Table of Contents
Fetching ...

The Invisible Threat: Evaluating the Vulnerability of Cross-Spectral Face Recognition to Presentation Attacks

Anjith George, Sebastien Marcel

TL;DR

This work addresses the security of cross-spectral face recognition (CFR) when matching VIS enrollment to NIR probes, a scenario known to suffer from a modality gap. The authors propose a vulnerability evaluation framework using WMCA VIS–NIR CFR protocols, comparing two CFR architectures (DIU and SSMB) and a COTS-FR baseline, and introducing development/evaluation splits with thresholds at a $0.1\%$ false match rate. Their results demonstrate that CFR systems, while generally robust, remain susceptible to targeted presentation attacks, with laser-printed photo attacks achieving near-perfect impersonation rates across several systems, and COTS-PAD performing poorly in the NIR domain. The study also highlights the need for NIR-specific presentation attack detectors and cautions against assuming built-in CFR security suffices, suggesting concrete directions for robust, modality-aware PAD development and reproducible evaluation protocols.

Abstract

Cross-spectral face recognition systems are designed to enhance the performance of facial recognition systems by enabling cross-modal matching under challenging operational conditions. A particularly relevant application is the matching of near-infrared (NIR) images to visible-spectrum (VIS) images, enabling the verification of individuals by comparing NIR facial captures acquired with VIS reference images. The use of NIR imaging offers several advantages, including greater robustness to illumination variations, better visibility through glasses and glare, and greater resistance to presentation attacks. Despite these claimed benefits, the robustness of NIR-based systems against presentation attacks has not been systematically studied in the literature. In this work, we conduct a comprehensive evaluation into the vulnerability of NIR-VIS cross-spectral face recognition systems to presentation attacks. Our empirical findings indicate that, although these systems exhibit a certain degree of reliability, they remain vulnerable to specific attacks, emphasizing the need for further research in this area.

The Invisible Threat: Evaluating the Vulnerability of Cross-Spectral Face Recognition to Presentation Attacks

TL;DR

This work addresses the security of cross-spectral face recognition (CFR) when matching VIS enrollment to NIR probes, a scenario known to suffer from a modality gap. The authors propose a vulnerability evaluation framework using WMCA VIS–NIR CFR protocols, comparing two CFR architectures (DIU and SSMB) and a COTS-FR baseline, and introducing development/evaluation splits with thresholds at a false match rate. Their results demonstrate that CFR systems, while generally robust, remain susceptible to targeted presentation attacks, with laser-printed photo attacks achieving near-perfect impersonation rates across several systems, and COTS-PAD performing poorly in the NIR domain. The study also highlights the need for NIR-specific presentation attack detectors and cautions against assuming built-in CFR security suffices, suggesting concrete directions for robust, modality-aware PAD development and reproducible evaluation protocols.

Abstract

Cross-spectral face recognition systems are designed to enhance the performance of facial recognition systems by enabling cross-modal matching under challenging operational conditions. A particularly relevant application is the matching of near-infrared (NIR) images to visible-spectrum (VIS) images, enabling the verification of individuals by comparing NIR facial captures acquired with VIS reference images. The use of NIR imaging offers several advantages, including greater robustness to illumination variations, better visibility through glasses and glare, and greater resistance to presentation attacks. Despite these claimed benefits, the robustness of NIR-based systems against presentation attacks has not been systematically studied in the literature. In this work, we conduct a comprehensive evaluation into the vulnerability of NIR-VIS cross-spectral face recognition systems to presentation attacks. Our empirical findings indicate that, although these systems exhibit a certain degree of reliability, they remain vulnerable to specific attacks, emphasizing the need for further research in this area.
Paper Structure (13 sections, 5 figures, 4 tables)

This paper contains 13 sections, 5 figures, 4 tables.

Figures (5)

  • Figure 1: Gallery (VIS) and probe (NIR) sample pairs from the WMCA george2019biometric VIS-NIR protocol, with match scores (cosine similarity scores normalized to -1 to 1) generated by the SSMB george2024modality approach. Examples include genuine pairs, zero-effort impostors (ZEI), and various attack types, with laser photo attacks yielding the highest match scores among attacks.
  • Figure 2: VIS and NIR samples from selected identities in the VIS-NIR CFR protocol of WMCA dataset george2019biometric. The first row displays images captured in the VIS spectrum, while the second row shows the corresponding NIR images for the same identities.
  • Figure 3: Score distributions across all categories for both the DIU and SSMB HFR systems are depicted in the plots. Each plot illustrates the score distributions for Bonafide, Impostors (ZEI), and other attack types for a specific HFR system. Higher scores for attacks would indicate increased attack potential. The red arrow indicates the shift in distribution from VIS (blue) to NIR (orange) modalities. A leftward shift (negative) for attacks signifies decreased vulnerability to that specific attack.
  • Figure 4: Score distributions (VIS-NIR Protocol) for two HFR systems (first row DIU george2024heterogeneous, second row SSMB george2024modality) with different PA combinations (All PAs, Laser Photos, Masks). Each plot shows histograms of genuine (green), ZEI (blue), and attack (gray) scores. The red dashed line marks the FMR 0.1% threshold (from the licit protocol's development group), while the solid red curve represents IAPMR across thresholds. The IAPMR at the given threshold is found at the curve's intersection with the dashed line.
  • Figure 5: Score distributions (VIS-VIS Protocol) for two HFR systems (first row DIU george2024heterogeneous, second row SSMB george2024modality) with different PA combinations (All PAs, Laser Photos, Masks). Each plot shows histograms of genuine (green), ZEI (blue), and attack (gray) scores. The red dashed line marks the FMR 0.1% threshold (from the licit protocol's development group), while the solid red curve represents IAPMR across thresholds. The IAPMR at the given threshold is found at the curve's intersection with the dashed line.