Stegano-Morphing: Concealing Attacks on Face Identification Algorithms

Abstract

Face identification is becoming a well-accepted technology for access control applications, both in the real or virtual world. Systems based on this technology must deal with the persistent challenges of classification algorithms and the impersonation attacks performed by people who do not want to be identified. Morphing is often selected to conduct such attacks since it allows the modification of the features of an original subject's image to make it appear as someone else. Publications focus on impersonating this other person, usually someone who is allowed to get into a restricted place, building, or software app. However, there is no list of authorized people in many other applications, just a blacklist of people no longer allowed to enter, log in, or register. In such cases, the morphing target person is not relevant, and the main objective is to minimize the probability of being detected. In this paper, we present a comparison of the identification rate and behavior of six recognizers (Eigenfaces, Fisherfaces, LBPH, SIFT, FaceNet, and ArcFace) against traditional morphing attacks, in which only two subjects are used to create the altered image: the original subject and the target. We also present a new morphing method that works as an iterative process of gradual traditional morphing, combining the original subject with all the subjects' images in a database. This method multiplies by four the chances of a successful and complete impersonation attack (from 4% to 16%), by deceiving both face identification and morphing detection algorithms simultaneously