t-EER: Parameter-Free Tandem Evaluation of Countermeasures and Biometric
Comparators
- URL: http://arxiv.org/abs/2309.12237v1
- Date: Thu, 21 Sep 2023 16:30:40 GMT
- Title: t-EER: Parameter-Free Tandem Evaluation of Countermeasures and Biometric
Comparators
- Authors: Tomi Kinnunen, Kong Aik Lee, Hemlata Tak, Nicholas Evans, Andreas
Nautsch
- Abstract summary: Presentation attack (spoofing) detection (PAD) typically operates alongside biometric verification to improve reliablity in the face of spoofing attacks.
We introduce a new metric for the joint evaluation of PAD solutions operating in situ with biometric verification.
- Score: 27.452032643800223
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Presentation attack (spoofing) detection (PAD) typically operates alongside
biometric verification to improve reliablity in the face of spoofing attacks.
Even though the two sub-systems operate in tandem to solve the single task of
reliable biometric verification, they address different detection tasks and are
hence typically evaluated separately. Evidence shows that this approach is
suboptimal. We introduce a new metric for the joint evaluation of PAD solutions
operating in situ with biometric verification. In contrast to the tandem
detection cost function proposed recently, the new tandem equal error rate
(t-EER) is parameter free. The combination of two classifiers nonetheless leads
to a \emph{set} of operating points at which false alarm and miss rates are
equal and also dependent upon the prevalence of attacks. We therefore introduce
the \emph{concurrent} t-EER, a unique operating point which is invariable to
the prevalence of attacks. Using both modality (and even application) agnostic
simulated scores, as well as real scores for a voice biometrics application, we
demonstrate application of the t-EER to a wide range of biometric system
evaluations under attack. The proposed approach is a strong candidate metric
for the tandem evaluation of PAD systems and biometric comparators.
Related papers
- Toward Improving Synthetic Audio Spoofing Detection Robustness via Meta-Learning and Disentangled Training With Adversarial Examples [33.445126880876415]
We propose a reliable and robust spoofing detection system to filter out spoofing attacks instead of having them reach the automatic speaker verification system.
A weighted additive angular margin loss is proposed to address the data imbalance issue, and different margins has been assigned to improve generalization to unseen spoofing attacks.
We craft adversarial examples by adding imperceptible perturbations to spoofing speech as a data augmentation strategy, then we use an auxiliary batch normalization to guarantee that corresponding normalization statistics are performed exclusively on the adversarial examples.
arXiv Detail & Related papers (2024-08-23T19:26:54Z) - AdvQDet: Detecting Query-Based Adversarial Attacks with Adversarial Contrastive Prompt Tuning [93.77763753231338]
Adversarial Contrastive Prompt Tuning (ACPT) is proposed to fine-tune the CLIP image encoder to extract similar embeddings for any two intermediate adversarial queries.
We show that ACPT can detect 7 state-of-the-art query-based attacks with $>99%$ detection rate within 5 shots.
We also show that ACPT is robust to 3 types of adaptive attacks.
arXiv Detail & Related papers (2024-08-04T09:53:50Z) - Malicious Agent Detection for Robust Multi-Agent Collaborative Perception [52.261231738242266]
Multi-agent collaborative (MAC) perception is more vulnerable to adversarial attacks than single-agent perception.
We propose Malicious Agent Detection (MADE), a reactive defense specific to MAC perception.
We conduct comprehensive evaluations on a benchmark 3D dataset V2X-sim and a real-road dataset DAIR-V2X.
arXiv Detail & Related papers (2023-10-18T11:36:42Z) - Untargeted Near-collision Attacks on Biometrics: Real-world Bounds and
Theoretical Limits [0.0]
We focus on untargeted attacks that can be carried out both online and offline, and in both identification and verification modes.
We use the False Match Rate (FMR) and the False Positive Identification Rate (FPIR) to address the security of these systems.
The study of this metric space, and system parameters, gives us the complexity of untargeted attacks and the probability of a near-collision.
arXiv Detail & Related papers (2023-04-04T07:17:31Z) - MEAD: A Multi-Armed Approach for Evaluation of Adversarial Examples
Detectors [24.296350262025552]
We propose a novel framework, called MEAD, for evaluating detectors based on several attack strategies.
Among them, we make use of three new objectives to generate attacks.
The proposed performance metric is based on the worst-case scenario.
arXiv Detail & Related papers (2022-06-30T17:05:45Z) - Adversarial Attacks and Defense for Non-Parametric Two-Sample Tests [73.32304304788838]
This paper systematically uncovers the failure mode of non-parametric TSTs through adversarial attacks.
To enable TST-agnostic attacks, we propose an ensemble attack framework that jointly minimizes the different types of test criteria.
To robustify TSTs, we propose a max-min optimization that iteratively generates adversarial pairs to train the deep kernels.
arXiv Detail & Related papers (2022-02-07T11:18:04Z) - Mitigating the Mutual Error Amplification for Semi-Supervised Object
Detection [92.52505195585925]
We propose a Cross Teaching (CT) method, aiming to mitigate the mutual error amplification by introducing a rectification mechanism of pseudo labels.
In contrast to existing mutual teaching methods that directly treat predictions from other detectors as pseudo labels, we propose the Label Rectification Module (LRM)
arXiv Detail & Related papers (2022-01-26T03:34:57Z) - Improving the Adversarial Robustness for Speaker Verification by Self-Supervised Learning [95.60856995067083]
This work is among the first to perform adversarial defense for ASV without knowing the specific attack algorithms.
We propose to perform adversarial defense from two perspectives: 1) adversarial perturbation purification and 2) adversarial perturbation detection.
Experimental results show that our detection module effectively shields the ASV by detecting adversarial samples with an accuracy of around 80%.
arXiv Detail & Related papers (2021-06-01T07:10:54Z) - Anomaly Detection with Convolutional Autoencoders for Fingerprint
Presentation Attack Detection [11.879849130630406]
Presentation attack detection (PAD) methods are used to determine whether samples stem from a bona fide subject or from a presentation attack instrument (PAI)
We propose a new PAD technique based on autoencoders (AEs) trained only on bona fide samples (i.e. one-class) captured in the short wave infrared domain.
arXiv Detail & Related papers (2020-08-18T15:33:41Z) - Reliable evaluation of adversarial robustness with an ensemble of
diverse parameter-free attacks [65.20660287833537]
In this paper we propose two extensions of the PGD-attack overcoming failures due to suboptimal step size and problems of the objective function.
We then combine our novel attacks with two complementary existing ones to form a parameter-free, computationally affordable and user-independent ensemble of attacks to test adversarial robustness.
arXiv Detail & Related papers (2020-03-03T18:15:55Z) - On the Resilience of Biometric Authentication Systems against Random
Inputs [6.249167635929514]
We assess the security of machine learning based biometric authentication systems against an attacker who submits uniform random inputs.
In particular, for one reconstructed biometric system with an average FPR of 0.03, the success rate was as high as 0.78.
arXiv Detail & Related papers (2020-01-13T04:20:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.