demonstrating the potential risks and vulnerabilities resulting from an attack. In our research, we also have tested some defensive strategies to secure the model against inversion attack. 
    more » « less
  3. ; ; ; ; (, International Joint Conference on Biometrics (IJCB))
    Reliability and accuracy of iris biometric modality has prompted its large-scale deployment for critical applications such as border control and national ID projects. The extensive growth of iris recognition systems has raised apprehensions about susceptibility of these systems to various attacks. In the past, researchers have examined the impact of various iris presentation attacks such as textured contact lenses and print attacks. In this research, we present a novel presentation attack using deep learning based synthetic iris generation. Utilizing the generative capability of deep convolutional generative adversarial networks and iris quality metrics, we propose a new framework, named as iDCGAN (iris deep convolutional generative adversarial network) for generating realistic appearing synthetic iris images. We demonstrate the effect of these synthetically generated iris images as presentation attack on iris recognition by using a commercial system. The state-of-the-art presentation attack detection framework, DESIST is utilized to analyze if it can discriminate these synthetically generated iris images from real images. The experimental results illustrate that mitigating the proposed synthetic presentation attack is of paramount importance. 
    more » « less
  4. ; ; (, IEEE Transactions on Dependable and Secure Computing)
    With the advances in deep learning, speaker verification has achieved very high accuracy and is gaining popularity as a type of biometric authentication option in many scenes of our daily life, especially the growing market of web services. Compared to traditional passwords, “vocal passwords” are much more convenient as they relieve people from memorizing different passwords. However, new machine learning attacks are putting these voice authentication systems at risk. Without a strong security guarantee, attackers could access legitimate users’ web accounts by fooling the deep neural network (DNN) based voice recognition models. In this article, we demonstrate an easy-to-implement data poisoning attack to the voice authentication system, which cannot be captured effectively by existing defense mechanisms. Thus, we also propose a more robust defense method called Guardian, a convolutional neural network-based discriminator. The Guardian discriminator integrates a series of novel techniques including bias reduction, input augmentation, and ensemble learning. Our approach is able to distinguish about 95% of attacked accounts from normal accounts, which is much more effective than existing approaches with only 60% accuracy. 
    more » « less
  5. ; (, IEEE)
    Iris biometric systems offer non-contact authentication, particularly advantageous in controlled environments such as security checkpoints. However, challenges arise in less controlled scenarios such as standoff biometrics where captured images mostly are non-ideal including off-angle. This paper addresses the need for iris recognition models adaptable to various gaze angles by proposing a blink detection algorithm as an additional feature. The study explores different blink detection methods including involving logistic regression, random forest, and deep learning models. For the first methodology, logistic regression and a random forest model were used to classify eye images into four different blink classes. The second methodology involved labeling eye openness percentage. The ground-truth eye blink was calculated using facial landmarks detected by the MediaPipe model. For the deep learning approach, we used a pre-trained Convolutional Neural Network (CNN) model by replacing the output layer with a regression layer. Results show improved precision and recall when incorporating height and width features for the regression model. The AlexNet model achieves superior performance, reaching 90% accuracy with a 10 % error threshold. This research contributes valuable insights for developing robust iris recognition models adaptable to diverse gaze angles. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email