Introducing Nylon Face Mask Attacks: A Dataset for Evaluating Generalised Face Presentation Attack Detection

TL;DR

The paper tackles the vulnerability of smartphone-based face recognition to presentation attacks by introducing Nylon Face Masks (NFM) as a novel and realistic PAI and presenting a large smartphone-focused dataset. It evaluates five state-of-the-art PAD methods under an unseen-attack protocol to assess generalisation to new spoofing artefacts. Results reveal substantial variation in PAD performance across attack styles, with front-face NFMs typically more detectable than back-of-head or mannequin presentations, highlighting the challenges of cross-domain generalisation. The study underscores the need for diverse, realistic attack benchmarks and proposes future directions including expanding the dataset with more PAI variants and exploring multimodal or vision-language approaches to bolster PAD robustness in real-world deployments.

Abstract

Face recognition systems are increasingly deployed across a wide range of applications, including smartphone authentication, access control, and border security. However, these systems remain vulnerable to presentation attacks (PAs), which can significantly compromise their reliability. In this work, we introduce a new dataset focused on a novel and realistic presentation attack instrument called Nylon Face Masks (NFMs), designed to simulate advanced 3D spoofing scenarios. NFMs are particularly concerning due to their elastic structure and photorealistic appearance, which enable them to closely mimic the victim's facial geometry when worn by an attacker. To reflect real-world smartphone-based usage conditions, we collected the dataset using an iPhone 11 Pro, capturing 3,760 bona fide samples from 100 subjects and 51,281 NFM attack samples across four distinct presentation scenarios involving both humans and mannequins. We benchmark the dataset using five state-of-the-art PAD methods to evaluate their robustness under unseen attack conditions. The results demonstrate significant performance variability across methods, highlighting the challenges posed by NFMs and underscoring the importance of developing PAD techniques that generalise effectively to emerging spoofing threats.

Figures (6)

• Figure 1: Illustration of the proposed Nylon Face Mask (NFM) presentation attack in different scenarios. The figure shows the NFM worn by a human subject on both the frontal face and the back of the head, as well as applied to a mannequin from the frontal and back sides. The NFM is fabricated by printing a victim's face on stretchable nylon cloth, enabling attackers to perform flexible and realistic spoofing attempts in smartphone-based face recognition systems.
• Figure 2: Examples of bona fide face images collected using the iPhone 11 Pro under realistic smartphone usage conditions. The samples were recorded in indoor office environments with varying lighting conditions to reflect natural smartphone-based identity verification scenarios.
• Figure 3: Examples of the Nylon Face Mask (NFM) worn by human participants. The top image shows the mask worn on the frontal face, preserving the natural three-dimensional facial structure. The bottom image shows the mask placed on the back of the head, introducing distortions due to hair and lack of facial contours.
• Figure 4: Examples of the Nylon Face Mask (NFM) worn by human participants. The top image shows the mask worn on the frontal face, preserving the natural three-dimensional facial structure. The bottom image shows the mask placed on the back of the head, introducing distortions due to hair and lack of facial contours.
• Figure 5: DET curves for Human-Front side