Morphing Attack Potential
Matteo Ferrara, Annalisa Franco, Davide Maltoni, Christoph Busch
TL;DR
The paper tackles the challenge of quantifying morphing attack risk on face recognition systems, where existing criteria fail to capture varying attacker capabilities and multi-FRS scenarios. It introduces Morphing Attack Potential (MAP), a matrix-based metric that extends prior indicators by evaluating morphed images across $m$ probe images and $n$ FRSs to produce $MAP[r,c]$, the proportion of morphed images that succeed in at least $r$ attempts on at least $c$ FRSs. MAP is formalized with definitions for $M$, $P$, $F$, thresholds $\tau(F)$, and helper functions $m(M,P,F)$ and $fmc$, enabling robust, cross-system risk estimation; the paper also provides an appendix for extending to more than two contributing subjects. Empirically, MAP is computed on the SOTAMD dataset using four FRSs under Frontex-style thresholds, revealing generally low attack potential and showing how $\alpha$ and morphing algorithms (e.g., C02 vs C05) affect robustness and generality. Overall, MAP offers a practical tool for border-control risk assessment and multi-FRS evaluation, with potential extensions to other presentation attacks and an open-source implementation on GitHub.
Abstract
In security systems the risk assessment in the sense of common criteria testing is a very relevant topic; this requires quantifying the attack potential in terms of the expertise of the attacker, his knowledge about the target and access to equipment. Contrary to those attacks, the recently revealed morphing attacks against Face Recognition Systems (FRSs) can not be assessed by any of the above criteria. But not all morphing techniques pose the same risk for an operational face recognition system. This paper introduces with the Morphing Attack Potential (MAP) a consistent methodology, that can quantify the risk, which a certain morphing attack creates.
