Accurate and Robust Neural Networks for Security Related Applications Exampled by Face Morphing Attacks

TL;DR

This paper investigates how training data modifications affect neural network accuracy and robustness against face morphing attacks, aiming to improve security in biometric systems.

Contribution

It introduces a systematic analysis of data alterations to enhance neural network robustness against semantic and black box attacks in face recognition.

Findings

Data modifications can improve robustness against morphing attacks.

Certain training alterations maintain high accuracy while increasing security.

Analysis provides insights into data-driven defense strategies.

Abstract

Artificial neural networks tend to learn only what they need for a task. A manipulation of the training data can counter this phenomenon. In this paper, we study the effect of different alterations of the training data, which limit the amount and position of information that is available for the decision making. We analyze the accuracy and robustness against semantic and black box attacks on the networks that were trained on different training data modifications for the particular example of morphing attacks. A morphing attack is an attack on a biometric facial recognition system where the system is fooled to match two different individuals with the same synthetic face image. Such a synthetic image can be created by aligning and blending images of the two individuals that should be matched with this image.