Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SelfMAD: Enhancing Generalization and Robustness in Morphing Attack Detection via Self-Supervised Learning

Marija Ivanovska, Leon Todorov, Naser Damer, Deepak Kumar Jain, Peter Peer, Vitomir Štruc

TL;DR

SelfMAD addresses the generalization gap in Morphing Attack Detection by adopting a self-supervised framework that mimics common artifacts across both pixel and frequency domains. The method comprises four components—Image Augmenter, Pixel-Artifact Generator, Frequency-Artifact Generator, and a classifier—to learn robust decision boundaries without relying on actual morphs. In extensive cross-dataset evaluations, SelfMAD outperforms both unsupervised and discriminative MADs, reducing the EER by more than 64% versus the strongest unsupervised competitor and by more than 66% versus the best discriminative model in cross-morph settings. The approach demonstrates strong generalization, with ablation and Grad-CAM analyses clarifying the contributions of artifact types and the model’s attention regions, while noting some limitations with StyleGAN2 morphs and outlining future enhancements. The work provides a publicly available implementation to accelerate research and deployment in robust MAD systems.

Abstract

With the continuous advancement of generative models, face morphing attacks have become a significant challenge for existing face verification systems due to their potential use in identity fraud and other malicious activities. Contemporary Morphing Attack Detection (MAD) approaches frequently rely on supervised, discriminative models trained on examples of bona fide and morphed images. These models typically perform well with morphs generated with techniques seen during training, but often lead to sub-optimal performance when subjected to novel unseen morphing techniques. While unsupervised models have been shown to perform better in terms of generalizability, they typically result in higher error rates, as they struggle to effectively capture features of subtle artifacts. To address these shortcomings, we present SelfMAD, a novel self-supervised approach that simulates general morphing attack artifacts, allowing classifiers to learn generic and robust decision boundaries without overfitting to the specific artifacts induced by particular face morphing methods. Through extensive experiments on widely used datasets, we demonstrate that SelfMAD significantly outperforms current state-of-the-art MADs, reducing the detection error by more than 64% in terms of EER when compared to the strongest unsupervised competitor, and by more than 66%, when compared to the best performing discriminative MAD model, tested in cross-morph settings. The source code for SelfMAD is available at https://github.com/LeonTodorov/SelfMAD.

SelfMAD: Enhancing Generalization and Robustness in Morphing Attack Detection via Self-Supervised Learning

TL;DR

SelfMAD addresses the generalization gap in Morphing Attack Detection by adopting a self-supervised framework that mimics common artifacts across both pixel and frequency domains. The method comprises four components—Image Augmenter, Pixel-Artifact Generator, Frequency-Artifact Generator, and a classifier—to learn robust decision boundaries without relying on actual morphs. In extensive cross-dataset evaluations, SelfMAD outperforms both unsupervised and discriminative MADs, reducing the EER by more than 64% versus the strongest unsupervised competitor and by more than 66% versus the best discriminative model in cross-morph settings. The approach demonstrates strong generalization, with ablation and Grad-CAM analyses clarifying the contributions of artifact types and the model’s attention regions, while noting some limitations with StyleGAN2 morphs and outlining future enhancements. The work provides a publicly available implementation to accelerate research and deployment in robust MAD systems.

Abstract

With the continuous advancement of generative models, face morphing attacks have become a significant challenge for existing face verification systems due to their potential use in identity fraud and other malicious activities. Contemporary Morphing Attack Detection (MAD) approaches frequently rely on supervised, discriminative models trained on examples of bona fide and morphed images. These models typically perform well with morphs generated with techniques seen during training, but often lead to sub-optimal performance when subjected to novel unseen morphing techniques. While unsupervised models have been shown to perform better in terms of generalizability, they typically result in higher error rates, as they struggle to effectively capture features of subtle artifacts. To address these shortcomings, we present SelfMAD, a novel self-supervised approach that simulates general morphing attack artifacts, allowing classifiers to learn generic and robust decision boundaries without overfitting to the specific artifacts induced by particular face morphing methods. Through extensive experiments on widely used datasets, we demonstrate that SelfMAD significantly outperforms current state-of-the-art MADs, reducing the detection error by more than 64% in terms of EER when compared to the strongest unsupervised competitor, and by more than 66%, when compared to the best performing discriminative MAD model, tested in cross-morph settings. The source code for SelfMAD is available at https://github.com/LeonTodorov/SelfMAD.

Paper Structure

This paper contains 10 sections, 7 equations, 4 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related work
  3. Methodology
  4. Experimental Setup
  5. Datasets
  6. Evaluation metrics
  7. Implementation details
  8. Results
  9. Conclusion
  10. Ethical Impact Statement

Figures (4)

  • Figure 1: We propose SelfMAD, a Self-supervised Morphing Attack Detection method, that learns to detect morphed faces by replicating common artifacts of various widely used morphing techniques. Pixel space manipulations simulate artifacts typical for image-level morphing techniques, while frequency space manipulations reproduce the fingerprints of latent-space morphing techniques. Self-MAD is robust and generalizes effectively, without overfitting to specific face morphing attack examples.
  • Figure 2: Overview of Self-MAD, a self-supervised morphing attack detection method that learns to detect morphed faces using a set of bona fide images and simulated morphing attacks. The model consists of four key components: i) pixel augmenter, to simulate subtle visual variations in real-world images; ii) pixel artifact generator that mimics artifacts typical for image-level morphing methods; iii) frequency artifact generator which reproduces frequency fingerprints associated with advanced, latent-level morphing techniques; and iv) classifier differentiate between genuine and manipulated samples.
  • Figure 3: Selected samples from FRLL-Morphs Sarkar2020_morphed_data, representing bona fide (BF) images (left) and morphing attacks genertated with different morphing methods, i.e. AMSL, FaceMorpher (FM), OpenCV (OCV), StyleGAN2 (SG), and Webmorph (WM). Note typical ghosting artifacts of landmark-based morphing attacks and irregulatiries generated with StyleGAN2.
  • Figure 4: GradCAM visualizations of SelfMAD, generated with HRNet-W18 as backbone. Heatmaps highlight eyes, nostrils, lip borders and hair, as areas where morphing pixel irregularities are most prominent. Note that StyleGAN2 images are also prone to asymmetries and blurry edges in these regions.