面向商用活体检测平台的鲁棒性评估

doi:10.11959/j.issn.2096-109x.2022010

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (1): 180-189.doi: 10.11959/j.issn.2096-109x.2022010

• 学术论文 • 上一篇

面向商用活体检测平台的鲁棒性评估

王鹏程¹, 郑海斌¹, 邹健飞¹, 庞玲², 李虎², 陈晋音¹^,³

¹ 浙江工业大学信息工程学院，浙江杭州 310023
² 信息系统安全技术重点实验室，北京 100101
³ 浙江工业大学网络空间安全研究院，浙江杭州 310023

修回日期:2021-11-03 出版日期:2022-02-15 发布日期:2022-02-01
作者简介:王鹏程（1997− ），男，湖南衡阳人，浙江工业大学硕士生，主要研究方向为深度学习和人工智能安全
郑海斌（1995− ），男，浙江台州人，浙江工业大学博士生，主要研究方向为深度学习、安全可信人工智能
邹健飞（1995− ），女，江西赣州人，浙江工业大学硕士生，主要研究方向为深度学习和人工智能安全
庞玲（1979− ），女，河北石家庄人，硕士，信息系统安全技术重点实验室高级工程师，主要研究方向为网络安全
李虎（1987− ），男，甘肃定西人，博士，信息系统安全技术重点实验室高级工程师，主要研究方向为人工智能安全、机器学习等
陈晋音（1982− ），女，浙江象山人，浙江工业大学教授，主要研究方向为人工智能安全、图数据挖掘和进化计算
基金资助:
国家重点研发计划(2018AAA0100801);国家自然科学基金(62072406);信息系统安全技术重点实验室资助(61421110502);浙江省重点研发计划项目(2021C01117);2020年工业互联网创新发展工程项目(TC200H01V);浙江省“万人计划”科技创新领军人才项目(2020R52011)

Robustness evaluation of commercial liveness detection platform

Pengcheng WANG¹, Haibin ZHENG¹, Jianfei ZOU¹, Ling PANG², Hu LI², Jinyin CHEN¹^,³

¹ The College of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China
² National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China
³ The Institute of Cybernetics Security, Zhejiang University of Technology, Hangzhou 310023, China

Revised:2021-11-03 Online:2022-02-15 Published:2022-02-01
Supported by:
The National Key R＆D Program of China(2018AAA0100801);The National Natural Science Foundation of China(62072406);National Key Laboratory of Science and Technology on Information System Security(61421110502);The Key R＆D Program of Zhejiang Province(2021C01117);The 2020 Industrial Internet Innovation Development Project(TC200H01V);“Ten Thousand Talents Program” of Zhejiang Province(2020R52011)

摘要/Abstract

摘要：

活体检测技术已经成为日常生活中的重要应用，手机刷脸解锁、刷脸支付、远程身份验证等场景都会用到这一技术。但如果攻击者利用虚假视频生成技术生成逼真的换脸视频来攻击上述场景的活体检测系统，将会对这些场景的安全性产生巨大的威胁。针对这个问题使用4种先进的Deepfake技术生成大量的换脸图片和视频作为测试样本，用这些样本来对百度、腾讯等商用活体检测平台的在线API接口进行测试。测试实验结果显示常用的各大商用活体检测平台对 Deepfake 图像的检测成功率普遍很低，并且对图像的质量较为敏感，对真实图像的误检率也很高。其主要原因可能是这些平台设计时针对的是打印照片攻击、屏幕二次翻拍攻击、硅胶面具攻击等传统的活体检测攻击方法，并未将先进的换脸检测技术集成到他们的活体检测算法中，这些平台因此不能够有效应对Deepfake攻击。因此，提出了一种集成活体检测方法Integranet，该方法由4种针对不同图像特征的检测算法集成所得，既能够有效检测出打印照片、屏幕二次翻拍等传统的攻击手段，也能够有效应对先进的Deepfake攻击。在测试数据集上验证Integranet的检测效果，结果显示Integranet检测方法相比较各大商用活体检测平台，对Deepfake图像的检测成功率至少提高35%以上。

关键词: 深度伪造, 活体检测, 商用平台, 鲁棒性

Abstract:

Liveness detection technology has become an important application in daily life, and it is used in scenarios including mobile phone face unlock, face payment, and remote authentication.However, if attackers use fake video generation technology to generate realistic face-swapping videos to attack the living body detection system in the above scenarios, it will pose a huge threat to the security of these scenarios.Aiming at this problem, four state-of-the-art Deepfake technologies were used to generate a large number of face-changing pictures and videos as test samples, and use these samples to test the online API interfaces of commercial live detection platforms such as Baidu and Tencent.The test results show that the detection success rate of Deepfake images is generally very low by the major commercial live detection platforms currently used, and they are more sensitive to the quality of images, and the false detection rate of real images is also high.The main reason for the analysis may be that these platforms were mainly designed for traditional living detection attack methods such as printing photo attacks, screen remake attacks, and silicone mask attacks, and did not integrate advanced face-changing detection technology into their liveness detection.In the algorithm, these platforms cannot effectively deal with Deepfake attacks.Therefore, an integrated live detection method Integranet was proposed, which was obtained by integrating four detection algorithms for different image features.It could effectively detect traditional attack methods such as printed photos and screen remakes.It could also effectively detect against advanced Deepfake attacks.The detection effect of Integranet was verified on the test data set.The results show that the detection success rate of Deepfake images by proposed Integranet detection method is at least 35% higher than that of major commercial live detection platforms.

Key words: Deepfake, liveness detection, commercial platform, robustness

中图分类号:

TP391

王鹏程, 郑海斌, 邹健飞, 庞玲, 李虎, 陈晋音. 面向商用活体检测平台的鲁棒性评估[J]. 网络与信息安全学报, 2022, 8(1): 180-189.

Pengcheng WANG, Haibin ZHENG, Jianfei ZOU, Ling PANG, Hu LI, Jinyin CHEN. Robustness evaluation of commercial liveness detection platform[J]. Chinese Journal of Network and Information Security, 2022, 8(1): 180-189.

图/表 10

表1

图1

图2

图3

图4

图5

图6

图7

表2

表3

Integranet检测通过率对比Table 3 Integranet test pass rate comparison"

平台	Integranet	科大讯飞	腾讯	百度	阿里巴巴	京东	云从科技
FaceSwap	$2 . 12 %$	41.23%	78.26%	83.42%	86.26%	98.19%	99.34%
FaceShift	$10 . 34 %$	95.24%	61.41%	61.19%	85.39%	97.38%	99.42%
FSGAN	$9 . 68 %$	63.14%	81.26%	85.27%	85.24%	98.17%	99.29%
FOMM	$7 . 41 %$	97.29%	80.31%	90.18%	99.17%	99.42%	99.14%

表3

参考文献 29

[1]	LITJENS G , KOOI T , BEJNORDI B E ,et al. A survey on deep learning in medical image analysis[J]. Medical Image Analysis, 2017,42: 60-88.
[2]	KRISHNAMURTHY B , SARKAR M . Deep-learning network architecture for object detection:U.S.Patent 10,152,655[P]. 2018-12-11.
[3]	DENG L , LIU Y . A joint introduction to natural language pro-cessing and to deep learning[C]// Proceedings of Deep Learning in Natural Language Processing. 2018: 1-22.
[4]	COLLOBERT R , WESTON J , BOTTOU L ,et al. Naturallang-uage processing (almost) from scratch[J]. Journal of Machine Learning Research, 2011,12(8): 2493-2537.
[5]	XIONG W , DROPPO J , HUANG X ,et al. Achieving human parity in conversational speech recognition[J]. arXiv Preprint Arxiv:1610.05256, 2016.
[6]	MOUSAVI A , BARANIUK R G . Learning to invert:signal recovery via deep convolutional networks[C]// Proceedings of 2017 IEEE International Conference on Acoustics,Speech and Signal Processing. 2017: 2272-2276.
[7]	王宇龙, 刘开元 . 基于面部特征点运动的活体识别方法[J]. 网络与信息安全学报, 2018,4(6): 36-44.
	WANG Y L , LIU K Y . Liveness recognition method based on facial feature point motion[J]. Chinese Journal of Network and Information Security, 2018,4(6): 36-44.
[8]	马玉琨, 徐姚文, 赵欣 ,等. 人脸识别系统的活体检测综述[J]. 计算机科学与探索, 2021,15(7): 1195-1206.
	MA Y K , XU Y W , ZHAO X ,et al. Review of presentation attack detection in face recognition system[J]. Journal of Frontiers of Computer Science and Technology, 2021,15(7): 1195-1206.
[9]	Deepfakes[EB]. 2019.
[10]	谢永江, 姜淑丽 . 我国网络立法现状与问题分析[J]. 网络与信息安全学报, 2015,1(1): 24-30.
	XIE Y J , JIANG S L . Analysis of the situation and problem on the legislation of cyberspace in China[J]. Chinese Journal of Network and Information Security, 2015,1(1): 24-30.
[11]	乔通, 姚宏伟, 潘彬民 ,等. 基于深度学习的数字图像取证技术研究进展[J]. 网络与信息安全学报, 2021,7(5): 13-28.
	QIAO T , YAO H W , PAN B M ,et al. Current study of digital image forensic techniques based on deep learning[J]. Chinese Journal of Network and Information Security, 2021,7(5): 13-28.
[12]	黄惠芬, 王志红, 常玉红 . 数学形态学在数字伪造模糊检测中的应用[J]. 网络与信息安全学报, 2017,3(4): 20-25.
	HUANG H F , WANG Z H , CHANG Y H . Blur detection of digital forgery using mathematical morphology[J]. Chinese Journal of Network and Information Security, 2017,3(4): 20-25.
[13]	CHEN H S , ROUHSEDAGHAT M , GHANI H ,et al. DefakeHop:a light-weight high-performance deepfake detector[J]. arXiv:2103.06929, 2021.
[14]	LI Y , LYU S . Exposing DeepFake videos by detecting face-warping artifacts[C]// Proceedings of Computer Society Conference on Computer Vision and Pattern Recognition Workshops. 2018.
[15]	AFCHAR D , NOZICK V , YAMAGISHI J ,et al. MesoNet:a compact facial video forgery detection network[C]// Proceedings of 2018 IEEE International Workshop on Information Forensics and Security. Piscataway:IEEE Press, 2018: 1-7.
[16]	FENG H , HONG Z , YUE H ,et al. Learning generalized spoofcues for face anti-spoofing[J]. arXiv:2005.03922, 2020.
[17]	KORSHUNOVA I , SHI W Z , DAMBRE J ,et al. Fast face-swap using convolutional neural networks[C]// Proceedings of 2017 IEEE International Conference on Computer Vision. 2017: 3697-3705.
[18]	NIRKIN Y , KELLER Y , HASSNER T . FSGAN:subject agnostic face swapping and reenactment[C]// Proceedings of 2019 IEEE/CVF International Conference on Computer Vision (ICCV). Piscataway:IEEE Press, 2019: 7183-7192.
[19]	LI L , BAO J , YANG H ,et al. FaceShifter:towards high fidelity and occlusion aware face swapping[J]. arXiv:1912.13457, 2019.
[20]	SIAROHIN A , S LATHUILIèRE , TULYAKOV S ,et al. first order mot-ion model for image animation[J]. arXiv:2003.00196, 2020.
[21]	KARRAS T , LAINE S , AILA T M . A style-based generator architecture for generative adversarial networks[C]// Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 4396-4405.
[22]	HE Z L , ZUO W M , KAN M N ,et al. AttGAN:facial attribute editing by only changing what you want[J]. IEEE Transactions on Image Processing, 2019,28(11): 5464-5478.
[23]	CHOI Y , CHOI M , KIM M ,et al. StarGAN:unified generative adversarial networks for multi-domain image-to-image translation[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2018: 8789-8797.
[24]	LIU M , DING Y K , XIA M ,et al. STGAN:a unified selective transfer network for arbitrary image attribute editing[C]// Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 3668-3677.
[25]	YANG X , LI Y Z , LYU S W . Exposing deep fakes using inconsistent head poses[C]// Proceedings of ICASSP 2019 -2019 IEEE International Conference on Acoustics,Speech and Signal Processing. 2019: 8261-8265.
[26]	龚晓娟, 黄添强, 翁彬 ,等. 基于双层注意力的Deepfake换脸检测[J]. 网络与信息安全学报, 2021,7(2): 151-160.
	GONG X J , HUANG T Q , WENG B ,et al. Deepfake swapped face detection based on double attention[J]. Chinese Journal of Network and Information Security, 2021,7(2): 151-160.
[27]	LI Y Z , CHANG M C , LYU S W . In ICTU OCULI:exposing AI created fake videos by detecting eye blinking[C]// Proceedings of 2018 IEEE International Workshop on Information Forensics and Security. Piscataway:IEEE Press, 2018: 1-7.
[28]	WANG Z Z , YU Z T , ZHAO C X ,et al. Deep spatial gradient and temporal depth learning for face anti-spoofing[C]// Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2020: 5041-5050.
[29]	R?SSLER A , COZZOLINO D , VERDOLIVA L ,et al. FaceForensics++:learning to detect manipulated facial images[C]// Proceedings of 2019 IEEE/CVF International Conference on Computer Vision (ICCV). 2019: 1-11.

压缩方法	压缩前通过率	压缩后通过率
SVD	41%	85%
k-means聚类	41%	21%
格式转换	41%	66%

面向商用活体检测平台的鲁棒性评估

Robustness evaluation of commercial liveness detection platform

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 29

相关文章 8

Metrics

推荐阅读 0

商用平台	输入格式	应用接口
阿里巴巴	图片	活体检测
百度	图片、视频	活体检测、伪造检测
科大讯飞	图片	活体检测
商汤科技	图片、视频	活体检测、伪造检测
腾讯	图片、视频	活体检测
云从科技	图片	活体检测
京东	图片	活体检测

[1]	李婧文, 李雅文. 深度合成技术应用与风险应对[J]. 网络与信息安全学报, 2023, 9(2): 184-190.
[2]	吴文轩, 周文柏, 张卫明, 俞能海. 基于块间光照不一致性的深度伪造检测算法[J]. 网络与信息安全学报, 2023, 9(1): 167-177.
[3]	张明英, 华冰, 张宇光, 李海东, 郑墨泓. 基于鸽群的鲁棒强化学习算法[J]. 网络与信息安全学报, 2022, 8(5): 66-74.
[4]	林点, 潘理, 易平. 面向图像识别的卷积神经网络鲁棒性研究进展[J]. 网络与信息安全学报, 2022, 8(3): 111-122.
[5]	石灏苒, 吉立新, 刘树新, 王庚润. 基于半局部结构的异常连边识别算法[J]. 网络与信息安全学报, 2022, 8(1): 63-72.
[6]	王正龙, 张保稳. 生成对抗网络研究综述[J]. 网络与信息安全学报, 2021, 7(4): 68-85.
[7]	陈晋音, 张敦杰, 黄国瀚, 林翔, 鲍亮. 面向图神经网络的对抗攻击与防御综述[J]. 网络与信息安全学报, 2021, 7(3): 1-28.
[8]	吴奇,陈鸿昶. 低故障恢复开销的软件定义网络控制器布局算法[J]. 网络与信息安全学报, 2020, 6(6): 97-104.