6,969 research outputs found
Hybrid Template Update System for Unimodal Biometric Systems
Semi-supervised template update systems allow to automatically take into
account the intra-class variability of the biometric data over time. Such
systems can be inefficient by including too many impostor's samples or skipping
too many genuine's samples. In the first case, the biometric reference drifts
from the real biometric data and attracts more often impostors. In the second
case, the biometric reference does not evolve quickly enough and also
progressively drifts from the real biometric data. We propose a hybrid system
using several biometric sub-references in order to increase per- formance of
self-update systems by reducing the previously cited errors. The proposition is
validated for a keystroke- dynamics authentication system (this modality
suffers of high variability over time) on two consequent datasets from the
state of the art.Comment: IEEE International Conference on Biometrics: Theory, Applications and
Systems (BTAS 2012), Washington, District of Columbia, USA : France (2012
Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating
In this work, we investigate the concept of biometric backdoors: a template
poisoning attack on biometric systems that allows adversaries to stealthily and
effortlessly impersonate users in the long-term by exploiting the template
update procedure. We show that such attacks can be carried out even by
attackers with physical limitations (no digital access to the sensor) and zero
knowledge of training data (they know neither decision boundaries nor user
template). Based on the adversaries' own templates, they craft several
intermediate samples that incrementally bridge the distance between their own
template and the legitimate user's. As these adversarial samples are added to
the template, the attacker is eventually accepted alongside the legitimate
user. To avoid detection, we design the attack to minimize the number of
rejected samples.
We design our method to cope with the weak assumptions for the attacker and
we evaluate the effectiveness of this approach on state-of-the-art face
recognition pipelines based on deep neural networks. We find that in scenarios
where the deep network is known, adversaries can successfully carry out the
attack over 70% of cases with less than ten injection attempts. Even in
black-box scenarios, we find that exploiting the transferability of adversarial
samples from surrogate models can lead to successful attacks in around 15% of
cases. Finally, we design a poisoning detection technique that leverages the
consistent directionality of template updates in feature space to discriminate
between legitimate and malicious updates. We evaluate such a countermeasure
with a set of intra-user variability factors which may present the same
directionality characteristics, obtaining equal error rates for the detection
between 7-14% and leading to over 99% of attacks being detected after only two
sample injections.Comment: 12 page
Incremental Learning Through Unsupervised Adaptation in Video Face Recognition
Programa Oficial de Doutoramento en Investigación en Tecnoloxías da Información. 524V01[Resumo]
Durante a última década, os métodos baseados en deep learning trouxeron un
salto significativo no rendemento dos sistemas de visión artificial. Unha das claves
neste éxito foi a creación de grandes conxuntos de datos perfectamente etiquetados
para usar durante o adestramento. En certa forma, as redes de deep learning
resumen esta enorme cantidade datos en prácticos vectores multidimensionais. Por
este motivo, cando as diferenzas entre os datos de adestramento e os adquiridos
durante o funcionamento dos sistemas (debido a factores como o contexto de adquisición)
son especialmente notorias, as redes de deep learning son susceptibles de
sufrir degradación no rendemento.
Mentres que a solución inmediata a este tipo de problemas sería a de recorrer a
unha recolección adicional de imaxes, co seu correspondente proceso de etiquetado,
esta dista moito de ser óptima. A gran cantidade de posibles variacións que presenta
o mundo visual converten rápido este enfoque nunha tarefa sen fin. Máis aínda cando
existen aplicacións específicas nas que esta acción é difícil, ou incluso imposible, de
realizar debido a problemas de custos ou de privacidade.
Esta tese propón abordar todos estes problemas usando a perspectiva da adaptación.
Así, a hipótese central consiste en asumir que é posible utilizar os datos non
etiquetados adquiridos durante o funcionamento para mellorar o rendemento que
obteríamos con sistemas de recoñecemento xerais. Para isto, e como proba de concepto,
o campo de estudo da tese restrinxiuse ao recoñecemento de caras. Esta é unha
aplicación paradigmática na cal o contexto de adquisición pode ser especialmente
relevante.
Este traballo comeza examinando as diferenzas intrínsecas entre algúns dos contextos
específicos nos que se pode necesitar o recoñecemento de caras e como estas
afectan ao rendemento. Desta maneira, comparamos distintas bases de datos (xunto
cos seus contextos) entre elas, usando algúns dos descritores de características máis
avanzados e así determinar a necesidade real de adaptación.
A partir desta punto, pasamos a presentar o método novo, que representa a principal
contribución da tese: o Dynamic Ensemble of SVM (De-SVM). Este método implementa
a capacidade de adaptación utilizando unha aprendizaxe incremental non
supervisada na que as súas propias predicións se usan como pseudo-etiquetas durante
as actualizacións (a estratexia de auto-adestramento). Os experimentos realizáronse
baixo condicións de vídeo-vixilancia, un exemplo paradigmático dun contexto moi
específico no que os procesos de etiquetado son particularmente complicados. As
ideas claves de De-SVM probáronse en diferentes sub-problemas de recoñecemento
de caras: a verificación de caras e recoñecemento de caras en conxunto pechado e en
conxunto aberto.
Os resultados acadados mostran un comportamento prometedor en termos de
adquisición de coñecemento sen supervisión así como robustez contra impostores.
Ademais, este rendemento é capaz de superar a outros métodos do estado da arte
que non posúen esta capacidade de adaptación.[Resumen]
Durante la última década, los métodos basados en deep learning trajeron un salto
significativo en el rendimiento de los sistemas de visión artificial. Una de las claves en
este éxito fue la creación de grandes conjuntos de datos perfectamente etiquetados
para usar durante el entrenamiento. En cierta forma, las redes de deep learning
resumen esta enorme cantidad datos en prácticos vectores multidimensionales. Por
este motivo, cuando las diferencias entre los datos de entrenamiento y los adquiridos
durante el funcionamiento de los sistemas (debido a factores como el contexto de
adquisición) son especialmente notorias, las redes de deep learning son susceptibles
de sufrir degradación en el rendimiento.
Mientras que la solución a este tipo de problemas es recurrir a una recolección
adicional de imágenes, con su correspondiente proceso de etiquetado, esta dista mucho
de ser óptima. La gran cantidad de posibles variaciones que presenta el mundo
visual convierten rápido este enfoque en una tarea sin fin. Más aún cuando existen
aplicaciones específicas en las que esta acción es difícil, o incluso imposible, de
realizar; debido a problemas de costes o de privacidad.
Esta tesis propone abordar todos estos problemas usando la perspectiva de la
adaptación. Así, la hipótesis central consiste en asumir que es posible utilizar los
datos no etiquetados adquiridos durante el funcionamiento para mejorar el rendimiento
que se obtendría con sistemas de reconocimiento generales. Para esto, y como
prueba de concepto, el campo de estudio de la tesis se restringió al reconocimiento
de caras. Esta es una aplicación paradigmática en la cual el contexto de adquisición
puede ser especialmente relevante.
Este trabajo comienza examinando las diferencias entre algunos de los contextos
específicos en los que se puede necesitar el reconocimiento de caras y así como
sus efectos en términos de rendimiento. De esta manera, comparamos distintas ba
ses de datos (y sus contextos) entre ellas, usando algunos de los descriptores de
características más avanzados para así determinar la necesidad real de adaptación.
A partir de este punto, pasamos a presentar el nuevo método, que representa la
principal contribución de la tesis: el Dynamic Ensemble of SVM (De- SVM). Este
método implementa la capacidad de adaptación utilizando un aprendizaje incremental
no supervisado en la que sus propias predicciones se usan cómo pseudo-etiquetas
durante las actualizaciones (la estrategia de auto-entrenamiento). Los experimentos
se realizaron bajo condiciones de vídeo-vigilancia, un ejemplo paradigmático de
contexto muy específico en el que los procesos de etiquetado son particularmente
complicados. Las ideas claves de De- SVM se probaron en varios sub-problemas
del reconocimiento de caras: la verificación de caras y reconocimiento de caras de
conjunto cerrado y conjunto abierto.
Los resultados muestran un comportamiento prometedor en términos de adquisición
de conocimiento así como de robustez contra impostores. Además, este rendimiento
es capaz de superar a otros métodos del estado del arte que no poseen esta
capacidad de adaptación.[Abstract]
In the last decade, deep learning has brought an unprecedented leap forward for
computer vision general classification problems. One of the keys to this success is the
availability of extensive and wealthy annotated datasets to use as training samples.
In some sense, a deep learning network summarises this enormous amount of data
into handy vector representations. For this reason, when the differences between
training datasets and the data acquired during operation (due to factors such as
the acquisition context) are highly marked, end-to-end deep learning methods are
susceptible to suffer performance degradation.
While the immediate solution to mitigate these problems is to resort to an additional
data collection and its correspondent annotation procedure, this solution
is far from optimal. The immeasurable possible variations of the visual world can
convert the collection and annotation of data into an endless task. Even more when
there are specific applications in which this additional action is difficult or simply not
possible to perform due to, among other reasons, cost-related problems or privacy
issues.
This Thesis proposes to tackle all these problems from the adaptation point of
view. Thus, the central hypothesis assumes that it is possible to use operational
data with almost no supervision to improve the performance we would achieve with
general-purpose recognition systems. To do so, and as a proof-of-concept, the field
of study of this Thesis is restricted to face recognition, a paradigmatic application
in which the context of acquisition can be especially relevant.
This work begins by examining the intrinsic differences between some of the
face recognition contexts and how they directly affect performance. To do it, we
compare different datasets, and their contexts, against each other using some of the
most advanced feature representations available to determine the actual need for
adaptation.
From this point, we move to present the novel method, representing the central
contribution of the Thesis: the Dynamic Ensembles of SVM (De-SVM). This
method implements the adaptation capabilities by performing unsupervised incremental
learning using its own predictions as pseudo-labels for the update decision
(the self-training strategy). Experiments are performed under video surveillance
conditions, a paradigmatic example of a very specific context in which labelling
processes are particularly complicated. The core ideas of De-SVM are tested in
different face recognition sub-problems: face verification and, the more complex,
general closed- and open-set face recognition.
In terms of the achieved results, experiments have shown a promising behaviour
in terms of both unsupervised knowledge acquisition and robustness against impostors,
surpassing the performances achieved by state-of-the-art non-adaptive methods.Funding and Technical Resources For the successful development of this Thesis, it was necessary to rely on series of indispensable means included in the following list:
• Working material, human and financial support primarily by the CITIC and
the Computer Architecture Group of the University of A Coruña and CiTIUS
of University of Santiago de Compostela, along with a PhD grant funded by
Xunta the Galicia and the European Social Fund.
• Access to bibliographical material through the library of the University of A
Coruña.
• Additional funding through the following research projects:
State funding by the Ministry of Economy and Competitiveness of Spain
(project TIN2017-90135-R MINECO, FEDER)
End-to-end Incremental Learning
Although deep learning approaches have stood out in recent years due to their state-of-the-art results, they continue to suffer from (catastrophic forgetting), a dramatic decrease in overall performance when training with new classes added incrementally. This is due to current neural network architectures requiring the entire dataset, consisting of all the samples from the old as well as the new classes, to update the model---a requirement that becomes easily unsustainable as the number of classes grows. We address this issue with our approach to learn deep neural networks incrementally, using new data and only a small exemplar set corresponding to samples from the old classes. This is based on a loss composed of a distillation measure to retain the knowledge acquired from the old classes, and a cross-entropy loss to learn the new classes. Our incremental training is achieved while keeping the entire framework end-to-end, i.e., learning the data representation and the classifier jointly, unlike recent methods with no such guarantees.This work has been funded by project TIC-1692 (Junta de Andalucía), TIN2016-80920R (Spanish Ministry of Science and Technology) and Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech
- …