Adversarial Examples to Fool Iris Recognition Systems
This addresses security vulnerabilities in biometric authentication systems, specifically iris recognition, but is incremental as it adapts existing adversarial attack methods to a new domain.
The paper tackled the problem of generating adversarial examples to fool code-based iris recognition systems by proposing a deep auto-encoder surrogate network to mimic iris code generation, enabling attacks that achieved high success rates in fooling the systems.
Adversarial examples have recently proven to be able to fool deep learning methods by adding carefully crafted small perturbation to the input space image. In this paper, we study the possibility of generating adversarial examples for code-based iris recognition systems. Since generating adversarial examples requires back-propagation of the adversarial loss, conventional filter bank-based iris-code generation frameworks cannot be employed in such a setup. Therefore, to compensate for this shortcoming, we propose to train a deep auto-encoder surrogate network to mimic the conventional iris code generation procedure. This trained surrogate network is then deployed to generate the adversarial examples using the iterative gradient sign method algorithm. We consider non-targeted and targeted attacks through three attack scenarios. Considering these attacks, we study the possibility of fooling an iris recognition system in white-box and black-box frameworks.