Related papers: Are Foundation Models All You Need for Zero-shot Face Presentation Attack Detection?

Are Foundation Models All You Need for Zero-shot Face Presentation Attack Detection?

URL: http://arxiv.org/abs/2507.16393v1
Date: Tue, 22 Jul 2025 09:38:21 GMT
Title: Are Foundation Models All You Need for Zero-shot Face Presentation Attack Detection?
Authors: Lazaro Janier Gonzalez-Sole, Juan E. Tapia, Christoph Busch,
Abstract summary: Face recognition systems are vulnerable to attack presentations (AP)<n>This paper focuses on zero-shot presentation attack detection (PAD) approaches.<n>We first assess the effectiveness and generalisability of foundation models in established and challenging experimental scenarios.
Score: 7.287930923353593
License: http://creativecommons.org/licenses/by-nc-sa/4.0/
Abstract: Although face recognition systems have undergone an impressive evolution in the last decade, these technologies are vulnerable to attack presentations (AP). These attacks are mostly easy to create and, by executing them against the system's capture device, the malicious actor can impersonate an authorised subject and thus gain access to the latter's information (e.g., financial transactions). To protect facial recognition schemes against presentation attacks, state-of-the-art deep learning presentation attack detection (PAD) approaches require a large amount of data to produce reliable detection performances and even then, they decrease their performance for unknown presentation attack instruments (PAI) or database (information not seen during training), i.e. they lack generalisability. To mitigate the above problems, this paper focuses on zero-shot PAD. To do so, we first assess the effectiveness and generalisability of foundation models in established and challenging experimental scenarios and then propose a simple but effective framework for zero-shot PAD. Experimental results show that these models are able to achieve performance in difficult scenarios with minimal effort of the more advanced PAD mechanisms, whose weights were optimised mainly with training sets that included APs and bona fide presentations. The top-performing foundation model outperforms by a margin the best from the state of the art observed with the leaving-one-out protocol on the SiW-Mv2 database, which contains challenging unknown 2D and 3D attacks

Related papers

Spoofing-aware Prompt Learning for Unified Physical-Digital Facial Attack Detection [28.74960061024677]
Real-world face recognition systems are vulnerable to both physical presentation attacks (PAs) and digital forgery attacks (DFs)<n>We propose a Spoofing-aware Prompt Learning for Unified Attack Detection (SPL-UAD) framework, which decouples optimization branches for physical and digital attacks in the prompt space.<n>Experiments on the large-scale UniAttackDataPlus dataset demonstrate that the proposed method achieves significant performance improvements in unified attack detection tasks.
arXiv Detail & Related papers (2025-12-06T09:34:39Z)
Introducing Nylon Face Mask Attacks: A Dataset for Evaluating Generalised Face Presentation Attack Detection [4.370475817747562]
Face recognition systems are increasingly deployed across a wide range of applications, including smartphone authentication, access control, and border security.<n>These systems remain vulnerable to presentation attacks (PAs), which can significantly compromise their reliability.<n>We introduce a new dataset focused on a novel and realistic presentation attack instrument called Nylon Face Masks (NFMs)<n>NFMs are particularly concerning due to their elastic structure and appearance, which enable them to closely mimic the victim's facial geometry when worn by an attacker.
arXiv Detail & Related papers (2025-11-11T11:13:12Z)
Preliminary Investigation into Uncertainty-Aware Attack Stage Classification [81.28215542218724]
This work addresses the problem of attack stage inference under uncertainty.<n>We propose a classification approach based on Evidential Deep Learning (EDL), which models predictive uncertainty by outputting parameters of a Dirichlet distribution over possible stages.<n>Preliminary experiments in a simulated environment demonstrate that the proposed model can accurately infer the stage of an attack with confidence.
arXiv Detail & Related papers (2025-08-01T06:58:00Z)
Attacking Attention of Foundation Models Disrupts Downstream Tasks [11.538345159297839]
Foundation models are large models, trained on broad data that deliver high accuracy in many downstream tasks.<n>These models are vulnerable to adversarial attacks.<n>This paper studies the vulnerabilities of vision foundation models, focusing specifically on CLIP and ViTs.<n>We introduce a novel attack, targeting the structure of transformer-based architectures in a task-agnostic fashion.
arXiv Detail & Related papers (2025-06-03T19:42:48Z)
Unsupervised Fingerphoto Presentation Attack Detection With Diffusion Models [8.979820109339286]
Smartphone-based contactless fingerphoto authentication has become a reliable alternative to traditional contact-based fingerprint biometric systems. Despite its convenience, fingerprint authentication through fingerphotos is more vulnerable to presentation attacks. We propose a novel unsupervised approach based on a state-of-the-art deep-learning-based diffusion model, the Denoising Probabilistic Diffusion Model (DDPM) The proposed approach detects Presentation Attacks (PA) by calculating the reconstruction similarity between the input and output pairs of the DDPM.
arXiv Detail & Related papers (2024-09-27T11:07:48Z)
Learn from the Past: A Proxy Guided Adversarial Defense Framework with Self Distillation Regularization [53.04697800214848]
Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models. AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting. We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
arXiv Detail & Related papers (2023-10-19T13:13:41Z)
Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations [55.2480439325792]
Federated Learning (FL) facilitates decentralized machine learning model training, preserving data privacy, lowering communication costs, and boosting model performance through diversified data sources. FL faces vulnerabilities such as poisoning attacks, undermining model integrity with both untargeted performance degradation and targeted backdoor attacks. We define a new notion of strong adaptive adversaries, capable of adapting to multiple objectives simultaneously. MESAS is the first defense robust against strong adaptive adversaries, effective in real-world data scenarios, with an average overhead of just 24.37 seconds.
arXiv Detail & Related papers (2023-06-06T11:44:42Z)
Face Presentation Attack Detection [59.05779913403134]
Face recognition technology has been widely used in daily interactive applications such as checking-in and mobile payment. However, its vulnerability to presentation attacks (PAs) limits its reliable use in ultra-secure applicational scenarios.
arXiv Detail & Related papers (2022-12-07T14:51:17Z)
Cluster-level pseudo-labelling for source-free cross-domain facial expression recognition [94.56304526014875]
We propose the first Source-Free Unsupervised Domain Adaptation (SFUDA) method for Facial Expression Recognition (FER) Our method exploits self-supervised pretraining to learn good feature representations from the target data. We validate the effectiveness of our method in four adaptation setups, proving that it consistently outperforms existing SFUDA methods when applied to FER.
arXiv Detail & Related papers (2022-10-11T08:24:50Z)
Introduction to Presentation Attack Detection in Face Biometrics and Recent Advances [21.674697346594158]
The next pages present the different presentation attacks that a face recognition system can confront. We make an introduction of the current status of face recognition, its level of deployment, and its challenges. We review different types of presentation attack methods, from simpler to more complex ones, and in which cases they could be effective.
arXiv Detail & Related papers (2021-11-23T11:19:22Z)
Federated Test-Time Adaptive Face Presentation Attack Detection with Dual-Phase Privacy Preservation [100.69458267888962]
Face presentation attack detection (fPAD) plays a critical role in the modern face recognition pipeline. Due to legal and privacy issues, training data (real face images and spoof images) are not allowed to be directly shared between different data sources. We propose a Federated Test-Time Adaptive Face Presentation Attack Detection with Dual-Phase Privacy Preservation framework.
arXiv Detail & Related papers (2021-10-25T02:51:05Z)
On the Effectiveness of Vision Transformers for Zero-shot Face Anti-Spoofing [7.665392786787577]
In this work, we use transfer learning from the vision transformer model for the zero-shot anti-spoofing task. The proposed approach outperforms the state-of-the-art methods in the zero-shot protocols in the HQ-WMCA and SiW-M datasets by a large margin.
arXiv Detail & Related papers (2020-11-16T15:14:59Z)
MixNet for Generalized Face Presentation Attack Detection [63.35297510471997]
We have proposed a deep learning-based network termed as textitMixNet to detect presentation attacks. The proposed algorithm utilizes state-of-the-art convolutional neural network architectures and learns the feature mapping for each attack category.
arXiv Detail & Related papers (2020-10-25T23:01:13Z)
A Zero-Shot based Fingerprint Presentation Attack Detection System [8.676298469169174]
We propose a novel Zero-Shot Presentation Attack Detection Model to guarantee the generalization of the PAD model. The proposed ZSPAD-Model based on generative model does not utilize any negative samples in the process of establishment. In order to improve the performance of the proposed model, 9 confidence scores are discussed in this article.
arXiv Detail & Related papers (2020-02-12T10:52:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.