t-EER: Parameter-Free Tandem Evaluation of Countermeasures and Biometric
Comparators
- URL: http://arxiv.org/abs/2309.12237v1
- Date: Thu, 21 Sep 2023 16:30:40 GMT
- Title: t-EER: Parameter-Free Tandem Evaluation of Countermeasures and Biometric
Comparators
- Authors: Tomi Kinnunen, Kong Aik Lee, Hemlata Tak, Nicholas Evans, Andreas
Nautsch
- Abstract summary: Presentation attack (spoofing) detection (PAD) typically operates alongside biometric verification to improve reliablity in the face of spoofing attacks.
We introduce a new metric for the joint evaluation of PAD solutions operating in situ with biometric verification.
- Score: 27.452032643800223
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Presentation attack (spoofing) detection (PAD) typically operates alongside
biometric verification to improve reliablity in the face of spoofing attacks.
Even though the two sub-systems operate in tandem to solve the single task of
reliable biometric verification, they address different detection tasks and are
hence typically evaluated separately. Evidence shows that this approach is
suboptimal. We introduce a new metric for the joint evaluation of PAD solutions
operating in situ with biometric verification. In contrast to the tandem
detection cost function proposed recently, the new tandem equal error rate
(t-EER) is parameter free. The combination of two classifiers nonetheless leads
to a \emph{set} of operating points at which false alarm and miss rates are
equal and also dependent upon the prevalence of attacks. We therefore introduce
the \emph{concurrent} t-EER, a unique operating point which is invariable to
the prevalence of attacks. Using both modality (and even application) agnostic
simulated scores, as well as real scores for a voice biometrics application, we
demonstrate application of the t-EER to a wide range of biometric system
evaluations under attack. The proposed approach is a strong candidate metric
for the tandem evaluation of PAD systems and biometric comparators.
Related papers
- Malicious Agent Detection for Robust Multi-Agent Collaborative Perception [52.261231738242266]
Multi-agent collaborative (MAC) perception is more vulnerable to adversarial attacks than single-agent perception.
We propose Malicious Agent Detection (MADE), a reactive defense specific to MAC perception.
We conduct comprehensive evaluations on a benchmark 3D dataset V2X-sim and a real-road dataset DAIR-V2X.
arXiv Detail & Related papers (2023-10-18T11:36:42Z) - Untargeted Near-collision Attacks on Biometrics: Real-world Bounds and
Theoretical Limits [0.0]
We focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes.
We use the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems.
The study of this metric space, and system parameters, gives us the complexity of untargeted attacks and the probability of a near-collision.
arXiv Detail & Related papers (2023-04-04T07:17:31Z) - Voice Spoofing Countermeasures: Taxonomy, State-of-the-art, experimental
analysis of generalizability, open challenges, and the way forward [2.393661358372807]
We conduct a review of the literature on spoofing detection using hand-crafted features, deep learning, end-to-end, and universal spoofing countermeasure solutions.
We report the performance of these countermeasures on several datasets and evaluate them across corpora.
arXiv Detail & Related papers (2022-10-02T03:53:37Z) - MEAD: A Multi-Armed Approach for Evaluation of Adversarial Examples
Detectors [24.296350262025552]
We propose a novel framework, called MEAD, for evaluating detectors based on several attack strategies.
Among them, we make use of three new objectives to generate attacks.
The proposed performance metric is based on the worst-case scenario.
arXiv Detail & Related papers (2022-06-30T17:05:45Z) - Adversarial Attacks and Defense for Non-Parametric Two-Sample Tests [73.32304304788838]
This paper systematically uncovers the failure mode of non-parametric TSTs through adversarial attacks.
To enable TST-agnostic attacks, we propose an ensemble attack framework that jointly minimizes the different types of test criteria.
To robustify TSTs, we propose a max-min optimization that iteratively generates adversarial pairs to train the deep kernels.
arXiv Detail & Related papers (2022-02-07T11:18:04Z) - Mitigating the Mutual Error Amplification for Semi-Supervised Object
Detection [92.52505195585925]
We propose a Cross Teaching (CT) method, aiming to mitigate the mutual error amplification by introducing a rectification mechanism of pseudo labels.
In contrast to existing mutual teaching methods that directly treat predictions from other detectors as pseudo labels, we propose the Label Rectification Module (LRM)
arXiv Detail & Related papers (2022-01-26T03:34:57Z) - Improving the Adversarial Robustness for Speaker Verification by Self-Supervised Learning [95.60856995067083]
This work is among the first to perform adversarial defense for ASV without knowing the specific attack algorithms.
We propose to perform adversarial defense from two perspectives: 1) adversarial perturbation purification and 2) adversarial perturbation detection.
Experimental results show that our detection module effectively shields the ASV by detecting adversarial samples with an accuracy of around 80%.
arXiv Detail & Related papers (2021-06-01T07:10:54Z) - No Need to Know Physics: Resilience of Process-based Model-free Anomaly
Detection for Industrial Control Systems [95.54151664013011]
We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system.
We analyze four anomaly detectors published at top security conferences.
arXiv Detail & Related papers (2020-12-07T11:02:44Z) - Anomaly Detection with Convolutional Autoencoders for Fingerprint
Presentation Attack Detection [11.879849130630406]
Presentation attack detection (PAD) methods are used to determine whether samples stem from a bona fide subject or from a presentation attack instrument (PAI)
We propose a new PAD technique based on autoencoders (AEs) trained only on bona fide samples (i.e. one-class) captured in the short wave infrared domain.
arXiv Detail & Related papers (2020-08-18T15:33:41Z) - Reliable evaluation of adversarial robustness with an ensemble of
diverse parameter-free attacks [65.20660287833537]
In this paper we propose two extensions of the PGD-attack overcoming failures due to suboptimal step size and problems of the objective function.
We then combine our novel attacks with two complementary existing ones to form a parameter-free, computationally affordable and user-independent ensemble of attacks to test adversarial robustness.
arXiv Detail & Related papers (2020-03-03T18:15:55Z) - On the Resilience of Biometric Authentication Systems against Random
Inputs [6.249167635929514]
We assess the security of machine learning based biometric authentication systems against an attacker who submits uniform random inputs.
In particular, for one reconstructed biometric system with an average FPR of 0.03, the success rate was as high as 0.78.
arXiv Detail & Related papers (2020-01-13T04:20:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.