Some of NIST’s facial analysis evaluations test whether the software can detect impersonation attacks, where a false image is used to gain access to a device or space, or simply to hide someone’s true identity. Presentation attacks can take many forms, such as wearing make-up, holding up a printed photograph, or displaying a digital photograph of another person.
Credit:
M. Ngan, N. Hanacek / NIST
Facial recognition software is commonly used as a gatekeeper to access secure websites and electronic devices, but what if someone could get past it just by wearing a mask that looks like another person’s face? Newly published research from the National Institute of Standards and Technology (NIST) reveals the current state of software designed to detect these types of fraudulent attacks.
The new study appears alongside another that assessed the software’s ability to detect potential problems with a photo or digital facial image, such as for use in a passport. Together, the two NIST publications provide insight into how effectively modern image processing software performs a more important task: facial analysis.
Face analysis is different from face recognition, which may be a more familiar term. In general, the goal of face recognition is to identify a person based on an image, while facial analysis is concerned with characterizing images, such as identifying images that are inherently problematic, whether due to malicious intent or simply errors in photographing.
The two publications are the first on the topic to appear after NIST split its Face Recognition Vendor Test (FRVT) program into two tracks: Face Recognition Technology Evaluation (FRTE) and Face Analysis Technology Evaluation (FATE). Image processing and analysis efforts, as the two new editions do, are now classified under the FATE line. Two-way technology tests are designed to provide information about the capabilities of algorithms to inform developers, end users, standards processes, and policy and decision makers.
“Can a given software algorithm tell you if something is wrong with a face image?” said NIST computer scientist Mei Ngan. “For example, a person’s eyes are closed. The image is blurry. Is the image actually a mask that looks like someone else’s face? These are flaws that some developers claim their software can detect, and the FATE trace is about evaluating these claims.”
Nga is the first author of the study, Facial Analysis Technology Evaluation (FATE) Part 10: Performance of Passive, Software-Based Presentation Attack Detection (PAD) Algorithms which evaluated the ability of facial analysis algorithms to detect whether these problems were evidence of a false attack called PAD. The research team evaluated 82 software algorithms volunteered by 45 unique developers. The researchers challenged the software with two different scenarios. impersonate or attempt to impersonate another specific person; and avoids, or tries to avoid, being like him.
The team evaluated the algorithms with nine types of impersonation attacks, with examples including a person wearing a complex mask designed to mimic another person’s face and other simpler attacks, such as holding a photo of another person up to the camera or wearing an N95 mask. which hides. some wearer’s face.
Results varied widely between PAD algorithms, and Ngan noted one thing: some developers’ algorithms worked well for detecting certain types of presentation attacks on images, but none could detect all attack types tested.
“Only a small percentage of developers can realistically claim to detect certain presentation attacks through software,” he said. “Some developers’ algorithms could catch two or three species, but none caught them all.”
Among other findings was that even the highest performing PAD algorithms worked better in tandem.
“We asked if it would reduce the error rate if you combined the results of different algorithms. It turns out that might be a good idea,” Ngan said. “When we selected four of the best performing algorithms on the simulation test and combined their results, we found that the group performed better than any one of them alone.”
“Only a small percentage of developers can realistically claim to have detected certain presentation attacks using software. Some developers’ algorithms could catch two or three types, but none caught them all.” — May Ngan, NIST computer scientist
The types of algorithms that Ngan and his co-authors evaluated have applications in casinos, for example, where a card counter that has been denied access tries to sneak around. But FATE also evaluates algorithms that serve more mundane purposes, such as checking whether your new passport photo can be rejected. Here’s what the new NIST study’s second, Face Analysis Technology Assessment (FATE) Part 11: Vector Assessment of Face Image Quality. special image defect detection, examined.
“If you walk into a pharmacy and get a passport photo, you want to make sure your application isn’t rejected because there’s a problem with the photo,” said study author Joyce Young, a NIST mathematician. “Blurry photos are an obvious problem, but there can also be issues with the backlight or simply wearing glasses. We have studied algorithms designed to flag issues where the photo does not meet passport requirements.”
The evaluation was the first of its kind on the FATE track, and the NIST team received seven algorithms from five developers. The study evaluated the algorithms on 20 different quality measures, such as underexposure and background uniformity, all based on internationally accepted passport standards.
Yang said all the algorithms have shown mixed results. Each had their own strengths, doing some of the 20 measures better than others. The results will inform a standard that NIST is helping to develop, ISO/IEC 29794-5, which sets guidelines for the quality metrics that the algorithm should check. It Specific image defect detection the results show how well the algorithms perform these checks.
One thing the study didn’t measure was how “good” the picture was, so don’t look for aesthetic judgments from your camera.
“We don’t decide whether the image itself is of good quality,” he said. “We’re just looking to see if the image analysis is correct.”