The Invisible Threat: Evaluating the Vulnerability of Cross-Spectral Face Recognition to Presentation Attacks
Anjith George, Sebastien Marcel
TL;DR
This work addresses the security of cross-spectral face recognition (CFR) when matching VIS enrollment to NIR probes, a scenario known to suffer from a modality gap. The authors propose a vulnerability evaluation framework using WMCA VIS–NIR CFR protocols, comparing two CFR architectures (DIU and SSMB) and a COTS-FR baseline, and introducing development/evaluation splits with thresholds at a $0.1\%$ false match rate. Their results demonstrate that CFR systems, while generally robust, remain susceptible to targeted presentation attacks, with laser-printed photo attacks achieving near-perfect impersonation rates across several systems, and COTS-PAD performing poorly in the NIR domain. The study also highlights the need for NIR-specific presentation attack detectors and cautions against assuming built-in CFR security suffices, suggesting concrete directions for robust, modality-aware PAD development and reproducible evaluation protocols.
Abstract
Cross-spectral face recognition systems are designed to enhance the performance of facial recognition systems by enabling cross-modal matching under challenging operational conditions. A particularly relevant application is the matching of near-infrared (NIR) images to visible-spectrum (VIS) images, enabling the verification of individuals by comparing NIR facial captures acquired with VIS reference images. The use of NIR imaging offers several advantages, including greater robustness to illumination variations, better visibility through glasses and glare, and greater resistance to presentation attacks. Despite these claimed benefits, the robustness of NIR-based systems against presentation attacks has not been systematically studied in the literature. In this work, we conduct a comprehensive evaluation into the vulnerability of NIR-VIS cross-spectral face recognition systems to presentation attacks. Our empirical findings indicate that, although these systems exhibit a certain degree of reliability, they remain vulnerable to specific attacks, emphasizing the need for further research in this area.
