How far did we get in face spoofing detection?

10/26/2017 ∙ by Luiz Souza, et al. ∙ unesp UFBA em Pauta 0

The growing use of control access systems based on face recognition shed light over the need for even more accurate systems to detect face spoofing attacks. In this paper, an extensive analysis on face spoofing detection works published in the last decade is presented. The analyzed works are categorized by their fundamental parts, i.e., descriptors and classifiers. This structured survey also brings the temporal evolution of the face spoofing detection field, as well as a comparative analysis of the works considering the most important public data sets in the field. The methodology followed in this work is particularly relevant to observe trends in the existing approaches, to discuss still opened issues, and to propose new perspectives for the future of face spoofing detection.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 9

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

In the last decade, there has been an increasing interest in human automatic secure identification, being mainly based on unique personal biometric information jain:2008 . One of the main reasons for such focus concerns the high number of security breaches and transaction frauds in non-biometric systems, which are prone to be cracked due to inherent vulnerabilities meadowcroft:2008 , like stolen cards and shared passwords, just to name a few.

Biometrics may use physical or behavioral characteristics for identification purposes, and different alternatives have been explored over the years: fingerprint  hasan:2013 ; marasco2015asurvey ; peralta2014minutiae , hand geometry  aleidan:2013 ; michael2012acontactless , palmprint  tamrakar2016kernel , voice  yadav:2013 ; choi2015unsupervised , face  zhao:2003 ; feng2016integration ; dora2017anevolutionary , and handwritten signature  sanmorino:2012 . Among those, face stands out for its acceptability and recognition cost, turning out to be one of the best option for a wide range of applications, from low-security uses (e.g., social media and smartphone access control) to high-security applications (e.g., border control and video surveillance in critical places).

This popularity, however, comes with a price: face recognition systems have become a major target of spoofing attacks. In such scenarios, an impostor attempts to be granted in an identification process by forging someone else’s identity. As procedures to replicate human faces are very much standard nowadays (e.g., photo and 3D printing), spoofing detection has become mandatory in any suitable face recognition system. Figure 1 illustrates the complexity of this problem, and the following question can be raised: ”Which half is real or fake?”. It is sometimes a very challenging task, even for humans.

Figure 1: Example of a half real (photo) and half fake face (photo of a photo). Which half is the real one? The answer is the one on the left.

Several approaches for spoofing detection have been developed in the last decade. Recently, two main surveys on the subject present a comprehensive review  galbally:2014 ; parveen2015face : in  galbally:2014 , a survey on anti-spoofing methods focuses not only on face, but also on other biometric traits (e.g., iris, voice, fingerprint); in  parveen2015face , face anti-spoofing methods are discussed by considering the intrusiveness of each method, with few attention on comparative analysis and temporal evolution of the field. On the other hand, the proposed survey focuses only on face-oriented works, reviewing and analyzing the most relevant works on face spoofing detection in the literature towards depicting the advance of the detection methods in the last decade. An extensive set of face anti-spoofing methods is presented, also depicting the evolution of the existing works. In this sense, trends denoted throughout these years were pointed out, as well as open issues were remarked in order to provide new directions on research topics in the future. Next, the contributions of this survey are addressed and discussed in details with respect to the other existing surveys, with special attention to the gaps filled by the present work.

1.1 Contributions

To the best of our knowledge, there are only two surveys in the context of face spoofing detection galbally:2014 ; parveen2015face . Although two face anti-spoofing competitions were organized chakka:2011 ; chingovska:2013 , and several data sets and methods have been published, the amount of gathered data and results were not still thorough and critically analyzed so far. Even these two existing surveys do not concentrate efforts to understanding the trends of this research field in terms of conception of the methods and results.

Galbally et al. galbally:2014 published a survey based on a chronological evolution of multimodal anti-spoofing methods. Although a special attention was given to face anti-spoofing, other biometric traits were also presented and discussed. A proposed timeline takes into consideration fingerprint, iris, and face anti-spoofing detection competitions, being the latter one organized by one of the authors of the survey galbally:2014 . In regard to face-driven works, the authors provided an extensive and comprehensive description of different types of face attacks and public image data sets. The face anti-spoofing methods, categorized by Galbally et al., were according to three levels: sensor, features, and multi-modal fusion, but being only two levels employed to classify the analyzed works. Sixteen existing works compose the face study part, which was characterized by the level of the technique, type of attack, public image data set used, and a single error rate. At the end, a discussion was addressed showing that although competitive laboratory performances were achieved, some people were successfully able to hack the fingerprint recognition system of the Iphone 5s. In galbally:2014 , also, some discussion about performance of face anti-spoofing methods resided in general considerations about cross-data set performance evaluation (in order to turn methods’ evaluation more thoroughly accomplished), new relevant features acquired on facial blood flow, and new hardware that could be used along with cameras to improve face anti-spoofing detection. The remainder of the survey in galbally:2014 discusses philosophical aspects of performing an anti-spoofing detection approach within face recognition systems.

Parveen et al. parveen2015face

followed a general architecture comprised of a sensor, pre-processing, feature extraction, and classification steps as a basis for a taxonomy of face anti-spoofing detection methods. The methods are categorized as non-intrusive or intrusive ones, addressed according to the stillness or motion detection presented in the detection process, respectively. Twenty-nine face anti-spoofing methods were studied, and the results of the existing works were individually analyzed over public image data sets. An experimental analysis was carried out by means of four error measures:

half total error rate (HTER), equal error rate (EER), area under curve (AUC) and accuracy (ACC). At the end in parveen2015face , some pros and cons are highlighted with regard to implementation complexity, user collaboration and attack coverage.

Differently from Galbally et al. galbally:2014 , which spread out the discussion on various anti-spoofing methods using different traits, we present an extensive survey that is focused on the evolution of particularly face spoofing detection methods and existing benchmarks. Instead of following a more generic categorization as those proposed in galbally:2014 ; parveen2015face , all gathered works here were organized in terms of their main component parts, i.e., descriptors and classifiers (see Section 2). This taxonomy was devised to help the reader to better understand the processes behind each countermeasure, and to unveil technical trends concerning different types of attacks. Since all works comprise features and learning methods, this organization seems to be the best to depict a big picture of the state-of-the-art research related to face spoofing detection.

Despite the other two surveys, our work resorts to a quantitative and analytical methodology (see Section 3) in order to support the analysis of trends of the existing face anti-spoofing approaches (see Section 4). A comparison of several methods was accomplished over the most currently used public data sets, taking into account the bias of the metrics used to assess face anti-spoofing performance (with several perfect results), differently from galbally:2014 and parveen2015face , where the results were individually analyzed. The goal is to numerically show how far spoofing detectors got considering only face. In order to fulfill such purposes, sixty-one face anti-spoofing methods were gathered (including the works that participated in the two competitions). Previous surveys did not include any in-depth assessment of existing face spoofing detection approaches galbally:2014 ; parveen2015face , leaving unclear which ways should be followed and what need to be done in technical terms, considering only face spoofing detection. Differently from the philosophical and general discussion found in galbally:2014 , concerning facts and challenges in the spoofing detection domain, the numerical-driven evaluation of the area allows suggesting other ways to evaluate the performance (avoiding supposedly perfect results), as well as new future research topics (e.g.

, deep learning 

fan:2014 , and collaborative clustering CORNUEJOLS201881 ) to be applied in face anti-spoofing methods (see Section 4).

1.2 Methodology

This compilation of works is based on a literature search in the following data sets: Scopus111http://www.scopus.com/, IEEE Xplore222http://ieeexplore.ieee.org/Xplore/home.jsp, Engineering Village333http://www.engineeringvillage.com/ and Google Scholar444https://scholar.google.com. On these sources, articles were consulted considering all publications with the following keywords: face recognition, face spoofing detection, face liveness detection, countermeasure against spoofing attacks and face anti-spoofing detection methods. The choice of the articles was made according to the following criteria: (i) they should follow the same protocol when evaluating the study; (ii) they should indicate the results using at least one of the metrics discussed in Subsection 3.2, (iii) they should be comparable to other studies using the same data set, and finally (iv) they must be peer-reviewed.

It is noteworthy that there were two competitions on face spoofing detection referred in  chakka:2011 ,  chingovska:2013 . The results obtained by the competition teams were analyzed, and the names of the groups and universities were used as references to the methods used in the first face spoofing detection competition, such as: Ambient Intelligence Laboratory (AMILAB), Center for Biometrics and Security Research, Institute of Automation, Chineses Academy of Sciences (CASIA), Idiap Research Institute (IDIAP), Institute of Intelligent Systems and Numerical Applications in Engineering, Universidad de Las Palmas de Gran Canaria (SIANI), Institute of Computing, Campinas University (UNICAMP) and Machine Vision Group, University of Uolu (UOLU) chakka:2011 . As well as, the names CASIA, Fraunhofer Institute for Computer Graphics Research (IGD), joint team from IDIAP, UOLU, UNICAMP and CPqD Telecom & IT Solutions (MaskDown), the LNM Institute of Information Technology, Jaipur (LNMIIT), Tampere University of Technology (MUVIS), University of Cagliari (PRA Lab), Universidad Autonoma de Madrid (ATVS) and UNICAMP refer to the teams that participated in the second face spoofing detection competition chingovska:2013 . Throughout this text, these team names will be cited as the reference of the method in the competition (chakka:2011 or chingovska:2013 ).

2 Face spoofing detection

Face spoofing detection maatta:2011 ; maatta:2012 ; schwartz:2011 ; bharadwaj:2013 ; tirunagari:2015 , face liveness detection yan:2012 ; peixoto:2011 ; yang:2013 ; wang:2013 ; tan:2010 , counter measure against facial spoofing attacks komulainen:2013 ; pereira:2012 ; kose:2013 ; kosedugelay:2013 ; kosedugelay:icdsp2013 , and face anti-spoofing chingovska:2012 ; erdogmus:2013 ; galballymarcel:2014 are all terms interchangeably used to denote methods to identify an impostor trying to masquerade him/herself as a genuine user in facial recognition systems.

2.1 Types of face spoofing attacks

Face spoofing systems usually consider the following types of spoofing attacks:

2.2 Taxonomy of face spoofing methods

Face recognition systems based on 2D and 3D images can be exposed to spoofing attacks, which can be verified by different approaches. In order to summarize them, we organized all gathered works in terms of descriptors and classifiers. Descriptors were categorized as texture, motion, frequency, color, shape or reflectance; while classifiers are organized as discriminant, regression, distance metric or heuristic. Table 1 presents the summary of the proposed taxonomy, and the descriptors and classifiers are respectively discussed and analyzed in Sections 2.3 and 2.4.

2.3 Descriptors

2.3.1 Texture

Texture features are extracted from face images under the assumption that printed faces produce certain texture patterns that do not exist in real ones. Texture is probably the strongest evidence of spoofing, since more than 69% of the works (see Table 

1) use texture alone or combine it with other descriptors in their countermeasures.

Different texture descriptors can be used to detect facial spoofing, but local binary patterns (LBP) ojala1996acomparative is the very first choice, as it can be observed in Table 1. Indeed, nearly half of the surveyed works explore LBP or any of its variations. LBP is a grayscale, illumination-invariant, texture-coding technique that labels every pixel by comparing it with its neighbors, concatenating the result into a binary number. The number of neighbors, neighborhood radius, and coding strategy are all parameters of the method. The final computed labels are then organized in histograms to describe the texture, which can be performed for the entire image or even image paths. Different LBP configurations can be found in spoofing detection, such as the original LBP (komulainen:2013 ; chingovska:2012 ; erdogmus:2013 ; kim:2012 ; boulkenafet2015face ; souza:2017 , IDIAP  chakka:2011 , MaskDown  chingovska:2013 ), multi-scale LBP (maatta:2011 ; maatta:2012 ; yang:2013 ; kose:2013 ; kosedugelay:2013 ; kosedugelay:2014 ; erdogmus2014spoofing ; yang2015person ; kimahn:2016 , UOULU  chakka:2011 , CASIA chingovska:2013 , LNMIIT chingovska:2013 , Muvis chingovska:2013

), LBP variance (LBPV)  

kose:2012 , and LBP from three orthogonal planes (LBP-TOP) (pereira:2012 ; asim:2017 , MaskDown  chingovska:2013 ). LBP-TOP can be considered a hybrid texture-motion descriptor, since it combines both spatial and temporal information. Other texture-coding techniques were also explored for spoofing detection, including local phase quantization (LPQ) yang:2013 ; boulkenafet2016face , which uses invariant blurring properties when extracting features from images. This descriptor is a phase information of the locally calculated Fourier spectrum for each position of the pixel in the image. Different approaches include local graph structure (LGS) housamlau:2014 and improved LGS (ILGS) housam:2014 x’, which were used to extract texture features by comparing a target pixel and its neighboring pixels. Other methods have also used texture descriptors in face spoofing detection competitions to analyze face spoofing attacks (AMILAB  chakka:2011 , PRA Lab  chingovska:2013 ). Multiscale local phase quantization on three orthogonal planes (MLPQ-TOP) is an extension of LPQ for time-varying texture analysis, which explores the blur-insensitive characteristic of the Fourier phase spectrum arashloo2015face . Multiscale binarised statistical image feature descriptor on three orthogonal planes (MBSIF-TOP) use filters based on statistical learning that represent spatio-temporal texture descriptors arashloo2015face . Dynamic texture descriptor can be found in local derivative pattern on three orthogonal planes (LDP-TOP) phan:2017 ; phan:2016 . LDP-TOP analyzes discriminative textures of spectrum videos, where subtle face movements occur over frames.

Histograms of oriented gradients (HOG) maatta:2012 ; schwartz:2011 ; yang:2013 ; yang2015person ; komulainenhadid:2013

is another texture descriptor that represents the variation of gradient orientations in different parts of the image in an illumination-invariant fashion. As such, the magnitude of the gradients in different orientations are summed in cells, which are lately combined in blocks. Bins, cells and blocks are normalized at the end to compose the final feature vector.

Gabor wavelets have been also applied in multiple scales and orientations in order to extract texture information in image cells. Usually, Gabor wavelets are calculated using mean and standard deviation of the magnitude of the coefficients at multiple scales and orientation (

maatta:2012 , Muvis  chingovska:2013 ).

A compact and discriminant global representation can be achieved in the gray level co-occurrence matrices (GLCM)  haralick1973texture . GLCM describes the joint probability of neighboring pixels, and different Haralick features can be extracted from each matrix (schwartz:2011 ; kimahn:2016 ; pinto:2012 ; pinto:2015 , MaskDown chingovska:2013 , UNICAMP  chingovska:2013 ).

Edge information can also be considered for texture representation. In order to describe edges, difference of gaussians (DoG) are used to remove lighting variations while preserving high frequency components peixoto:2011 ; zhang:2012

, and histograms of shearlet coefficients (HSC) are used to estimate the distribution of edge orientations in a multi-scale analysis 

feng2016integration ; schwartz:2011 . Nonlinear diffusion based on additive operator splitting (AOS) alotaibi:2017 is also used to extract edge information for spoofing detection, applying a large time step to speed up the diffusing process and to distinguish the edges and surface texture in the input image.

Finally, following a very recent trend in computer vision field, deep neural networks (DNN) 

menotti:2015 are trained in order to provide adaptive features which describe trainable texture.

2.3.2 Motion

Table 1 clearly shows that motion descriptors are the second in importance for face spoofing detection, and there are two different ways of considering motion for this purpose. One way is to detect and describe intra-face variations, such as eye blinking, facial expressions and head rotation. Conditional random fields (CRF) have been recently used to determine eye closity and consequently detect blinking pan:2007 ; for global facial movements, optical flow of lines (OFL) is used to measure spatio-temporal variations of face images in horizontal and vertical orientations feng2016integration ; kollreider:2008 ; kollreider:2009 , histogram of oriented optical flow (HOOF) and histogram of magnitudes of optical flows (HMOF) are applied to create a binned representation of facial motion directions and magnitudes (CASIA chingovska:2013 ); and robust alignment by sparse and low-rank decomposition (RASL) tries to align faces in multiple frames and measure non-rigid motion (yan:2012 , CASIA  chakka:2011 ).

Another way of using motion is to evaluate the consistency of the user interaction within the environment. In light of that, motion correlation between face and background regions is computed (komulainen:2013 , CASIA  chingovska:2013

), as well as, traditional background subtraction based on gaussian mixture models (GMM) (

yan:2012 ; pinto2015face , CASIA  chakka:2011 , LNMIIT  chingovska:2013 ).

Facial texture of an individual within a sequence of frames is explored by using the dynamic mode decomposition (DMD) tirunagari:2015 , which extracts features by means of eigenfaces in the snapshots displaced on temporal-spatial. DMD is used in combination with LBP technique as a texture descriptor, which is applied to capture evidences of human presence in a video sequence, such as eye blink and movements of the lips. Finally, in competitions, other types of methods have been used as a motion descriptor to analyze face spoofing attacks (SIANI  chakka:2011 , IGD  chingovska:2013 ).

2.3.3 Frequency

Frequency-based countermeasures take advantage of certain image artifacts that occur in spoofing attacks. 2D discrete Fourier transform (2D-DFT), and 1D and 2D fast Fourier transform (1D-FFT, 2D-FFT) are calculated to find these artifacts in single  

kim:2012 or multiple images (phan:2017 ; pinto:2012 ; pinto:2015 ; pinto2015face ; caetano2015face , CASIA chingovska:2013 , LNMIIT chingovska:2013 , UNICAMP chingovska:2013 ). When one considers multiple images, the concept of Visual Rhythms is used to merge multiple Fourier spectra in a single map that represents spatial frequency information over time, and then HOG, LBP and/or GLCM can be used for final face representation. When specifically considering color banding, which concerns abrupt changes caused by inaccurate print or screen flicker, Haar wavelets decomposition can be applied to find large unidirectional variations (yan:2012 , CASIA  chakka:2011 ).

2.3.4 Color

Although colors do not remain constant due to lighting variations, certain dominant characteristics are considerable clues to discriminate impostors from genuine faces. In this context, color frequency (CF) histograms describe the distribution of colors in an image( schwartz:2011 , UNICAMP chakka:2011

). These histograms are computed for different blocks of the image, as performed by HOG, using three bins to encode the number of pixels with the highest gradient magnitude in each color channel. Image moments globally describe face liveness by means of image distortion analysis (IDA) 

kimahn:2016 ; wen:2015 , image quality assessment (IQA) galballymarcel:2014 and image quality measures (IQM) (ATVS  chingovska:2013 ). IDA was proposed to extract characteristics through the HSV and RGB color spaces, smoothing and light intensity. IQA allows to maximize both critical performance measures in a complete face spoofing detection. IQM aims to show that the lowest values, obtained by quality measurements, produced with Gaussian filtering are samples of impostor face. YCbCr and HSV color spaces are used as color descriptors in boulkenafet2015face ; boulkenafet2016face . In laskhminarayana:2017 , each channel of RGB color space was used for feature extraction. Other methods have been used as color descriptors, used in competitions, to analyze face spoofing attacks (AMILAB  chakka:2011 , PRA Lab  chingovska:2013 ).

2.3.5 Shape

Shape information is very useful to deal with printed photo attacks, since facial geometry can not be reproduced in a planar surface. Active contours based on constrained local models (CLM) are used to detect facial landmarks in a video sequence. These landmarks define then a sparse 3D structure that describes the planarity of the face wang:2013 .

2.3.6 Reflectance

Considering that genuine and impostor faces behave differently in the same illumination conditions, it is possible to use the reflectance information to distinguish them. To accomplish that, the Variational Retinex method decomposes an input image into reflectance and illumination components tan:2010 ; kosedugelay:icdsp2013 ; kosedugelay:2014 in order to analyze the entire image.

2.4 Classifiers

2.4.1 Discriminant

The idea behind discriminant techniques is to distinguish different classes by minimizing intra-class variation and/or maximizing inter-class variation. This type of classifier is explored in approximately 64% of the gathered works.

As evidenced in Table 1

, works use a discriminant classifier alone or along with others in their frameworks. Support vector machines (SVM) are the most common classification technique in spoofing detection, and often presents superior performance. In order to achieve that, SVM finds optimal hyperplanes to separate descriptors from genuine and impostor faces. When these classes are not linearly separable, different kernel functions can be used to obtain a nonlinear classifier. Although linear SVM has been extensively used in different countermeasures (

maatta:2012 ; kose:2013 ; kosedugelay:2013 ; kosedugelay:icdsp2013 ; kosedugelay:2014 ; boulkenafet2016face ; komulainenhadid:2013 ; pinto:2012 , CASIA  chingovska:2013

), radial basis function kernel (

maatta:2011 ; bharadwaj:2013 ; pereira:2012 ; chingovska:2012 ; erdogmus:2013 ; kim:2012 ; boulkenafet2015face ; pinto:2012 ; wen:2015 ), and histogram intersection kernel tirunagari:2015 ; phan:2017 ; phan:2016 have also been applied to increase the classification accuracy. Different SVM versions can also be considered, such as Hidden Markov Support Vector Machines (LNMIIT  chingovska:2013 ). In ( yang:2013 ; wang:2013 ; komulainen:2013 ; kimahn:2016 ; zhang:2012 ; pinto2015face , UOULU chakka:2011 , AMILAB chakka:2011 , PRA Lab  chingovska:2013 ), however, the authors do not describe the type of SVM kernel used in the experiments.

As an alternative to linear approaches, the linear discriminant analysis (LDA) (bharadwaj:2013 ; erdogmus:2013 ; galballymarcel:2014 ; erdogmus2014spoofing , MaskDown chingovska:2013 , ATVS  chingovska:2013 ) explicitly models the difference between classes and within classes to address the classification task, with an advantage of being used for dimensionality reduction.

Other types of classifiers use discriminant procedures to accomplish face spoofing detection: multilayer perceptron (MLP) 

komulainen:2013 was used to evaluate whether excessive movement (flat printed photo-strike by hand) or no movement (flat printed photo strike attached to a media) had variations during an video sequence; neural network (NN) feng2016integration

is good at learning implicit patterns, which is able to recognize motion cues for spoofing detection with proper training. NN is trained by a backpropagation procedure using a labeled data set through an autoencoder, which is treated as a pre-training process; convolutional neural networks (CNN) 

souza:2017 ; asim:2017 ; alotaibi:2017 ; menotti:2015 ; laskhminarayana:2017

uses trainable features with shared weights and local connections between different layers, where all weights in all layers of a CNN network are learned through training. A CNN aims to learn invariance representations of scale, translation, rotation and related transformations on a trainable-based feature framework. Bayesian network (BN) (SIANI  

chakka:2011 ) provides a probabilistic method by extending Bayes’s rule for updating probabilities in the light of new evidences. Adaboost is a type of ensemble classifier that speeds up the process of finding discrimination of impostor and genuine users (IGD  chingovska:2013 ).

2.4.2 Regression

The regression-based classification maps use input descriptors directly into their class labels considering a predictive model obtained from known pairs of descriptors and labels. They have been widely used for spoofing detection due to their simplicity, accuracy and efficiency. Different regression methods are referred in the literature: linear logistic regression (LLR) (

komulainen:2013 , MaskDown  chingovska:2013 ) was used for the combination of information extracted through two descriptors; for the combination of correlative motion and texture (e.g., LBP) applications, using MLP and SVM classifiers, respectively; logistic regression (LR) (yan:2012 , CASIA  chakka:2011 ) is a confidence quantification of every feature representation, which in the final scores are fused by weight sum rule, and the weights of different classifiers are learned on validation set using grid search; sparse logistic regression (SLR) peixoto:2011 analyzes different lighting conditions and regions of high frequency for detecting images made by impostors; sparse low rank bilinear logistic regression (SLRBLR) tan:2010 was explored in images with prominent reflectance and illumination, using two techniques to extract these characteristics of the image, being reflectance based on variational retinex, and the illumination based on the DoG technique in the identification of medium-high frequency bands; partial least square (PLS) (schwartz:2011 ; yang2015person ; pinto:2012 ; pinto:2015 , UNICAMP  chakka:2011 , Muvis  chingovska:2013

) is calculated from a linear transformation on the features extracted by descriptors using weighting methods.

Kernel discriminant analysis (KDA) is a regression classifier, which projects the input data onto a discriminative spectral subspace, avoiding the computational time found in eigen-analysis arashloo2015face . In other words, KDA uses projective functions (vectors) based on eigen-decomposition of kernel matrix, being costly when applied to a large number of training samples.

2.4.3 Distance Metric

The use of distance metrics is supposed to improve the performance in face spoofing detection systems, with the goal of measuring the dissimilarities among samples. However, these approaches usually require an exhaustive search to accomplish the classification task, which may lead to a high cost in large reference sets. Chi-square () (kose:2012 , IDIAP  chakka:2011 ) and cosine distance housamlau:2014 ; housam:2014 are common choices to this end, and they are used to compute the cumulative distance of a probe face (that one to be identified) and the entire reference set to decide whether the face is genuine or impostor.

2.4.4 Heuristic

Different heuristics have been used to decide whether a face is real or fake. As a drawback, heuristics may lead to overfitting, specially when only self-collected data is considered. Number of eye blinks pan:2007 , motion measurements thresholding kollreider:2008 , average pixel ratio thresholding caetano2015face and weighted sum of motion measurements kollreider:2009 are examples of heuristics found in the literature.

3 Quantitative evaluation of the surveyed works

Results reported in the surveyed papers were grouped according to the data sets used in their experiments. All numerical values in our study are the exact same values presented in their original works, which followed the same evaluation protocol.

3.1 Data sets

Nine publicly available data sets were chosen to evaluate the methods: Concerning 2D attacks, NUAA Photograph Imposter tan:2010 , Yale Recaptured peixoto:2011 , Print-Attack anjos:2011 , Replay-Attack chingovska:2012 , Casia Face Anti-Spoofing zhang:2012 , MSU-MFSD wen:2015 and UVAD (pinto:2015 ,pinto2015uvad1 ) are the most known and used in the literature; with respect to mask attacks, Kose and Dugelay’s data set kose:2013 and 3D Mask Attack data set erdogmus:2013 are the only two found in the literature. General characteristics of each data set are summarized in Table 2, and more details can be found in  peixoto:2011 ; tan:2010 ; kose:2013 ; chingovska:2012 ; erdogmus:2013 ; zhang:2012 ; anjos:2011 .

Year Data set #Subjects #Real/Fake Type of attack
2010 NUAA Photograph Imposter  tan:2010 15 5105/7509 1. Flat printed photo
2. Warped photo
2011 Yale Recaptured peixoto:2011 10 640/1920 1. Flat printed photo
2011 Print-Attack  anjos:2011 50 200/200 1. Flat printed photo
2012 Replay-Attack chingovska:2012 50 200/1000 1. Flat printed photo
2. Video playback
2012 Casia Face Anti-Spoofing  zhang:2012 50 150/450 1. Warped photo
2. Eye-cut photo
3. Video playback
2013 Kose and Dugelay  kose:2013 20 200/198 1. Mask
2013 3D Mask Attack  erdogmus:2013 17 170/85 1. Mask
2014 MSU-MFSD  wen:2015 35 70/210 1. Flat printed photo
2. Video playback
2015 UVAD pinto:2015 , pinto2015uvad1 404 808/16268 1. Video playback
Table 2: Summary of available face spoofing data sets.

NUAA Photograph Imposter data set555\(http://parnec.nuaa.edu.cn/xtan/NUAAImposterDB\_download.html\) tan:2010 is one of the first publicly available data sets for face spoofing detection evaluation. Images in NUAA were collected by cheap webcams in three sessions on different environments and under different illumination conditions, with an interval of two weeks between each session. The evaluated attack is a printed photo, which can be flat or warped. These photo attacks were prepared using A4 paper and a color printer.

The main goal of the Yale Recaptured data set666\(http://ic.unicamp.br/~{}rocha/pub/downloads/2011\-icip/\) peixoto:2011 was to have impostor images in multiple illumination conditions. As such, texture-based methods are commonly employed over this data set. Static images were collected with a distance of 50 centimeters between the display and the camera.

The Print-Attack data set777\(https://www.idiap.ch/dataset/printattack/download\-proc\) anjos:2011 was used to benchmark different works in the first spoofing detection competition chakka:2011 . This data set was created by showing a flat printed photo of a genuine user to an acquisition sensor in two ways: Hand-held (i.e., the impostor holds the photo using the hands) or fixed support (i.e., photos are stuck on a wall).

Replay-Attack data set888\(https://www.idiap.ch/dataset/replayattack/download\-proc\) chingovska:2012 is an extension of the Print-Attack data set to evaluate spoofing in videos and photos, and it was used in the second spoofing detection competition chingovska:2013 . It consists of 1,300 video clips of photo and video attacks. All images and videos were collected under different lighting conditions, and three different attacks modes were considered: printed photo in high-resolution and video playbacks, using a mobile phone with low-resolution screen, and a 1024768 pixels ipod screen.

Casia Face Anti-Spoofing data set999\(http://www.cbsr.ia.ac.cn/english/FaceAntiSpoofdatasets.asp\) zhang:2012 contains seven scenarios with different types of attack and a variety of image qualities. This data set presents three types of attacks: warped photo, eye-cut photo and video playback. Kose and Dugelay’s data set101010\(http://www.morpho.com/\) kose:2013 is a paid-mask data set created by the MORPHO company. Subjects were captured by a 3D scanner that uses a structured light technology to obtain genuine images of facial shape and texture. After that, masks for those images were manufactured by Sculpteo 3D Printing111111\(http://www.sculpteo.com/en/\), and then recaptured by the same sensor to obtain impostor images.

3D Mask-Attack data set (3DMAD)121212\(https://www.idiap.ch/dataset/3dmad/download-proc\) erdogmus:2013 was the first publicly available data set for mask attacks, and it consists of video sequences recorded by an RGB-D camera. Masks were manufactured using the services of ThatsMyFace131313\(http://www.thatsmyface.com/Products/products.html\), and one frontal and two profile images of each subject for that purpose were required.

MSU Mobile Face Spoofing data set (MSU MFSD)141414\(http://www.cse.msu.edu/rgroups/biometrics/Publications/datasets/% MSUMobileFaceSpoofing/index.htm\)wen:2015 consists of 280 video clips of print photo and video attack attempts to 35 participants. All printed photos used for attacks were created with a state-of-the-art color printer on larger sized paper. In order to perform an attack, video playback from each participant was taken under the similar conditions as in their authentication sessions.

Unicamp Video-Attack data set (UVAD)151515\(http://figshare.com/articles/visualrhythm_{a}ntispoofing/1295453\)pinto:2015 ; pinto2015uvad1 is comprised of videos of valid accesses and attacks of 404 subjects, all built at Full HD quality, recorded at 30 frames per second and nine seconds long. All videos were created by filming each person in two sections under different lighting conditions, backgrounds and places (indoors and outdoors).

Year data set #Subjects #Real/Fake Types of attacks
2012 Pinto et al.  pinto:2012 50 100/600 1. Video playback
2012 BERC Webcam kim:2012 25 1408/7461 1. Flat printed photo
2012 BERC ATM kim:2012 20 1797/5802 1. Flat printed photo
2013 Wang et al.  wang:2013 50 750/2250 1. Flat printed photo
2. Warped photo
Table 3: Summary of non-public face spoofing data sets.

Other non-public data sets are proposed in wang:2013 ; kim:2012 ; pinto:2012 . In  pinto:2012 , the data set was introduced to detect video-based spoofing. Kim et al.  kim:2012 proposed two different data sets called BERC Webcam and BERC ATM, which consist of images taken from live people and four types of 2-D paper masks (photo, print, magazine, caricature). Wang et al.  wang:2013 created an image data set for photo attack evaluation using flat-printed and warped photos. Table 3 summarizes the main characteristics of the aforementioned data sets.

3.2 Performance Metrics

A spoofing detection system is subject to two types of errors: an impostor can be accepted as a genuine user (i.e. number of false acceptance - NFA), or a genuine user can be considered as an impostor (i.e., number of false rejection - NFR). The probability of these errors to occur are respectively called false acceptance rate (FAR) and false rejection rate (FRR). These rates present an inversely proportional relation. A receiver operating characteristics (ROC) curve is obtained by computing all possible pairs of FAR and FRR values, as illustrated in Fig. 10. The integral of a ROC curve is known as the area under curve (AUC), i.e., the gray-filled area in Fig. 10. Also, the point of the ROC curve where FAR equals FRR is called equal error rate (EER), and the point where the average of FAR and FRR is minimal is called half total error rate (HTER). Finally, the overall accuracy (ACC) considers both genuine users and impostors along with the FAR and FRR. Table 4 summarizes all the aforementioned metrics.

Figure 10: Relation among the metrics on the ROC curve.
Metric Stand for Equation Type
FAR False Acceptance Rate Error
FRR False Rejection Rate Error
EER Equal Error Rate Error
HTER Half Total Error Rate Error
ACC Accuracy Hit
AUC Area Under Curve , where : [,] Hit
Table 4: Metrics commonly applied on face spoofing evaluation.

Since most of the considered data sets are not balanced (i.e., the number of impostors and genuine images is different), ACC may lead to a biased performance analysis. All other metrics are based on a separate evaluation of FAR and FRR, so they are more reliable for a comparative analysis. For these reasons, surveyed works were compared using metrics according to the following order of preference: EER, HTER, AUC and ACC.

3.3 Performance analysis of the existing spoofing detectors

Comparing different works is a difficult task, since most of the time we do not have access to the original source codes, and reproducing codes and experimental results are very complicated. For that reason, we have decided to perform this comparison by using the results reported in the gathered papers. However, determination of the best method based on the reported results is not an easy task. It is possible to make mistakes even when comparing works that use the very same data set, specially if this data set is prone to be biased torralba:2011 . Strictly speaking, besides a common available data set, it is of underlying importance to follow the same methodology and to have the same metrics when comparing different countermeasures.

Given the data sets presented in Section 3.1, some criteria were adopted to select which works should be considered in our analysis: (i) they must follow the same data set protocol; (ii) they must report its results using at least one of the metrics discussed in Section 3.2; and (iii)they must be comparable to other works using the same data set (i.e. use the most common metrics for that data set). On that account, some works were then removed from the analysis for NUAA chingovska:2012 ; housamlau:2014 ; housam:2014 , Print-Attack yan:2012 ; yang:2013 , Replay-Attack yang2015person ; caetano2015face , Casia Face Anti-Spoofing tirunagari:2015 ; chingovska:2012 ; galballymarcel:2014 ; yang2015person ; pinto2015face ; wen:2015 ; laskhminarayana:2017 , Kose and Dugelay’s kosedugelay:2013 , 3DMAD  erdogmus2014spoofing ; pinto2015face data sets and other works in pan:2007 ; kollreider:2008 ; kollreider:2009 . Therefore, such works are not presented in Table 1 and Fig. 11. Tables 5-12 summarize the selected results. It is noteworthy that sometimes it was necessary to take conclusions by indirectly comparing different metrics, as in Table 5.

Reference Features Classifier EER (%) AUC ACC (%)
2010, Tan et al. tan:2010 Variational Retinex SLRBLR - 0.94 -
2011, Maatta et al. maatta:2011 LBP SVM 2.90 0.99 98.00
2011, Peixoto et al. peixoto:2011 DoG SLR - - 93.20
2011, Schwartz et al. schwartz:2011 CF + HOG + HSC + GLCM PLS 8.20 0.96 -
2012, Maatta et al.  maatta:2012 LBP + Gabor Wavelets + HOG SVM 1.10 0.99 -
2012, Kose and Dugelay kose:2012 LBPV 11.97 - -
2013, Yang et al. yang:2013 LBP + LPQ + HOG SVM 1.90 0.99 97.70
2015, Arashloo et al. arashloo2015face MLPQ-TOP + MBSIF-TOP KDA 1.80 - -
2017, Alotaibi and
Mahmood alotaibi:2017 AOS CNN - - 99.00
2017, Souza et al. souza:2017 LBP CNN 1.80 0.99 98.20
Table 5: Results over NUAA Imposter data set.
Reference Features Classifier ACC (%)
2011, Peixoto et al. peixoto:2011 DoG SLR 91.70
2012, Maatta et al. maatta:2012 LBP + Gabor Wavelets + HOG SVM 100.00
Table 6: Results over Yale Recaptured data set.
Reference Features Classifier HTER (%)
2011, IDIAP chakka:2011 LBP 0.00
2011, UOULU chakka:2011 LBP SVM 0.00
2011, CASIA chakka:2011 RASL + GMM + LR 0.00
Haar Wavelets
2011, AMILAB chakka:2011 Color + Texture SVM 0.63
2011, SIANI chakka:2011 Motion BN 10.63
2011, UNICAMP chakka:2011 and
Schwartz et al. schwartz:2011 CF + HOG + HSC + GLCM PLS 0.63
2012, Maatta et al. maatta:2012 LBP + Gabor Wavelets + HOG SVM 0.00
2013, Bharadwaj et al. bharadwaj:2013 HOOF LDA 0.62
2015, Tirunagari et al. tirunagari:2015 DMD + LBP SVM 0.00
Table 7: Results over Print-Attack data set.

Table 5 summarizes the results of the methods concerning the NUAA data set, and the most common metrics were EER, AUC and ACC. This data set presents a relatively balanced number of positives and negatives samples, which avoids biased results when using ACC. Peixoto et al. peixoto:2011 did not report both EER and AUC, but their ACC shows that they did not achieve the best performance. As it can be observed in Table 5, methods with high AUC have low EER. Although AUC does not allow us to differ between the methods proposed by Maatta et al. maatta:2011 ; maatta:2012 and Yang et al. yang:2013 , EER clearly shows that Maatta et al. maatta:2012 achieved the best performance for the NUAA data set.

A summary of the results considering the Yale Recaptured data set is presented in Table 6. Works using this data set were compared by means of ACC, the only metric in common to all of them. Since this data set is highly unbalanced (i.e., a ratio of 1:3), ACC would not be the most recommended metric. For this comparison, however, the use of ACC is not an issue due to the perfect performance reported  maatta:2012 , which means that both classes were perfectly classified.

Reference Features Classifier HTER (%)
2012, Chingovska et al. chingovska:2012 LBP SVM 15.16
2012, Freitas et al. pereira:2012 LBP-TOP SVM 7.60
2013, Komulainen et al. komulainen:2013 Motion Correlation + LBP LLR + SVM 5.11
+ MLP
2013, Bharadwaj et al. bharadwaj:2013 HOOF + LBP LDA 1.25
2013, CASIA chingovska:2013 LBP + 1D-FFT + HMOF SVM 0.00
+ Motion Correlation
2013, IGD chingovska:2013 Motion Adaboost 9.13
2013, MaskDown chingovska:2013 LBP + GLCM + LBP-TOP LLR + LDA 2.50
2013, LNMIIT  chingovska:2013 LBP + GMM + 2D-FFT SVM 0.00
2013, Muvis chingovska:2013 LBP + Gabor Wavelets PLS 1.25
2013, PRA Lab chingovska:2013 Color + Texture SVM 1.25
2013, ATVS chingovska:2013 IQM LDA 12.00
2013, UNICAMP chingovska:2013 2D-DFT + GLCM SVM 15.62
2014, Galbally et al. galballymarcel:2014 IQA LDA 15.20
2015, Menotti et al. menotti:2015 DNN CNN 0.75
2015, Tirunagari et al. tirunagari:2015 DMD + LBP SVM 3.75
2015, Wen et al. wen:2015 IDA SVM 7.41
2015, Pinto et al. pinto:2015 2D-DFT PLS 14.27
2015, Boulkenafet et al. boulkenafet2015face LBP + Color SVM 2.90
2015, Arashloo et al. arashloo2015face MLPQ-TOP + MBSIF-TOP KDA 1.00
2015, Pinto et al. pinto2015face GMM + 2D-DFT SVM 2.75
2016, Boulkenafet et al. boulkenafet2016face LPQ + Color SVM 3.30
2016, Feng et al. feng2016integration HSC + Optical Flow NN 0.00
2016, Kim et al.  kimahn:2016 MLBP + GLCM + IDA SVM 5.50
2016, Phan et al.  phan:2016 LDP-TOP SVM 1.75
2017, Alotaibi and
Mahmood alotaibi:2017 AOS CNN 10.00
2017, Lakshminarayanaet al.  laskhminarayana:2017 Color CNN 0.80
Table 8: Results over Replay-Attack data set.
Reference Features Classifier EER (%)
2012, Zhang et al. zhang:2012 DoG SVM 17.00
2013, Komulainen et al. komulainenhadid:2013 HOG SVM 3.30
2013, Yang et al. yang:2013 LPQ + LBP + HOG SVM 11.80
2015, Boulkenafet et al. boulkenafet2015face LBP + Color SVM 6.20
2016, Boulkenafet et al. boulkenafet2016face LPQ + Color SVM 3.20
2016, Feng et al. feng2016integration HSC + Optical Flow NN 5.83
2016, Kim et al.  kimahn:2016 MLBP + GLCM + IDA SVM 4.89
2016, Phan et al.  phan:2016 LDP-TOP SVM 8.94
2017, Asim et al. asim:2017 LBP-TOP CNN 8.02
Table 9: Results over Casia Face Anti-Spoofing data set.
Reference Features Classifier AUC ACC (%)
2013, Kose and Dugelay kosedugelay:icdsp2013 Variational Retinex SVM 0.97 94.47
2013, Kose and Dugelay kose:2013 LBP SVM 0.98 93.50
2014, Kose and Dugelay kosedugelay:2014 LBP + SVM 0.99 98.99
Variational Retinex
Table 10: Results of different methods over Kose and Dugelay’s data set.
Reference Features Classifier HTER (%)
2013, Erdogmus and Marcel erdogmus:2013 LBP LDA 0.95
2015, Menotti et al. menotti:2015 DNN CNN 0.00
2016, Feng et al. feng2016integration HSC + Optical Flow NN 0.00
Table 11: Results over 3D Mask Attack data set.
Data set Reference Features Classifier HTER (%) EER (%)
UVAD 2015, GMM
Pinto et al. pinto2015face + 2D-DFT SVM 29.87 -
UVAD 2017, 2D-DFT
Phan et al. phan:2017 + LDP-TOP SVM 23.69 -
MSU- 2015,
MFSD Wen et al. wen:2015 IDA SVM - 5.82
MSU- 2016, LPQ
MFSD Boulkenafet et al. boulkenafet2016face + Color SVM - 3.50
MSU- 2016,
MFSD Phan et al.  phan:2016 LDP-TOP SVM 7.70 6.54
MSU- 2016, MLBP
MFSD Kim et al. kimahn:2016 GLCM + IDA SVM - 2.44
Table 12: Results over UVAD and MSU-MFSD data set.
Data set Features Classifier EER (%) ACC (%)
BERC Webcam  kim:2012 LBP + 2D DFT SVM 8.43 -
BERC ATM  kim:2012 LBP + 2D DFT SVM 4.42 -
Self Collected  pinto:2012 GLCM + 2D DFT PLS - 100.00
Self Collected  pinto:2012 GLCM + 2D DFT SVM - 100.00
Self Collected  wang:2013 CLM SVM - 100.00
Table 13: Results of different methods over other non-public data sets.

As stated in Section 3.1, the Print-Attack data set was used as a benchmark in the first spoofing detection competition chakka:2011 , wherein three works achieved perfect score (i.e., IDIAP chakka:2011 , UOULU chakka:2011 and CASIA chakka:2011 ). Later works maatta:2012 ; tirunagari:2015 also achieved 0% of HTER (see Table 7), and Maatta et al. maatta:2012 reached the best performance in a third data set. As shown in Table 2, NUAA, Yale Recaptured and Print-Attack data sets are solely based on printed photo attacks. Given the work in maatta:2012 achieved the lowest error rates in all of the attacks using the same approach, it is safe to assume that multiple texture features (i.e., LBP, Gabor wavelets and HOG) and an SVM classifier are enough to detect printed photo attacks over that data set.

The Replay-Attack data set was used in the second spoofing detection competition chingovska:2013 , and both CASIA and LNMIIT obtained 0% of HTER. There is a proposed method in  feng2016integration , which also achieved a perfect HTER (see Table 8). This data set has an uneven number of real and fake images (i.e., a ratio of 1:5), but it does not influence the analysis since all works report their results using the same metric.

The Casia Face Anti-Spoofing data set is characterized by the highest number of types of attacks, as presented in Table 2, but presenting a low number of samples. Table 9 presents the results on this data set, and Boulkenafet et al. boulkenafet2016face proposed the method with the best performance, reaching perfect results (i.e., 3.20% EER).

Tables 10 and 11 present, respectively, the spoofing detection results for mask attacks over Kose and Dugelay’s and 3D Mask Attack data sets. The best performance over that data set was achieved by the method based on texture and reflectance descriptors, and an SVM classifier. The number of fake images in the 3D Mask Attack data set was greater than the number of real ones, but works were evaluated using HTER; so unbalancing is not a problem. Menotti et al. menotti:2015 obtained the best performance by combining deep learning and SVM. Methods dealing with video playback and mask attacks did not rely only on texture descriptors, exploring different features (i.e., motion, frequency and reflectance) to reduce the classification error. SVM is still the most preferred classifier.

Table 12 summarizes the results over UVAD and MSU-MFSD datasets. The first one was only used by one work, while in the second Kim et al. boulkenafet2016face achieved the lowest EER. Table 13 shows results over non-public data sets, and it is only presented for completeness, since it is not easy reproducible.

4 Discussion and analysis

Most of the effort to address the problem of face spoofing detection have been carried out over the past decade. Henceforth we provide a big picture of the field (trends), as well as the analysis of open issues and future perspectives that could be tackled and followed in order to leverage the face spoofing systems.

4.1 Timeline and trends of the state-of-the-art works

Figure 11 depicts a chronological arrangement of the surveyed works in order to demonstrate the convergence of descriptors and classifiers over the time.

Figure 11: Timeline of face spoofing detection in the last decade.

From 2007 to 2010, spoofing detectors were mostly focused on the analysis of motion or reflectance, since both types of descriptors are based on a quite straightforward observation: printed faces do not behave or reflect light as real faces do. Although such countermeasures have persisted to date, another image cue has grown in importance in the literature: face texture. As pointed out by Tan et al. tan:2010 , an impostor face is captured by a camera twice, while a genuine-user once. The former consequently produces artifacts that are not presented in real face acquisition. These artifacts are very perceptible in texture images, and texture coding techniques seem to be an effective way to capture and describe them, as evidenced in the number of works relying on traditional texture description approaches and their variations from 2011 to 2017.

In terms of classification, SVM-based works became more and more popular to the point of dominating the face spoofing literature in recent years, which is somehow expected, since SVM has gained a wide attention in many other machine learning tasks, such as medical diagnosis 

sweilam:2010 , object recognition muralidharan:2011 and market analysis huang:2005 . In fact, even if we consider only face processing applications, there are several ways of exploring SVM: face recognition tefas:2001 , face detection osuna:1997 , facial landmark extraction rapp:2011 , facial expression analysis kotsia:2007 , and so forth. Although SVM provides very accurate results, the two most researched and up-to-date of these applications (i.e., detection and recognition) are recently getting better results using deep learning methods zhang:2014 ; taigman:2011 . Thus, we expect to see an attention shift towards deep learning in spoofing detection works for the next few years, which can already be seen in the most recent literature menotti:2015 ; alotaibi:2017 ; laskhminarayana:2017 ; souza:2017 ; asim:2017 .

4.2 Open issues

After surveying all existing face spoofing detection methods in the last decade, it is still difficult to establish if there was a remarkable progress in this field. The main points that support this view are the following:

  1. Automatic detection of impostors by face still follows the same recipe as many other computer vision problems: first extracting some features for further classifying them by a supervised predictor. Moreover, most works follow the same architecture of popular face recognition systems, using similar feature sets and classification methods. This is even more evident if one observes Table 14, where the best performing works over all data sets considered in our review are shown. As stated in Section 4, texture-based descriptors and SVM-based classification have prevailed in the face spoofing literature. The combination texture+SVM has reached the best performance in five out of the nine data sets analyzed. For the remaining two, texture and SVM are still there, but combined with other descriptors (i.e., motion, frequency or reflectance).

  2. Most of the time, spoofing detection follows face recognition trends. For instance, deep learning techniques are becoming very popular in face recognition zhi-peng:2014 and have consistently outperformed other existing methods, just like what happened to LBP+SVM few years before. As demonstrated, Menotti et al. menotti:2015 recently employed deep learning for face spoofing detection, evaluating the performance of the proposed method on two data sets: Replay-Attack and 3D Mask Attack. Their results were comparable to the state-of-the-art in the first one, and are the best performance so far in the second one. This practically shows that any face recognition breakthroughs will lead to improvements on texture-based spoofing detection as well.

  3. All surveyed works perform training and testing using the same data set (although in a non-overlapping way). They presented their results with different metrics (i.e. ACC, AUC, HTER and EER) and near perfect results were found for each of the nine publicly available data sets considered in this work. Far from showing that face spoofing detection is a solved problem, this fact actually indicates the lack of a challenging data set that allows a thoroughly analysis of the proposed methods. Other computer vision problems have been conducted in this direction, like person re-identification with VIPER data set ma:2015 and object recognition with Caltech-256 Object Category data set griffin:2007 , both with state-of-the-art accuracy below 50%. We believe that a large data set in a wild scenario is more likely to promote breakthroughs. In addition to a large amount of images and/or videos, multiple types of attacks should be covered, be diverse in terms of ethnicity, age and gender, and present real-world scenarios with different environments, acquisition devices, lighting conditions, and human behaviors.

  4. A lack of a standard evaluation protocol for spoofing detection methods is also an issue. Currently, most of the researchers use HTER and EER for detection results to avoid biased results when a data set is unbalanced, but these metrics do not show the effects of spoofing detection on the recognition step. Chingovska et al. chingovska:2006

    introduced an evaluation protocol for biometric systems under spoofing attacks that simultaneously analyzes both recognition and spoofing detection results through expected performance and spoofability curves (EPSC) by dividing a data set in three categories: genuine users, zero-effort impostors and spoofing attacks. However, the proposed evaluation method depends on a prior probability of the spoofing attacks, or a cost relation between the ratio of incorrectly accepted zero-effort impostors and the ratio of incorrectly accepted spoofing attacks. The latter ones could vary for different systems, adding more variables to the problem. Hence, a more intuitive and self-explanatory evaluation metric is also required to instigate future efforts in this research topic. This also extends to benchmarks that rigorously evaluate both recognition and spoofing detection, which are currently not available in the literature.

Reference Features Classifier Data set
Maatta et al. maatta:2012 LBP + SVM NUAA Imposter
Gabor Wavelets + Yale Recaptured
HOG Print-Attack
IDIAP chakka:2011 LBP Print-Attack
UOULU chakka:2011 LBP SVM Print-Attack
CASIA chakka:2011 RASL + GMM +
Haar wavelets LR Print-Attack
Tirunagari et al. tirunagari:2015 DMD + LBP SVM Print-Attack
CASIA chingovska:2013 LBP + 1D-FFT + HMOF
+ Motion Correlation SVM Replay-Attack
LNMIIT  chingovska:2013 LBP + GMM + 2D-FFT SVM Replay-Attack
Feng et al. feng2016integration HSC + Optical Flow NN Replay-Attack
Boulkenafet et al. boulkenafet2016face LPQ + Color SVM Casia Face Anti-Spoofing
Kose and Dugelay kosedugelay:2014 LBP + Variational Retinex SVM Kose and Dugelay’s
Menotti et al. menotti:2015 DNN CNN 3D Mask Attack
Feng et al. feng2016integration HSC + Optical Flow NN 3D Mask Attack
Kim et al. kimahn:2016 MLBP + GLCM + IDA SVM MSU-MFSD
Table 14: Best performing works over different data sets

In general, existing works seem to be going towards data set tuning (i.e. overfitting) instead of designing more effective and flexible solutions. This is corroborated by the works of Pereira et al. de2013can and Pinto et al. pinto2015face , which show initial cross-data set performance analyses using Casia Face Anti-Spoofing and Replay-Attack data sets. Different methods were evaluated by Pereira et al. de2013can , and Tables 15 and 16 show the results for the two most interesting ones, respectively, (1) Motion Correlation+MLP; and (2) LBP-TOP+SVM. While LBP-TOP+SVM presents the best performance in experiments within a data set, Motion Correlation+MLP performs better in experiments across different data sets, which seems to indicate that not necessarily the best performing works for a specific data set, like the ones shown in Table 14, are actually the best countermeasures. On the other hand, they probably miss in terms of generalization power. Similar results can be also found in Pinto et al. work pinto2015face . Therefore, countermeasures with good performance in cross-data set experiments – in the absence of a truly challenging data set – are expected to be more effective in real world scenarios. Current countermeasures, however, hardly beat a random classifier (i.e. 50% HTER).

TrainTest Casia Face Anti-Spoofing Replay-Attack Casia Face Anti-Spoofing 30.33% 50.25% Replay-Attack 48.28% 11.79%

Table 15: Cross-data set results (HTER) for Motion Correlation+MLP, as presented by Pereira et al.[67].

TrainTest Casia Face Anti-Spoofing Replay-Attack Casia Face Anti-Spoofing 23.75% 50.64% Replay-Attack 61.33% 8.51%

Table 16: Cross-data set results for LBP-TOP+SVM in HTER, as presented by Pereira et al. [67].

4.3 Future perspectives

Given the actual state of researches in face spoofing detection and the observed trends, we would like to point some future directions that could help other authors to address challenges that still need to be solved.

First, although texture-based solutions imported from face recognition systems have the best results in experiments within a data set, their performance rapidly degrade in experiments across different data sets de2013can

. Thus, designing solutions specifically for spoofing detection like the initial works based on motion and reflectance seems to be a more promising way of achieving reasonable generalization. This topic has being understudied in the last years, but can find new stimuli in unexplored variations of deep learning that may benefit from this kind of information, such as long short-term memory networks 

hochreiter:1997 and Fourier CNNs pratt:2017 .

Second, other learning frameworks could be explored to offer a different perspective on how to solve this problem. Principles of lifelong fischer:2000

and transfer learning 

yu:2014 have not been explored so far. Such techniques would allow incorporating new samples into an existing model at any time, making it more flexible to cover further attacks in the future without retraining the entire classifier. In addition, clustering approaches CORNUEJOLS201881 may be an option to analyze massive amounts of data in unsupervised or semi-supervised ways and could help to eventually discover unknown attacks without exhaustive manual annotation.

Third, a large web collected corpus for spoofing detection in uncontrolled scenarios would give an immediate boost to this field and would reduce overfitting problems related to data sets and/or attack types. More than that, this corpus could be created as extension of existing wild face recognition databases, such as Labeled Faces in the Wild learnedmiller:2016 , to allow evaluating both recognition and spoofing detection simultaneously. To this end, one may search the web looking for images of individuals from of a chosen face recognition data set containing printed faces or even elaborate attacks like silicone masks and makeup disguises.

Finally, multimodal biometric systems are less likely to be spoofed as impostors, since one has to forge multiple biometric features at the same time. For this reason, different works addressed the impostor problem by combining two or more human characteristics akhtar:2012 ; biggio:2012 ; johnson:2010 ; rodrigues:2009 ; rodrigues:2010 ; farmanbar:2017 ; singh:2017 . With this in mind, facial biometrics can be seen as a special case, since multimodality can take advantage of multiple facial properties (e.g., texture, shape and temperature) to avoid spoof attacks. Nowadays, different commercially available devices are able to capture color, depth and infrared images simultaneously at a reasonable price. These devices could be used to enhance current countermeasures, and possibly make them practicable in industrial applications litomisky2012consumer .

5 Conclusion

In this survey, we presented a compilation of face spoofing detection works over the past decade, as well as, a thoroughly numerical and qualitative analysis. Spoofing attacks persist to be a security challenge for face biometric systems, and there were much effort in the field to find robust methods. However, all these efforts have been following the same recipe, not favoring breakthroughs in the field. Many works of face spoofing detection give emphasis on 2D attacks by presenting printed photos or replaying recorded videos, and 3D attacks have been recently studied due to the technological advancements in 3D printer and reconstruction. Although perfect results on public data sets have been achieved by many works, there is a considerable gap to move from academic researching to real-world applications in a effective way. As such, it is expected that researchers concentrate efforts to create more difficulty data sets and more unbiased evaluation methods, henceforth.

Acknowledgments

J. P. Papa is grateful to FAPESP grants #2013/07375-0, #2014/12236-1, and #2016/19403-6, as well as CNPq grant #306166/2014-3.

References

References

  • (1) A.K. Jain, P. Flynn, A.A. Ross. Handbook of Biometrics. Springer, 2008.
  • (2) P. Meadowcroft, Card fraud - will PCI-DSS have the desired impact?, Card Technology Today, 20 (3) (2008) 10–11.
  • (3) H. Hasan, S. Abdul-Kareem, Fingerprint image enhancement and recognition algorithms: a survey, Neural Computing and Applications, 23 (6) (2013) 1605-1610, Springer.
  • (4) E. Marasco and A. Ross. A survey on antispoofing schemes for fingerprint recognition systems, ACM Computing Surveys (CSUR), 47 (2) (2015) 28.
  • (5) D. Peralta, M. Galar, I. Triguero, O.Miguel-Hurtado, J. M. Benitez, F. Herrera. Minutiae filtering to improve both efficacy and efficiency of fingerprint matching algorithms, Engineering Applications of Artificial Intelligence, 32 (1) (2014) 37-53, Elsevier.
  • (6) R.M. Al Eidan, Hand biometrics: Overview and user perception survey, in Proc. ICIA, 2013, pp. 252–257.
  • (7) G. Kah Ong Michael, T. Connie, A. Beng Jin Teoh. A contactless biometric system using multiple hand features, JVCIR, 23 (2012) 1068-1084.
  • (8) D. Tamrakar, P. Khanna. Kernel discriminant analysis of Block-wise Gaussian Derivative Phase Pattern Histogram for palmprint recognition, JVCIR, 40 (2016) 432-448.
  • (9) K. S. Yadav, M. M. Mukhedkar, Review on Speech Recognition, IJSE, 1 (2) (2013) 61–70.
  • (10) D. J. Choi, J. S. Park, Y. H. Oh. Unsupervised rapid speaker adaptation based on selective eigenvoice merging for user-specific voice interaction, Engineering Applications of Artificial Intelligence, 40 (1) (2015) 95-102, Elsevier.
  • (11) W. Zhao, R. Chellappa, P. J. Phillips, A. Rosenfeld, Face Recognition: A Literature Survey, ACM Computing Surveys, 35 (4) (2003) 399–458.
  • (12) L. Feng, Lai-Man Po, Y. Li, X. Xu, F. Yuan, T. Chun-Ho Cheung, Kwok-Wai Cheung. Integration of image quality and motion cues for face anti-spoofing: A neural network approach, JVCIR, 38 (2016) 451-460.
  • (13) L. Dora, S. Agrawal, R. Panda, A. Abraham. An evolutionary single Gabor kernel based filter approach to face recognition, Engineering Applications of Artificial Intelligence, 62 (1) (2017) 286-301, Elsevier.
  • (14) A. Sanmorino, S. Yazid, A Survey for Handwritten Signature Verification, in Proc. URKE, 2012, pp. 54–57.
  • (15) J. Galbally, S. Marcel, J. Fierrez, Biometric Antispoofing Methods: A Survey in Face Recognition, Access, IEEE, 2014, pp. 1530–1552.
  • (16) S. Parveen, S. M. S. Ahmad, M. Hanafi, W. A. W. Adnan, Face anti-spoofing methods, Current Science, 108 (8) (2015) 1491-1500.
  • (17) M.M. Chakka et al., Competition on counter measures to 2-d facial spoofing attacks. in Proc. IJCB, 2011, pp. 1–6.
  • (18) I. Chingovska et al., The 2nd competition on counter measures to 2D face spoofing attacks, in Proc. ICB, 2013, pp. 1–6.
  • (19) H. Fan, Z. Cao, Y. Jiang, Q. Yin and C. Doudou, Learning deep face representation, in Proc. ICCV, 2014, pp. 1–10.
  • (20) A. Cornuéjols, C. Wemmert, P. Gançarski and Y. Bennani. Collaborative clustering: Why, when, what and how, Information Fusion, 39 (2018) 81-95, Elsevier.
  • (21) J. Maatta, A. Hadid, M. Pietikainen, Face spoofing detection from single images using micro-texture analysis, in Proc. IJCB, 2011, pp. 1–7.
  • (22) J. Maatta, A. Hadid, M. Pietikainen, Face spoofing detection from single images using texture and local shape analysis, Biometrics, IET, 1 (1) (2012) 3–10.
  • (23) W.R. Schwartz, A. Rocha, H. Pedrini, Face Spoofing Detection through Partial Least Squares and Low-Level Descriptors. in Proc. IJCB, 2011, pp. 1–8.
  • (24) S. Bharadwaj, T.I. Dhamecha, M. Vatsa, R. Singh, Computationally Efficient Face Spoofing Detection with Motion Magnification, in Proc. CVPRW, 2013, pp. 105–110.
  • (25) S. Tirunagari, N. Poh, D. Windridge, A. Iorliam, N. Suki, A.T.S. Ho, Detection of Face Spoofing Using Visual Dynamics, IEEE TIFS, 10 (4) (2015) 762–777.
  • (26) J. Yan, Z. Zhang, Z. Lei, D. Yi, S.Z. Li, Face liveness detection by exploring multiple scenic clues, in Proc. ICARCV, 2012, pp. 188–193.
  • (27) B. Peixoto, C. Michelassi, A. Rocha, Face liveness detection under bad illumination conditions, in Proc. ICIP, 2011, pp. 3557–3560.
  • (28) J. Yang, Z. Lei, S. Liao, S.Z. Li, Face liveness detection with component dependent descriptor, in Proc. ICB, 2013, pp. 1–6.
  • (29) T. Wang, J. Yang, Z. Lei, S. Liao, Face liveness detection using 3D structure recovered from a single camera, in Proc. ICB, 2013, pp. 1–6.
  • (30) X. Tan, Y. Li, J. Liu, L. Jiang, Face liveness detection from a single image with sparse low rank bilinear discriminative model, in Proc. ECCV, 2010, pp. 504–517.
  • (31) J. Komulainen, A. Hadid, M. Pietikainen, A. Anjos, S. Marcel, Complementary countermeasures for detecting scenic face spoofing attacks, in Proc. ICB, 2013, pp. 1–7.
  • (32) T.F. Pereira, A. Anjos, J.M. Martino, S. Marcel, LBP-TOP based countermeasure against facial spoofing attacks, in Proc. ACCV, 2012, pp. 121–132.
  • (33) N. Kose, J.-L. Dugelay, Shape and Texture Based Countermeasure to Protect Face Recognition Systems against Mask Attacks, in Proc. CVPRW, 2013, pp. 111–116.
  • (34) N. Kose, J.-L. Dugelay, Countermeasure for the protection of face recognition systems against mask attacks, in Proc. FG, 2013, pp. 1–6.
  • (35) N. Kose, J.-L. Dugelay, Reflectance analysis based countermeasure technique to detect face mask attacks, in Proc. DSP, 2013, pp. 1–6.
  • (36) I. Chingovska, A. Anjos, S. Marcel. On the effectiveness of local binary patterns in face anti-spoofing, in Proc. BIOSIG, 2012, pp. 1-–7.
  • (37) N. Erdogmus, S. Marcel, Spoofing in 2D Face Recognition with 3D Masks and Anti-spoofing with Kinect, in Proc. BTAS, 2013, pp. 1–6.
  • (38) J. Galbally, S. Marcel, Face Anti-Spoofing Based on General Image Quality Assessment, in Proc. ICPR, 2014, pp. 1173–1178.
  • (39)

    T. Ojala, M. Pietikäinen, D. Harwood. A comparative study of texture measures with classification based on feature distributions, Pattern Recognition, 29 (1) (1996) 51-59, Elsevier.

  • (40) G. Kim, S. Eum, J.K. Suhr, D.I. Kim, K.R. Park, J. Kim, Face Liveness Detection Based on Texture and Frequency Analyses, in Proc. ICB, 2012, pp. 67–-72.
  • (41) Z. Boulkenafet, J. Komulainen and A. Hadid, ”Face anti-spoofing based on color texture analysis,” in Proc. ICIP, Quebec City, QC, 2015, pp. 2636-2640.
  • (42) G. B. de Souza, D. F. da Silva Santos, R. G. Pires, A. N. Marana and J. P. Papa, Deep Texture Features for Robust Face Spoofing Detection,IEEE TCS, 64 (12) (2017) pp. 1-5.
  • (43) N. Kose, J.-L. Dugelay, Mask spoofing in face recognition and countermeasures, Pattern Recognition 32 (2014) 779-–789, Elsevier.
  • (44) N. Erdogmus and S. Marcel, ”Spoofing Face Recognition With 3D Masks,” IEEE TIFS, 9 (7) (2014) 1084-1097.
  • (45) J. Yang, Z. Lei, D. Yi and S. Z. Li, ”Person-Specific Face Antispoofing With Subject Domain Adaptation,” IEEE TIFS, 10 (4) (2015)797-809, April 2015.
  • (46) I. Kim, J. Ahn and D. Kim, Face spoofing detection with highlight removal effect and distortions, in Proc. SMC, 2016, pp. 4299-4304.
  • (47) N. Kose, J.-L. Dugelay, Classification of captured and recaptured images to detect photograph spoofing, in Proc. ICIEV, pp. 1027–1032.
  • (48) M. Asim, Z. Ming and M. Y. Javed, CNN based spatio-temporal feature extraction for face anti-spoofing, in Proc. ICIVC, 2017, pp. 234-238.
  • (49) Z. Boulkenafet; J. Komulainen; A. Hadid, ”Face Spoofing Detection Using Colour Texture Analysis,” IEEE TIFS, 11 (8) (2016) 1818-1830.
  • (50) K.B. Housam, S.H. Lau, Y.H. Pang, Y.P. Liew, M.L. Chiang, Face Spoofing Detection Using Local Graph Structure, in Proc. ICISA, 2014, pp. 270–273.
  • (51) K.B. Housam, S.H. Lau, Y.H. Pang, Y.P. Liew, M.L. Chiang, Face spoofing detection based on improved local graph structure, in Proc. ICISA, 2014, pp. 1–4.
  • (52)

    S. R. Arashloo, J. Kittler and W. Christmas, ”Face Spoofing Detection Based on Multiple Descriptor Fusion Using Multiscale Dynamic Binarized Statistical Image Features,” IEEE TIFS, 10 (11) (2015) 2396-2407.

  • (53) Q. T. Phan, D. T. Dang-Nguyen, G. Boato and F. G. B. De Natale. Using LDP-TOP in Video-Based Spoofing Detection, in Proc. ICIAP, 2017, pp. 614-624.
  • (54) Q. T. Phan, D. T. Dang-Nguyen, G. Boato and F. G. B. De Natale, FACE spoofing detection using LDP-TOP, in Proc. ICIP, 2016, pp. 404-408.
  • (55) J. Komulainen, A. Hadid, M. Pietikainen, Context based face anti-spoofing, in Proc. BTAS, 2013, pp. 1–8.
  • (56) R. Haralick, K. Shanmugam, I. Dinstein. Texture Features for Image Classification, in IEEE TSMC, 3 (6) (1973) 610-621.
  • (57) A.S. Pinto, H. Pedrini, W.R. Schwartz, A. Rocha, Video-based face spoofing detection through visual rhythm analysis, in Proc. SIBGRAPI, 2012, pp. 221–228.
  • (58) A. Pinto, W.R. Schwartz, H. Pedrini, A.R. Rocha, Using Visual Rhythms for Detecting Video-Based Facial Spoof Attacks, IEEE TIFS. 10 (5) (2015) 1025–1038.
  • (59) Z. Zhang, J. Yan, S. Liu, Z. Lei, D. Yi, S. Li, A face antispoofing data set with diverse attacks, in Proc. ICB, 2012, pp. 26–31.
  • (60) A. Alotaibi and A. Mahmood. Deep face liveness detection based on nonlinear diffusion using convolution neural network, Signal, Image and Video Processing, 11 (4) 713-720, Springer.
  • (61) D. Menotti, G. Chiachia, A. Pinto, W.R. Schwartz, H. Pedrini, A.X. Falcão, A. Rocha, Deep Representations for Iris, Face, and Fingerprint Spoofing Detection, IEEE TIFS, 10 (4) (2015) 864–879.
  • (62) G. Pan, L. Sun, Z. Wu, S. Lao, Eyeblink-based Anti-Spoofing in Face Recognition from a Generic Webcamera, in Proc. ICCV, 2007, pp. 1–8.
  • (63) K. Kollreider, H. Fronthaler, J. Bigun, Verifying Liveness by Multiple Experts in Face Biometrics, in Proc. CVPRW, 2008, pp. 1–6.
  • (64) K. Kollreider, H. Fronthaler, J. Bigun, Non-intrusive liveness detection by face images, Image and Vision Computing, 27 (2009) 233–244, Elsevier.
  • (65) A. Pinto, H. Pedrini, W. R. Schwartz and A. Rocha, ”Face Spoofing Detection Through Visual Codebooks of Spectral Temporal Cubes,” IEEE TIP, 24 (12) (2015) 4726-4740.
  • (66) D. C. Garcia and R. L. de Queiroz, ”Face-Spoofing 2D-Detection Based on Moiré-Pattern Analysis,” IEEE TIFS, 10 (4) (2015) 778-786.
  • (67) D. Wen, H. Han, A. K. Jain, Face Spoof Detection With Image Distortion Analysis, IEEE TIFS, 10 (4) (2015) 746–761.
  • (68) N. N. Lakshminarayana, N. Narayan, N. Napp, S. Setlur and V. Govindaraju. A Discriminative Spatio-temporal Mapping of Face for Liveness Detectio, in Proc. ISBA, 2017, pp. 1-7.
  • (69) A. Anjos, S. Marcel, Counter-measures to photo attacks in face recognition: A public data set and a baseline, in Proc. IJCB, 2011, pp. 1–7.
  • (70) A. da Silva Pinto, “A countermeasure method for video-based face spoofing attacks,” M.S. thesis, Inst. Comput., UNICAMP Univ. Estadual Campinas, Campinas, Brazil, Oct. 2013.
  • (71) A. Torralba, A. Efros. Unbiased Look at Dataset Bias, in Proc. CVPR, 2011, pp. 1521–1528.
  • (72) N.H. Sweilam, A.A. Tharwat, N.K.A. Moniem. Support vector machine for diagnosis cancer disease: A comparative study, Egyptian Informatics Journal, 11 (2) (2010) 81-92.
  • (73) R. Muralidharan, Dr.C. Chandrasekar, Object Recognition Using Support Vector Machine Augmented by RST Invariants, IJCSI, 8 (5) (2011) 280-286.
  • (74) W. Huang, Y. Nakamori, S.-Y. Wang, Forecasting stock market movement direction with support vector machine, Computers & Operations Research, 32 (10) (2005) 2513-2522.
  • (75) A. Tefas, C. Kotropoulos, I. Pitas, Using support vector machines to enhance the performance of elastic graph matching for frontal face authentication, IEEE TPAMI, 23 (7) (2001) 735–746.
  • (76) E. Osuna, R. Freund, F. Girosi, Training support vector machines: an application to face detection, in Proc. CVPR, 1997, pp. 130–136.
  • (77) V. Rapp, T. Senechal, K. Bailly, L. Prevost, Multiple kernel learning SVM and statistical validation for facial landmark detection, in Proc. FG, 2011, pp. 265–271.
  • (78) I. Kotsia, I. Pitas, Facial Expression Recognition in Image Sequences Using Geometric Deformation Features and Support Vector Machines, IEEE TIP, 16 (1) (2007) 172–187.
  • (79) C. Zhang, Z. Zhang, Improving multiview face detection with multi-task deep convolutional neural networks, in Proc. WACV, 2014, pp. 1036–1041.
  • (80) Y. Taigman, M. Yang, M. Ranzato, L. Wolf, DeepFace: Closing the Gap to Human-Level Performance in Face Verification, in Proc. CVPR, 2011, pp. 1521–1528.
  • (81) F. Zhi-Peng, Z. Yan-Ning, H. Hai-Yan, Survey of deep learning in face recognition, in Proc. ICOT, 2014, pp. 5–8.
  • (82) B. Ma, Q. Li, H. Chang, Gaussian Descriptor based on Local Features for Person Re-identification, in Proc. ACCV, 2015, pp. 505–518.
  • (83) G. Griffin, A. Holub, P. Perona, Caltech-256 Object Category Dataset, California Institute of Technology, 2007.
  • (84) I. Chingovska, A.R. Anjos, S. Marcel, Biometrics Evaluation Under Spoofing Attacks, IEEE TIFS. 9 (12) (2014) 2264–2276.
  • (85) T. de Freitas Pereira, A. Anjos, J. M. De Martino and S. Marcel, ”Can face anti-spoofing countermeasures work in a real world scenario?,” in Proc. ICB, Madrid, 2013, pp. 1-8.
  • (86) S. Hochreiter and J. Schmidhuber, Long short-term memory, Neural Computation, 9 (8) (1997) pp. 1735-1780.
  • (87) H. Pratt, B. Williams, F. Coenen and Y. Zheng, FCNN: Fourier Convolutional Neural Networks, in Proc. ECML, 2017.
  • (88) G. Fischer, Lifelong learning — more than training, Journal of Interactive Learning Research, 11 (3/4) (2000) pp. 265-294.
  • (89) H. Yu, Y. Chen, J. Liu, X. Jiang, Lifelong and fast transfer learning for gesture interaction, Journal of Information & Computational Science 11 (4) (2014) 1023-–1035.
  • (90) E. Learned-Miller, G. B. Huang, A. RoyChowdhury, H. Li and G. Hua, Labeled Faces in the Wild: A Survey, Advances in Face Detection and Facial Image Analysis, (2016) pp. 189-248, Springer.
  • (91) Z. Akhtar, G. Fumera, G.-L. Marcialis, F. Roli, Evaluation of serial and parallel multibiometric systems under spoofing attacks, in Proc. BTAS, 2012, pp. 283–288.
  • (92) B. Biggio, Z. Akhtar, G. Fumera, G.L. Marcialis,F. Roli, Security evaluation of biometric authentication systems under real spoofing attacks. IET Biometrics, 1 (1)(2012) 11–24.
  • (93) P. Johnson, B. Tan, S. Schuckers, Multimodal fusion vulnerability to non-zero effort (spoof) imposters, in Proc. WIFS, 2010, pp. 1–5.
  • (94) R.N. Rodrigues, L.L. Ling, V. Govindaraju, Robustness of multimodal biometric fusion methods against spoof attacks, Journal of Visual Languages and Computing, 20 (3) (2009), pp. 169–-179.
  • (95) R.N. Rodrigues, N. Kamat, V. Govindaraju, Evaluation of biometric spoofing in a multimodal system, in Proc. BTAS, 2010, pp. 1–5.
  • (96) M. Farmanbar and O. Toygar. Spoof detection on face and palmprint biometrics, Signal, Image and Video Processing, 11 (7) (2017) 1253-1260, Springer.
  • (97) M. Farmanbar and O. Toygar. A robust anti-spoofing technique for face liveness detection with morphological operations, Optik - International Journal for Light and Electron Optics, 139 (2017) 347-354, Elsevier.
  • (98) K. Litomisky, ”Consumer rgb-d cameras and their applications,” Rapport technique, University of California, 2012.