Poisoning Adaptive Biometric Systems
Adaptive biometric recognition systems have been proposed to deal with natural changes of the clients’ biometric traits due to multiple factors, like aging. However, their adaptability to changes may be exploited by an attacker to compromise the stored templates, either to impersonate a specific client, or to deny access to him. In this paper we show how a carefully designed attack may gradually poison the template gallery of some users, and successfully mislead a simple PCA-based face verification system that performs self-update.
KeywordsBiometric recognition Adaptive biometric systems Template self-update Principal component analysis Poisoning attack
- 1.Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: Proc. Symp. on Information, Computer and Comm. Sec. (ASIACCS), pp. 16–25. ACM (2006)Google Scholar
- 4.Kloft, M., Laskov, P.: Online anomaly detection under adversarial impact. In: Proc. 13th Int’l Conf. on AI and Statistics (AISTATS), pp. 405–412 (2010)Google Scholar
- 6.Nelson, B., Joseph, A.D.: Bounding an attack’s complexity for a simple learning model. In: Proc. 1st Workshop on Tackling Computer Systems Problems with ML Techniques, SysML (2006)Google Scholar
- 8.Ryu, C., Kim, H., Jain, A.K.: Template adaptation based fingerprint verification. In: Proc. 18th Int’l Conf. Pattern Rec., vol. 04, pp. 582–585. IEEE CS (2006)Google Scholar
- 11.Yambor, W.S.: Analysis of PCA-based and Fisher discriminant-based image recognition algorithms. Technical Report, Colorado State University (2000)Google Scholar