CAAP: Capture-Aware Adversarial Patch Attacks on Palmprint Recognition Models
Summary: arXiv:2604.06987v1 Announce Type: cross
Palmprint recognition has gained traction in security-critical applications such as access control and palm-based payment systems. The technology’s appeal lies in its contactless acquisition and the highly discriminative nature of the ridge-and-crease textures present in palm prints. However, the robustness of deep learning-based palmprint recognition systems against real-world attacks is not well understood. Prior research has primarily focused on digital scenarios, neglecting the texture-dominant characteristics of palmprint recognition and the distortions that occur during physical acquisition.
Introduction to CAAP
To bridge this gap, researchers have developed a novel framework named CAAP, which stands for Capture-Aware Adversarial Patch. This framework is specifically designed to generate adversarial patches effective in disrupting palmprint recognition systems under realistic conditions. The CAAP framework is distinctive because it learns a universal patch that can be reused across various inputs while remaining effective even with variations in acquisition methods.
Patch Topology and Structural Characteristics
The CAAP framework employs a cross-shaped patch topology that enhances spatial coverage without exceeding a fixed pixel budget. This design choice is critical as it effectively disrupts the long-range texture continuity that is vital for accurate palmprint recognition. The following modules are integrated into the CAAP framework:
- ASIT (Adversarial Sample Input Transformation): This module focuses on input-conditioned patch rendering, allowing for tailored attacks based on the specific characteristics of the input palmprint.
- RaS (Randomized Capture-aware Simulation): This module simulates realistic capture conditions, ensuring that the generated patches are effective in real-world scenarios.
- MS-DIFE (Multi-Scale Discriminative Feature Extraction): This component provides feature-level guidance to disrupt identity recognition effectively, enhancing the overall attack performance.
Experimental Evaluation
The effectiveness of CAAP has been rigorously evaluated on three different datasets: Tongji, IITD, and AISEC. The framework was tested against both generic CNN backbones and palmprint-specific recognition models. The experiments demonstrated that CAAP achieves strong performance in both untargeted and targeted attack scenarios. Furthermore, the framework shows favorable transferability across different models and datasets.
Findings and Implications
Interestingly, while adversarial training methods can reduce the attack success rate to some extent, significant residual vulnerabilities persist in deep palmprint recognition systems. These findings highlight a pressing need for more robust defense mechanisms to protect against these physically realizable, capture-aware adversarial patch attacks.
Conclusion
The CAAP framework represents a significant advancement in the understanding of vulnerabilities in palmprint recognition systems. As this technology continues to be deployed in sensitive applications, ensuring its robustness against such adversarial attacks will be crucial. Researchers and practitioners are encouraged to explore the implications of these findings further and to develop more effective defense strategies.
Code available at: https://github.com/ryliu68/CAAP