Replay-Attack

Replay-Attack is a dataset for face recognition and presentation attack detection (anti-spoofing). The dataset consists of 1300 video clips of photo and video presentation attack (spoofing attacks) to 50 clients, under different lighting conditions. Spoofing Attacks Description The 2D face spoofing attack database consists of 1,300 video clips of photo and video attack attempts of 50 clients, under different lighting conditions. The data is split into 4 sub-groups comprising: Training data ("train"), to be used for training your anti-spoof classifier; Development data ("devel"), to be used for threshold estimation; Test data ("test"), with which to report error figures; Enrollment data ("enroll"), that can be used to verify spoofing sensitivity on face detection algorithms. Clients that appear in one of the data sets (train, devel or test) do not appear in any other set. Database Description All videos are generated by either having a (real) client trying to access a laptop through a built-in webcam or by displaying a photo or a video recording of the same client for at least 9 seconds. The webcam produces colour videos with a resolution of 320 pixels (width) by 240 pixels (height). The movies were recorded on a Macbook laptop using the QuickTime framework (codec: Motion JPEG) and saved into ".mov" files. The frame rate is about 25 Hz. Besides the native support on Apple computers, these files are *easily* readable using mplayer, ffmpeg or any other video utilities available under Linux or MS Windows systems. Real client accesses as well as data collected for the attacks are taken under two different lighting conditions: * **controlled**: The office light was turned on, blinds are down, background is homogeneous; * **adverse**: Blinds up, more complex background, office lights are out. To produce the attacks, high-resolution photos and videos from each client were taken under the same conditions as in their authentication sessions, using a Canon PowerShot SX150 IS camera, which records both 12.1 Mpixel photographs and 720p high-definition video clips. The way to perform the attacks can be divided into two subsets: the first subset is composed of videos generated using a stand to hold the client biometry ("fixed"). For the second set, the attacker holds the device used for the attack with their own hands. In total, 20 attack videos were registered for each client, 10 for each of the attacking modes just described: 4 x mobile attacks using an iPhone 3GS screen (with resolution 480x320 pixels) displaying: 1 x mobile photo/controlled 1 x mobile photo/adverse 1 x mobile video/controlled 1 x mobile video/adverse 4 x high-resolution screen attacks using an iPad (first generation, with a screen resolution of 1024x768 pixels) displaying: 1 x high-resolution photo/controlled 1 x high-resolution photo/adverse 1 x high-resolution video/controlled 1 x high-resolution video/adverse 2 x hard-copy print attacks (produced on a Triumph-Adler DCC 2520 color laser printer) occupying the whole available printing surface on A4 paper for the following samples: 1 x high-resolution print of photo/controlled 1 x high-resolution print of photo/adverse The 1300 real-accesses and attacks videos were then divided in the following way: Training set: contains 60 real-accesses and 300 attacks under different lighting conditions; Development set: contains 60 real-accesses and 300 attacks under different lighting conditions; Test set: contains 80 real-accesses and 400 attacks under different lighting conditions; Face Locations We also provide face locations automatically annotated by a cascade of classifiers based on a variant of Local Binary Patterns (LBP) referred as Modified Census Transform (MCT) [Face Detection with the Modified Census Transform, Froba, B. and Ernst, A., 2004, IEEE International Conference on Automatic Face and Gesture Recognition, pp. 91-96]. The automatic face localisation procedure works in more than 99% of the total number of frames acquired. This means that less than 1% of the total set of frames for all videos do not possess annotated faces. User algorithms must account for this fact. Protocol for Licit Biometric Transactions It is possible to measure the performance of baseline face recognition systems on the 2D Face spoofing database and evaluate how well the attacks pass such systems or how, otherwise robust they are to attacks. Here we describe how to use the available data at the enrolment set to create a background model, client models and how to perform scoring using the available data. Universal Background Model (UBM): To generate the UBM, subselect the training-set client videos from the enrollment videos. There should be 2 per client, which means you get 30 videos, each with 375 frames to create the model; Client models: To generate client models, use the enrollment data for clients at the development and test groups. There should be 2 videos per client (one for each light condition) once more. At the end of the enrollment procedure, the development set must have 1 model for each of the 15 clients available in that set. Similarly, for the test set, 1 model for each of the 20 clients available; For a simple baseline verification, generate scores **exhaustively** for all videos from the development and test **real-accesses** respectively, but **without** intermixing accross development and test sets. The scores generated against matched client videos and models (within the subset, i.e. development or test) should be considered true client accesses, while all others impostors; If you are looking for a single number to report on the performance do the following: exclusively using the scores from the development set, tune your baseline face recognition system on the EER of the development set and use this threshold to find the HTER on the test set scores. Protocols for Spoofing Attacks Attack protocols are used to evaluate the (binary classification) performance of counter-measures to spoof attacks. The database can be split into 6 different protocols according to the type of device used to generate the attack: print, mobile (phone), high-definition (tablet), photo, video or grand test (all types). Furthermore, subsetting can be achieved on the top of the previous 6 groups by classifying attacks as performed by the attacker bare hands or using a fixed support. This classification scheme makes-up a total of 18 protocols that can be used for studying the performance of counter-measures to 2D face spoofing attacks. The table bellow details the amount of video clips in each protocol. Acknowledgements If you use this database, please cite the following publication: I. Chingovska, A. Anjos, S. Marcel,"On the Effectiveness of Local Binary Patterns in Face Anti-spoofing"; IEEE BIOSIG, 2012. https://ieeexplore.ieee.org/document/6313548 http://publications.idiap.ch/index.php/publications/show/2447

Replay-Attack 是一款面向人脸识别与呈现攻击检测（presentation attack detection）的防欺骗（anti-spoofing）专用数据集。该数据集包含针对50名受试者的照片与视频欺骗攻击（spoofing attacks）共计1300段视频片段，采集于多种不同光照条件下。 ### 欺骗攻击说明 本二维人脸欺骗攻击数据库包含50名受试者的照片与视频攻击尝试视频片段共1300段，采集于不同光照条件下。数据集被划分为4个子集，分别用于： 1. 训练集（"train"）：用于训练防欺骗分类器； 2. 开发集（"devel"）：用于阈值估计； 3. 测试集（"test"）：用于报告模型误差指标； 4. 注册集（"enroll"）：可用于验证人脸检测算法对欺骗攻击的敏感度。 注：出现在训练集、开发集或测试集中的受试者，不会出现在其余任一子集内。 ### 数据库详情 所有视频的采集方式分为两种：一是真实受试者通过内置摄像头访问笔记本电脑；二是展示同一受试者的照片或视频片段，时长至少9秒。摄像头采集的彩色视频分辨率为320像素（宽）×240像素（高），使用MacBook笔记本电脑的QuickTime框架（编码器：Motion JPEG）录制，保存为".mov"格式文件，帧率约为25 Hz。 该格式文件除可在苹果电脑原生读取外，还可通过mplayer、ffmpeg或Linux、MS Windows系统下的其他任意视频工具轻松读取。 真实受试者访问视频与攻击采集视频均在两种光照条件下录制： - **受控光照（controlled）**：办公室灯光开启，百叶窗拉下，背景均匀一致； - **恶劣光照（adverse）**：百叶窗拉起，背景更为复杂，办公室灯光关闭。 攻击样本的采集方式：使用佳能PowerShot SX150 IS相机，在与身份验证会话相同的光照条件下，为每位受试者拍摄高分辨率照片与视频。该相机可拍摄12.1兆像素照片及720p高清视频片段。 攻击实施方式可分为两类： 1. 固定支架攻击（"fixed"）：使用支架固定受试者的生物特征展示介质； 2. 手持攻击：攻击者徒手握持攻击用展示设备。 每位受试者共计录制20段攻击视频，对应两种攻击模式各10段： - 4段使用iPhone 3GS屏幕（分辨率480×320像素）的移动设备攻击，分别为： 1. 移动照片/受控光照 2. 移动照片/恶劣光照 3. 移动视频/受控光照 4. 移动视频/恶劣光照 - 4段使用第一代iPad（屏幕分辨率1024×768像素）的高清屏幕攻击，分别为： 1. 高清照片/受控光照 2. 高清照片/恶劣光照 3. 高清视频/受控光照 4. 高清视频/恶劣光照 - 2段硬拷贝打印攻击：使用Triumph-Adler DCC 2520彩色激光打印机打印，打印内容铺满A4纸全幅面，对应样本为： 1. 高分辨率照片打印/受控光照 2. 高分辨率照片打印/恶劣光照 最终，1300段真实访问视频与攻击视频按如下规则划分： - 训练集：包含60段真实访问视频与300段攻击视频，覆盖不同光照条件； - 开发集：包含60段真实访问视频与300段攻击视频，覆盖不同光照条件； - 测试集：包含80段真实访问视频与400段攻击视频，覆盖不同光照条件。 ### 人脸位置标注 我们还提供了基于局部二值模式（Local Binary Patterns, LBP）变体——修正Census变换（Modified Census Transform, MCT）的级联分类器自动标注的人脸位置[引用文献：Face Detection with the Modified Census Transform, Froba, B. and Ernst, A., 2004, IEEE International Conference on Automatic Face and Gesture Recognition, pp. 91-96]。 自动人脸定位程序在总采集帧中的准确率超过99%，即所有视频中仅有不到1%的帧未标注人脸。使用者的算法需考虑这一情况。 ### 合法生物识别交易协议 可基于本二维人脸欺骗攻击数据库评估基线人脸识别系统的性能，验证攻击样本能否绕过此类系统，或评估系统对欺骗攻击的鲁棒性。下文将说明如何使用注册集数据构建背景模型与受试者模型，并利用现有数据完成评分。 1. **通用背景模型（Universal Background Model, UBM）**：从注册集视频中选取训练集受试者的视频构建UBM。每位受试者对应2段视频，共计30段视频，每段包含375帧，用于生成模型； 2. **受试者模型**：使用开发集与测试组受试者的注册数据生成受试者模型。每位受试者对应2段视频（对应两种光照条件）。注册流程结束后，开发集需为该集合内的15名受试者各生成1个模型；同理，测试集需为该集合内的20名受试者各生成1个模型； 3. 简单基线验证：分别对开发集与测试集的真实访问视频生成全量评分，但**不得**跨开发集与测试集混合评分。与匹配的受试者视频及模型（在同一子集内，即开发集或测试集）对应的评分视为真实受试者访问，其余所有评分视为冒充者评分； 4. 若需获取单一性能指标，可按如下方式操作：仅使用开发集生成的评分，基于开发集的等错误率（Equal Error Rate, EER）调优基线人脸识别系统的阈值，再使用该阈值计算测试集评分的半总错误率（Half Total Error Rate, HTER）。 ### 欺骗攻击评估协议 攻击协议用于评估欺骗攻击对抗措施的二分类性能。本数据库可根据攻击生成所用设备类型划分为6种不同协议：打印攻击、移动设备（手机）攻击、高清屏幕（平板）攻击、照片攻击、视频攻击以及全量测试（所有攻击类型）。此外，可在上述6组的基础上，按攻击者是否徒手实施攻击或使用固定支架进一步划分子集。该分类方案共计生成18种协议，可用于研究二维人脸欺骗攻击对抗措施的性能。下表详述了每种协议对应的视频片段数量。 ### 致谢 若使用本数据库，请引用如下文献： I. Chingovska, A. Anjos, S. Marcel,"On the Effectiveness of Local Binary Patterns in Face Anti-spoofing"; IEEE BIOSIG, 2012. 链接：https://ieeexplore.ieee.org/document/6313548 http://publications.idiap.ch/index.php/publications/show/2447