ABSTRACT
A popular method of face identification is the use of local binary pattern (LBP) histograms. In this method, a face image is partitioned into regions, and a histogram of features is produced for each region; faces are compared by measuring the similarity of their histograms through statistics such as chi-square score or K-L divergence. Comparison of histograms, however, is particularly prone to exploitation via a negative-number bug if coded naively. This allows a surprisingly precise and powerful attack: if an adversary can alter a histogram to change a single zero to a negative number of appropriate magnitude, the change will induce a negligible difference in matching under ordinary use, but match an attacker to an intended victim if the attacker briefly displays a printed striped pattern to a camera. This tampering is minor and can be inflicted long before the attack, allowing the insertion of a back door in a face recognition system that will behave normally until the moment of exploitation. We exhibit an example of this bug in the wild, in the OpenCV computer vision library, and illustrate the effectiveness of this attack in impersonating multiple victims.
- T. Ahonen, A. Hadid, and M. Pietikainen. Face description with local binary patterns: Application to face recognition. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 28(12):2037--2041, 2006. Google ScholarDigital Library
- S. Craver and A. Farrokh baroughi. The non-trusty clown attack on model-based speaker recognition systems. In SPIE/IS&T Electronic Imaging: Media Watermarking, Security, and Forensics, 2015.Google Scholar
- Z. Goldfarb. As elections near, officials challenge balloting security. Washington Post, January 22, 2006.Google Scholar
- Z. Lingli and L. Jianghuang. Security algorithm of face recognition based on local binary pattern and random projection. In Cognitive Informatics (ICCI), 2010 9th IEEE International Conference on, pages 733--738, July 2010.Google ScholarCross Ref
- W. H. Press, S. A. Teukolsky, W. T. Vetterling, and B. P. Flannery. Numerical Recipes in C (2Nd Ed.): The Art of Scientific Computing. Cambridge University Press, New York, NY, USA, 1992. Google ScholarDigital Library
- The OpenCV project. OpenCV (Open Source Computer Vision), July 2013. http://www.opencv.org/.Google Scholar
Index Terms
- A Negative Number Vulnerability for Histogram-based Face Recognition Systems
Recommendations
Illumination compensation and normalization in eigenspace-based face recognition: A comparative study of different pre-processing approaches
The aim of this work is to investigate illumination compensation and normalization in eigenspace-based face recognition by carrying out an independent comparative study among several pre-processing algorithms. This research is motivated by the lack of ...
On the vulnerability of face verification systems to hill-climbing attacks
In this paper, we use a hill-climbing attack algorithm based on Bayesian adaption to test the vulnerability of two face recognition systems to indirect attacks. The attacking technique uses the scores provided by the matcher to adapt a global ...
Cross-resolution face recognition adversarial attacks
Highlights- The performance of face recognition systems degrades in cross-resolution scenarios.
AbstractFace Recognition is among the best examples of computer vision problems where the supremacy of deep learning techniques compared to standard ones is undeniable. Unfortunately, it has been shown that they are vulnerable to adversarial ...
Comments