Israeli researchers have developed a neural network capable of producing “host faces” – facial images that are each capable of displaying multiple features. The work suggests that it is possible to generate such “master keys” for more than 40% of the population using only nine faces synthesized by the StyleGAN Generative Adversarial Network (GAN) through three leading facial recognition systems.
paper is a collaboration between Blavatnik School of Computer Science and the School of Electrical Engineering in Tel Aviv.
When testing the system, researchers found that one created face can unlock 20% of all identities at the University of Massachusetts Labeled Faces in the Wild (LFW), an open source database, a common archive for the development and testing of facial recognition systems, and a reference database for the Israeli system.
The new method improves the same recent journal From the University of Siena, which requires privileged access machine learning framework. In contrast, the new method infers generalized features from publicly available material and uses it to create facial features that span a large number of identities.
Emerging main faces
StyleGAN is originally used in this approach under the black box optimization method, which focuses (surprisingly) on high-dimensional data because it is important to find the broadest and most common facial features that satisfy the authentication system.
This process is then repeated iteratively to include identities that were not encoded in the original passport. Under different test conditions, the researchers found that it was possible to obtain 40-60% verification with only nine generated images.
The system uses a development algorithm in conjunction with a nerve prediction that estimates the probability of proliferation of the current “candidate” better than the p-percentage of candidates formed in previous outputs.
The project uses a limited memory matrix adaptation (LM-MA-ES) an algorithm developed for the 2017 initiative led by the Machine Learning Research Group on Automated Algorithm Design, an approach that is well suited for high-dimensional black box optimization.
LM-MA-ES gives candidates randomly. While this is well suited to the purpose of the project, an additional component is needed to determine which faces are the best candidates for inter-identity authentication. That’s why the researchers created a “ Predictor of Success ’’ nerve classifier that strain the flood of candidates into the face best suited for the task.
The system was tested against three CNN-based facial graphs: SphereFace, FaceNet and Dlib, each system architecture includes similarity information and a loss function that are useful for validating system accuracy results.
The predictor of success is a forward-moving neural network comprising three fully connected layers. The first of these uses BatchNorm legalization to ensure data consistency before activation. Network use ADAM as an optimizer and an ambitious learning percentage of 0.001 in 32 input image batches.
All three algorithms tested were trained to play 26,400 fitness activities using the same set of five seeds.
At this point, the researchers had found that longer training processes did not benefit the system; effectively, the Israeli approach seeks to obtain key information from an early stage of model training where only the highest features have yet to be observed. It is worth noting that this is something of a gift for the framework economy.
Creating basic results with Facebook Python-based NeverGrad In a gradient-free optimization environment, the system was profiled against several algorithms, including Differential evolution heuristic.
The researchers found that the “greedy” approach based on Dlib outperformed its competitors and managed to create nine main methods capable of opening 42-64% of the test file. The application of the system success forecast further improved these very favorable results.
The paper argues that “facial-based authentication is highly vulnerable even when knowledge of the target identity is not known,” and the researchers see the initiative as a valid approach to the security attack method of facial recognition systems.