3D Morphable Master Face Generation: Towards Controllable Wolf Attacks against 2D and 3D Face Recognition Systems

Siyun Liang; Huy H. Nguyen; Junichi Yamagishi; Isao Echizen

3D Morphable Master Face Generation: Towards Controllable Wolf Attacks against 2D and 3D Face Recognition Systems

Siyun Liang, Huy H. Nguyen, Junichi Yamagishi, Isao Echizen

20 Sept 2023 (modified: 25 Mar 2024)ICLR 2024 Conference Withdrawn SubmissionEveryoneRevisionsBibTeX

Keywords: Master Attack, Wolf Attack, 3D Morphable Face Model

TL;DR: We present the first method to create controllable and morphable 3D master faces, improving effectiveness and flexibility in attacking both 2D and 3D face recognition systems.

Abstract: Biometric authentication systems are facing increasing threats from Artificial Intelligence-Generated Content (AIGC). Previous research has revealed the vulnerability of face authentication systems against master face attacks. These attacks utilize generative models to create facial samples capable of matching multiple registered user templates in the database. In this paper, we present a systematic approach for generating master faces that can compromise both 2D and 3D face recognition systems. Notably, our approach is the first to enable morphable and controllable master face attacks on face authentication systems. Our method generates these 3D master faces using the Latent Variable Evolution (LVE) algorithm with the 3D Face Morphable Model (3DMM). Through comprehensive simulations of simultaneous master face attacks in both white-box, gray-box, and black-box scenarios, we demonstrate the significant threat posed by these 3D master faces to mainstream face authentication systems. Furthermore, we explore the realms of face morphing and facial reenactment in our generated samples, enhancing the efficacy of the master face attack. Compared to existing methods, our approach exhibits superior attack success rates and advanced flexibility, highlighting the importance of defending against master face attacks.

Supplementary Material: zip

Primary Area: societal considerations including fairness, safety, privacy

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 2936

Loading