Joint Physical-Digital Facial Attack Detection Via Simulating Spoofing Clues

TL;DR

This work tackles the challenge of jointly detecting physical and digital face attacks with a single model. It introduces two data augmentation schemes, Simulated Physical Spoofing Clues (SPSC) and Simulated Digital Spoofing Clues (SDSC), to simulate spoofing cues and improve generalization to unseen attack types, while remaining architecture-agnostic. Extensive UniAttackData experiments demonstrate state-of-the-art performance, reducing ACER from strong baselines to as low as 1.32% (Protocol 2.1) and 1.65% (Protocol 2.2), with an AUC of 99.69% and APCER of 3.75%. The approach provides a practical, plug-in enhancement for diverse backbone networks and supports robust, unified face-attack detection in real-world deployments; code is publicly available.

Abstract

Face recognition systems are frequently subjected to a variety of physical and digital attacks of different types. Previous methods have achieved satisfactory performance in scenarios that address physical attacks and digital attacks, respectively. However, few methods are considered to integrate a model that simultaneously addresses both physical and digital attacks, implying the necessity to develop and maintain multiple models. To jointly detect physical and digital attacks within a single model, we propose an innovative approach that can adapt to any network architecture. Our approach mainly contains two types of data augmentation, which we call Simulated Physical Spoofing Clues augmentation (SPSC) and Simulated Digital Spoofing Clues augmentation (SDSC). SPSC and SDSC augment live samples into simulated attack samples by simulating spoofing clues of physical and digital attacks, respectively, which significantly improve the capability of the model to detect "unseen" attack types. Extensive experiments show that SPSC and SDSC can achieve state-of-the-art generalization in Protocols 2.1 and 2.2 of the UniAttackData dataset, respectively. Our method won first place in "Unified Physical-Digital Face Attack Detection" of the 5th Face Anti-spoofing Challenge@CVPR2024. Our final submission obtains 3.75% APCER, 0.93% BPCER, and 2.34% ACER, respectively. Our code is available at https://github.com/Xianhua-He/cvpr2024-face-anti-spoofing-challenge.

Figures (6)

• Figure 1: Spoofing clues for four attack types. For replay attacks, print attacks, digital forgeries, and adversarial attacks, the spoofing clues distinct from live samples are identified as moire patterns, color distortion, facial artifacts, and gradient noise, respectively.
• Figure 2: The overview pipeline of our method. We propose Simulated Physical Spoofing Clues augmentation (SPSC), which augments live samples into simulated physical attack samples for training within protocols 1 and 2.1. Concurrently, we present Simulated Digital Spoofing Clues augmentation (SDSC), converting live samples into simulated digital attack samples, tailored for training under protocols 1 and 2.2.
• Figure 3: Live samples simulate print attacks through varying degrees of ColorJitter and replay attacks through varying degrees of moire pattern augmentation.
• Figure 4: A live sample is transformed into a digital forgery attack sample by Simulated Digital Spoofing Clues augmentation.
• Figure 5: The overview of UniAttackData Dataset fang2024unified. The same face ID forges physical attack videos through two types of physical attacks (print and replay). For every live video, forge digital attacks through six digital editing algorithms and six adversarial algorithms. The attack type of each sample is indicated at the top of the graph.