CN110059569B - Living body detection method and device, and model evaluation method and device - Google Patents

Living body detection method and device, and model evaluation method and device Download PDF

Info

Publication number
CN110059569B
CN110059569B CN201910216920.XA CN201910216920A CN110059569B CN 110059569 B CN110059569 B CN 110059569B CN 201910216920 A CN201910216920 A CN 201910216920A CN 110059569 B CN110059569 B CN 110059569B
Authority
CN
China
Prior art keywords
sample set
living body
attack
samples
training
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910216920.XA
Other languages
Chinese (zh)
Other versions
CN110059569A (en
Inventor
曹佳炯
丁菁汀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to CN201910216920.XA priority Critical patent/CN110059569B/en
Publication of CN110059569A publication Critical patent/CN110059569A/en
Application granted granted Critical
Publication of CN110059569B publication Critical patent/CN110059569B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/048Activation functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/40Spoof detection, e.g. liveness detection
    • G06V40/45Detection of the body part being alive

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

The invention provides a living body detection method and device and a model evaluation method and device, wherein the living body detection method comprises the following steps: training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a living sample set and an attack sample set; training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model; inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set; training the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain a confrontation living body base model; and determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the antagonistic living body base model.

Description

Living body detection method and device, and model evaluation method and device
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for detecting a living body and a method and a device for evaluating a model.
Background
With the development of computer vision technology, more and more authentication systems verify the identity of a living body based on living body identification. However, in the living body recognition process, a lawbreaker often attacks the recognition system using a photograph, a video, or the like. Therefore, in order to reduce the influence due to the attack, it is necessary to determine whether or not a sample input to the recognition system is collected from a living body.
Currently, in-vivo detection is generally performed by using a data-driven deep learning algorithm.
However, as the number of users of the identification system increases, the potential risk of attack also increases. Many new attack modalities such as PS attacks, software generation attacks, etc. are emerging. The existing method only has a corresponding training sample set to strengthen the recognition model after a new attack type appears, thereby achieving the purpose of detecting the new attack type. In view of this, research into new in vivo detection methods is gradually receiving attention from skilled workers.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for detecting a living body, and a method and an apparatus for evaluating a model, which can identify an attack of an unknown type.
In a first aspect, an embodiment of the present invention provides a method for detecting a living body, including:
training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a living sample set and an attack sample set;
training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body basic model to obtain a countermeasure model;
inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
training the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain a confrontation living body base model;
and determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the antagonistic living body base model.
In a second aspect, an embodiment of the present invention provides a model evaluation method, including:
training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
training the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain a confrontation living body base model;
and evaluating the anti-living body base model to obtain an evaluation result, wherein the evaluation result is used for measuring the performance of the anti-living body base model.
In a third aspect, an embodiment of the present invention provides a living body detection apparatus, including:
the first training unit is used for training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
the second training unit is used for training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
the generating unit is used for inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
a third training unit, configured to train the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set, and one or more countermeasure samples in the countermeasure sample set, so as to obtain an countermeasure living body base model;
and the detection unit is used for determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the antagonistic living body base model.
In a fourth aspect, an embodiment of the present invention provides a model evaluation apparatus, including:
the first training unit is used for training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
the second training unit is used for training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
the generating unit is used for inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
a third training unit, configured to train the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set, and one or more countermeasure samples in the countermeasure sample set, so as to obtain an countermeasure living body base model;
and the evaluation unit is used for evaluating the antagonistic living body base model to obtain an evaluation result, and the evaluation result is used for measuring the performance of the antagonistic living body base model.
The embodiment of the invention adopts at least one technical scheme which can achieve the following beneficial effects: according to the method, the countermeasure network is trained by utilizing the attack sample set in the training sample set, so that the countermeasure network can find the weakness of the living body base model, and further the countermeasure sample set capable of attacking the living body base model is obtained. And training the living body base model by using one or more confrontation samples in the confrontation sample set, so that the living body base model can learn the attack of unknown type and overcome the weakness of the living body base model.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the embodiments or technical solutions in the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method of in vivo detection provided by an embodiment of the present invention;
FIG. 2 is a flow chart of a model evaluation method provided by an embodiment of the invention;
FIG. 3 is a flow chart of a method of in vivo detection provided by another embodiment of the present invention;
FIG. 4 is a schematic diagram of an in-vivo detection device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a living body detecting apparatus according to another embodiment of the present invention;
fig. 6 is a schematic structural diagram of a model evaluation apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a method for detecting a living body, which may include the steps of:
step 101: training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: live sample set and attack sample set.
The scene data can be collected by the modes of scene data backflow, outsourcing data collection, automatic data collection equipment collection and the like. To increase the richness of the living body-based model, the collected attack samples and living body samples may include various types. Wherein, the types of attack samples mainly include: photo attack on mobile phones and displays, photo printing attack, video playback attack, PS attack, 3D mask attack and the like. In addition, the collected environment can also contain various illumination and posture conditions so as to achieve comprehensive training and evaluation effects.
It should be noted that, because the acquired scene data may contain the information of the user, a desensitization process is required before the training sample set is obtained. That is, before step 101, the method further includes: collecting scene data; desensitizing the scene data to obtain a training sample set.
The living body base model is a discriminant machine learning model.
Step 101 specifically includes: and inputting the living body sample set and the attack sample set into a living body network, and training the living body network by taking a Softmax function as a loss function to obtain a living body base model.
The living body network may be an existing convolutional neural network or the like. In the embodiment of the invention, a Softmax function of a second classification is used as a loss function, and in the training process, the label of an attack sample is set to be 1, and the label of a living sample is set to be 0. Of course, in practical application scenarios, other functions may be selected as the loss function.
Step 102: and training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body basic model to obtain a countermeasure model.
One or more attack samples in the attack sample set in step 102 may be the attack sample set itself or a subset thereof in step 101.
The countermeasure networks can be divided into two categories, one in which there is an up-down dimension, and the other in which there is no up-down dimension.
TABLE 1 Structure of a countermeasure network with dimension up and down
Figure BDA0002002138710000051
There are competing networks of ascending and descending dimensions, typically convolutional layers, pooling layers, and deconvolution layers. Due to the presence of Pooling layers (Pooling) and deconvolution layers (decontv) for dimensionality reduction and dimensionality enhancement, the output resolution of this type of countermeasure network varies. During training, the countermeasure network loses some detailed information of the input samples, but can generate more modes of the countermeasure samples. More patterns of challenge samples can identify more attack samples of unknown type. As shown in table 1, there is a structure of the countermeasure network in which dimension ascending and dimension descending exist.
There is no countermeasure network for dimension up and down, and because the output resolution of each layer is the same, more details of the input samples can be preserved. However, the pattern of the generated attack sample is relatively single. As shown in table 2, the structure of the countermeasure network is a structure in which dimension ascending and dimension descending do not exist.
TABLE 2 Structure of a countermeasure network without dimension upgrade and dimensionality reduction
Figure BDA0002002138710000061
Step 102 specifically includes:
inputting one or more attack samples in the attack sample set into an anti-network to obtain an intermediate sample set, inputting the intermediate sample set into a living body base model, and training the anti-network according to an anti-loss function; wherein the weight of the living body base model is kept unchanged in the training process.
Wherein the penalty function comprises:
LOSS=-Softmax(x′)+Euclidean(x,x′)
the LOSS is used for representing an anti-LOSS function, the Softmax function is a normalized exponential function, the Euclidean function is an Euclidean distance function, x is used for representing attack samples in an attack sample set, and x' is used for representing intermediate samples in an intermediate sample set.
The antagonistic loss function is composed of two parts, one part is the loss function of the living body base model, and the other part is the similarity of the attack sample and the intermediate sample. In the training process, the method maximizes the model, further achieves the purpose of classification error of the basic model of the living body, and simultaneously ensures that the attacking sample and the intermediate sample do not have a larger difference.
In the embodiment of the invention, the loss function of the living body base model is a Softmax function, and the similarity between the attack sample and the middle sample is measured by an Euclidean distance function. In practical application scenarios, the penalty-fighting function may have other forms of construction, and the Softmax function and the Euclidean function may be replaced by other functions.
The countermeasure network needs to be connected in series in front of the living body base model, the countermeasure network is a generative network, and the living body base model is disturbed through the generated intermediate samples. In the process of training the countermeasure network, the weight of the living body base model is frozen and unchanged, and only the weight of the countermeasure network is changed along with the training. And obtaining a countermeasure model by training the countermeasure network, and enabling the countermeasure model to generate a model.
Step 103: and inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set.
One or more attack samples in the attack sample set in step 103 may be the attack sample set itself or a subset thereof.
Step 104: and training a living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain a confrontation living body base model.
Step 104 specifically includes: inputting one or more living samples in the living sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set into a living body base model, and training the living body base model by taking a Softmax function as a loss function to obtain the confrontation living body base model. Wherein the sum of the number of samples of the live sample set and the attack sample set is greater than the number of samples of the challenge sample set.
In order to ensure the accuracy of the identification of the obtained confrontation living body base model, the number of training samples input into the living body base model is more than that of the confrontation samples, for example, the number of samples of the training sample set (living body sample set and attack sample set) is 85%, and the number of samples of the confrontation sample set is 15%. In addition, the loss function used in the training process may be other functions such as Sigmoid function.
Step 105: and determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the anti-living body base model.
The trained antagonistic living body base model can be used for living body detection in an online or offline scene.
According to the method, the countermeasure network is trained by utilizing the attack sample set in the training sample set, so that the countermeasure network can find the weakness of the living body base model, and further the countermeasure sample set capable of attacking the living body base model is obtained. Training the live body base model with one or more challenge samples in the challenge sample set enables the live body base model to learn an unknown type of attack and overcome its own weaknesses.
As shown in fig. 2, an embodiment of the present invention provides a model evaluation method, including:
step 201: training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: live sample set and attack sample set.
Step 202: and training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body basic model to obtain a countermeasure model.
Step 203: and inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set.
Step 204; and training the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain the confrontation living body base model.
Steps 201 to 204 in the embodiment of the present invention are similar to steps 101 to 104 described above, and are not described herein again.
Step 205: and evaluating the anti-living body base model to obtain an evaluation result, wherein the evaluation result is used for measuring the performance of the anti-living body base model.
The method can determine the performance of the anti-living body base model through the evaluation process, and in an actual application scene, the parameters of the anti-living body base model can be adjusted according to the evaluation result so as to improve the accuracy of living body detection.
In an actual application scenario, acquired scenario data can be divided into a training sample set and a testing sample set. The training sample set is used to test the model's response to known attack types, while the testing sample set is used to evaluate the model's response to unknown attacks.
In order to make the living body base model learn more attack types, the training sample set comprises 80% of the living body sample set and 80% of the attack sample set, and the training sample set covers 80% of the attack types. The test sample set includes the remaining 20% live sample set and 20% challenge sample set. In this case, the trained in vivo-based model responds well to the known 80% of attack types, while responding to the unknown 20% of attacks leaves something to be desired.
Because the attack types in the training sample set and the attack types in the test sample set are mutually exclusive, the test sample can effectively evaluate the response of the anti-living body base model to the attack of unknown type.
Various evaluation methods can be employed to evaluate various aspects of the performance of the anti-living body-based model.
Two evaluation methods, one being classification accuracy evaluation and the other being ROC curve evaluation, will be provided below.
(1) Classification accuracy assessment
Evaluating the antagonistic living body base model to obtain an evaluation result, which specifically comprises the following steps: identifying whether the object in the test sample of the test sample set is a living body according to the anti-living body base model; determining the number of test samples correctly identified against the living body base model according to the identification result; and determining the classification accuracy of the anti-living body base model according to the number of the test samples correctly identified by the anti-living body base model.
The classification accuracy evaluation is used for measuring the classification accuracy of the antagonistic living body base model on the test sample, and the calculation formula is as follows:
Figure BDA0002002138710000091
wherein Accuracy is used to characterize the classification Accuracy of the antagonistic living body base model, N total For characterizing the total number of samples, N, in a test sample set cls For characterizing the number of test samples that correctly identify against the basic model of the living body.
(2) ROC curve evaluation
Evaluating the antagonistic living body base model to obtain an evaluation result, wherein the evaluation result specifically comprises the following steps: identifying whether the object in the test sample of the test sample set is a living body according to the anti-living body base model; establishing an ROC (receiver operating characteristic) curve of an anti-living body base model according to the identification result; AUC (Area Under the ROC Curve enclosed by the coordinate axes) was determined.
Compared with the classification accuracy, the ROC curve can evaluate the recall rate of the model to the attack sample under different false interception rates of the living body sample. Finally, the performance of the model was evaluated by the area enclosed by the ROC curves, i.e., AUC. The larger the AUC, the better the model performance.
In practical application scenarios, in order to clarify the recognition effect of the anti-living-base model on an unknown type of attack, the anti-living-base model is generally evaluated together with the living-base model.
As shown in fig. 3, an embodiment of the present invention provides a method for detecting a living body, including:
step 301: acquiring scene data, and performing desensitization treatment on the scene data to obtain a training sample set, wherein the training sample set comprises: live sample set and attack sample set.
Step 302: inputting the living body sample set and the attack sample set into a living body network, training the living body network by taking a Softmax function as a loss function, and obtaining a living body base model, wherein the training sample set comprises: live sample set and attack sample set.
Step 303: inputting one or more attack samples in the attack sample set into an anti-network to obtain an intermediate sample set, inputting the intermediate sample set into a living body base model, and training the anti-network according to an anti-loss function; wherein the weight of the living body base model is kept unchanged in the training process.
The countermeasure network is composed of convolution layers with the step length of 1; the countermeasure network may also be comprised of convolutional layers, pooling layers, and deconvolution layers.
The penalty function is:
LOSS=-Softmax(x′)+Euclidean(x,x′)
the LOSS is used for representing a LOSS resisting function, the Softmax function is a normalized exponential function, the Euclidean function is a Euclidean distance function, x is used for representing attack samples in an attack sample set, and x' is used for representing intermediate samples in an intermediate sample set.
Step 304: and inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set.
Step 305: inputting one or more living samples in the living sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set into a living body base model, and training the living body base model by taking a Softmax function as a loss function to obtain the confrontation living body base model; wherein the sum of the number of samples of the live sample set and the attack sample set is greater than the number of samples of the challenge sample set.
Step 306: and determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the anti-living body base model.
As shown in fig. 4, an embodiment of the present invention provides a living body detection apparatus, including:
a first training unit 401, configured to train a preset living body network according to a training sample set to obtain a living body base model, where the training sample set includes: a live sample set and an attack sample set;
a second training unit 402, configured to train a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
a generating unit 403, configured to input one or more attack samples in the attack sample set into the countermeasure model, so as to obtain a countermeasure sample set;
a third training unit 404, configured to train a live body base model according to one or more live body samples in the live body sample set, one or more attack samples in the attack sample set, and one or more confrontation samples in the confrontation sample set, so as to obtain a confrontation live body base model;
the detecting unit 405 is configured to determine whether an object in the to-be-detected sample of the to-be-detected sample set is a living body according to the anti-living body base model.
In one embodiment of the present invention, as shown in fig. 5, the living body detecting apparatus further includes: an acquisition unit 406, configured to acquire scene data; and carrying out desensitization treatment on the scene data to obtain a training sample set.
In one embodiment of the present invention, the attack types of the attack samples in the attack sample set include: any one or more of photo attack of mobile phones and displays, photo print attack, video playback attack, PS attack and 3D mask attack.
In an embodiment of the present invention, the first training unit 401 is configured to input the living body sample set and the attack sample set into a living body network, train the living body network by using a Softmax function as a loss function, and obtain a living body base model.
In an embodiment of the present invention, the second training unit 402 is configured to input one or more attack samples in the attack sample set into the countermeasure network to obtain an intermediate sample set, input the intermediate sample set into the living body base model, and train the countermeasure network according to a countermeasure loss function; wherein the weight of the living body base model is kept unchanged in the training process.
In one embodiment of the invention, the penalty function comprises:
LOSS=-Softmax(x′)+Euclidean(x,x′)
the LOSS is used for representing an anti-LOSS function, the Softmax function is a normalized exponential function, the Euclidean function is an Euclidean distance function, x is used for representing attack samples in an attack sample set, and x' is used for representing intermediate samples in an intermediate sample set.
In an embodiment of the present invention, the third training unit 404 is configured to input one or more live samples in the live sample set, one or more attack samples in the attack sample set, and one or more challenge samples in the challenge sample set into the live base model, and train the live base model using the Softmax function as a loss function to obtain the challenge live base model.
In one embodiment of the invention, the sum of the number of samples of the live sample set and the attack sample set is greater than the number of samples of the challenge sample set.
In one embodiment of the invention, the countermeasure network consists of convolutional layers with a step size of 1; alternatively, the countermeasure network is composed of a convolutional layer, a pooling layer, and a deconvolution layer.
An embodiment of the present invention provides a model evaluation apparatus, as shown in fig. 6, the apparatus including:
the first training unit 601 is configured to train a preset living body network according to a training sample set to obtain a living body base model, where the training sample set includes: a live sample set and an attack sample set;
a second training unit 602, configured to train a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
a generating unit 603, configured to input one or more attack samples in the attack sample set into the countermeasure model, so as to obtain a countermeasure sample set;
a third training unit 604, configured to train a live body base model according to one or more live body samples in the live body sample set, one or more attack samples in the attack sample set, and one or more confrontation samples in the confrontation sample set, so as to obtain a confrontation live body base model;
the evaluation unit 605 is configured to evaluate the anti-living body base model to obtain an evaluation result, where the evaluation result is used to measure the performance of the anti-living body base model.
In an embodiment of the invention, the evaluation unit 605 is configured to identify whether the object in the test sample of the test sample set is a living body according to the anti-living body base model; determining the number of test samples correctly identified against the living body base model according to the identification result; and determining the classification accuracy of the anti-living body base model according to the number of the test samples correctly identified by the anti-living body base model.
In an embodiment of the invention, the evaluation unit 605 is configured to identify whether the object in the test sample of the test sample set is a living body according to the anti-living body base model; according to the identification result, establishing an ROC curve of the living body resisting base model; the AUC was determined.
The embodiment of the invention provides a living body detection device, which comprises: a processor and a memory;
the memory is used for storing execution instructions, and the processor is used for executing the execution instructions stored by the memory to realize the method of any one of the above embodiments.
In the 90's of the 20 th century, improvements to a technology could clearly distinguish between improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements to process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (com universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, plasm (software Hardware Description Language), VHDL (runtime Hardware Description Language), and vhjdl (Hardware Description Language), which are currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.

Claims (24)

1. A method of in vivo detection comprising:
training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body basic model to obtain a countermeasure model;
inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
training the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain a confrontation living body base model;
and determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the antagonistic living body base model.
2. The in-vivo detection method according to claim 1,
before the training of the preset living body network according to the training sample set to obtain the living body base model, the method further comprises the following steps:
collecting scene data;
and desensitizing the scene data to obtain the training sample set.
3. The in-vivo detection method according to claim 1,
the attack types of the attack samples in the attack sample set include: any one or more of a photo attack on a mobile phone and a display, a photo print attack, a video playback attack, a PS attack and a 3D mask attack.
4. The in-vivo detection method according to claim 1,
the training of the preset living body network according to the training sample set to obtain the living body base model comprises the following steps:
and inputting the living body sample set and the attack sample set into the living body network, and training the living body network by taking a Softmax function as a loss function to obtain the living body base model.
5. The in-vivo detection method according to claim 1,
the training of a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model comprises the following steps:
inputting one or more attack samples in the attack sample set into the countermeasure network to obtain an intermediate sample set, inputting the intermediate sample set into the living body base model, and training the countermeasure network according to a countermeasure loss function; wherein the weight of the living body-based model remains unchanged during the training process.
6. The in-vivo detection method according to claim 5,
the opposition loss function comprises:
LOSS=-Softmax(x′)+Euclidean(x,x′)
wherein LOSS is used for characterizing the countermeasure LOSS function, softmax is a normalized exponential function, euclidean is a Euclidean distance function, x is used for characterizing attack samples in the attack sample set, and x' is used for characterizing intermediate samples in the intermediate sample set.
7. The in-vivo detection method according to claim 1,
the training of the live-base model according to one or more live samples in the live sample set, one or more attack samples in the attack sample set and one or more countermeasure samples in the countermeasure sample set to obtain an countermeasure live-base model, comprising:
inputting one or more living samples in the living sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set into the living base model, and training the living base model by taking a Softmax function as a loss function to obtain the confrontation living base model.
8. The in-vivo detection method according to claim 7,
the sum of the number of samples of the live sample set and the attack sample set is greater than the number of samples of the countermeasure sample set.
9. The in vivo detection method according to any one of claims 1 to 8,
the countermeasure network is composed of convolution layers with the step length of 1;
and/or the presence of a gas in the gas,
the countermeasure network is composed of a convolutional layer, a pooling layer, and a deconvolution layer.
10. A model evaluation method, comprising:
training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
training the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set to obtain a confrontation living body base model;
and evaluating the anti-living body base model to obtain an evaluation result, wherein the evaluation result is used for measuring the performance of the anti-living body base model.
11. The model evaluation method as set forth in claim 10,
the evaluation of the antagonistic living body base model to obtain an evaluation result comprises the following steps:
identifying whether the object in the test sample of the test sample set is a living body according to the antagonistic living body base model;
determining the number of test samples correctly identified by the anti-living body base model according to the identification result;
and determining the classification accuracy of the anti-living body base model according to the number of the test samples correctly identified by the anti-living body base model.
12. The model evaluation method according to claim 10 or 11,
the evaluation of the antagonistic living body base model to obtain an evaluation result comprises the following steps:
identifying whether an object in a test sample in the test sample set is a living body or not according to the anti-living body base model;
according to the identification result, establishing a receiver working characteristic curve (ROC) curve of the anti-living body base model;
and determining the area AUC enclosed by the coordinate axis under the ROC curve.
13. A living body detection device, comprising:
the first training unit is used for training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
the second training unit is used for training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
the generating unit is used for inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
a third training unit, configured to train the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set, and one or more countermeasure samples in the countermeasure sample set, so as to obtain an countermeasure living body base model;
and the detection unit is used for determining whether the object in the sample to be detected in the sample set to be detected is a living body or not according to the antagonistic living body base model.
14. The biopsy device of claim 13, further comprising: a collection unit;
the acquisition unit is used for acquiring scene data; and desensitizing the scene data to obtain the training sample set.
15. The biopsy device according to claim 13,
the attack types of the attack samples in the attack sample set include: any one or more of photo attack of mobile phones and displays, photo print attack, video playback attack, PS attack and 3D mask attack.
16. The biopsy device according to claim 13,
the first training unit is used for inputting the living body sample set and the attack sample set into the living body network, training the living body network by taking a Softmax function as a loss function, and obtaining the living body base model.
17. The living body detecting device according to claim 13,
the second training unit is used for inputting one or more attack samples in the attack sample set into the countermeasure network to obtain an intermediate sample set, inputting the intermediate sample set into the living body base model, and training the countermeasure network according to a countermeasure loss function; wherein the weight of the living body-based model remains unchanged during the training process.
18. The living body detecting device according to claim 17,
the opposition loss function comprises:
LOSS=-Softmax(x′)+Euclidean(x,x′)
wherein LOSS is used for characterizing the countermeasure LOSS function, softmax is a normalized exponential function, euclidean is a Euclidean distance function, x is used for characterizing attack samples in the attack sample set, and x' is used for characterizing intermediate samples in the intermediate sample set.
19. The biopsy device according to claim 13,
and the third training unit is used for inputting one or more living samples in the living body sample set, one or more attack samples in the attack sample set and one or more confrontation samples in the confrontation sample set into the living body base model, and training the living body base model by taking a Softmax function as a loss function to obtain the confrontation living body base model.
20. The biopsy device according to claim 19,
the sum of the number of samples of the live sample set and the attack sample set is greater than the number of samples of the challenge sample set.
21. The biopsy device according to any one of claims 13-20,
the countermeasure network is composed of convolution layers with the step length of 1;
and/or the presence of a gas in the atmosphere,
the countermeasure network is composed of a convolutional layer, a pooling layer, and a deconvolution layer.
22. A model evaluation apparatus comprising:
the first training unit is used for training a preset living body network according to a training sample set to obtain a living body base model, wherein the training sample set comprises: a live sample set and an attack sample set;
the second training unit is used for training a preset countermeasure network according to one or more attack samples in the attack sample set and the living body base model to obtain a countermeasure model;
the generating unit is used for inputting one or more attack samples in the attack sample set into the countermeasure model to obtain a countermeasure sample set;
a third training unit, configured to train the living body base model according to one or more living body samples in the living body sample set, one or more attack samples in the attack sample set, and one or more countermeasure samples in the countermeasure sample set, so as to obtain an countermeasure living body base model;
and the evaluation unit is used for evaluating the antagonistic living body base model to obtain an evaluation result, and the evaluation result is used for measuring the performance of the antagonistic living body base model.
23. The model evaluation device of claim 22,
the evaluation unit is used for identifying whether the object in the test sample of the test sample set is a living body according to the antagonistic living body base model; determining the number of test samples correctly identified by the anti-living body base model according to the identification result; and determining the classification accuracy of the anti-living body base model according to the number of the test samples correctly identified by the anti-living body base model.
24. The model evaluation device of claim 22 or 23,
the evaluation unit is used for identifying whether the object in the test sample set is a living body or not according to the living body resisting base model; establishing a receiver operating characteristic curve (ROC) curve of the antagonistic living body base model according to the identification result; and determining the area AUC enclosed by the ROC curve and the coordinate axis.
CN201910216920.XA 2019-03-21 2019-03-21 Living body detection method and device, and model evaluation method and device Active CN110059569B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910216920.XA CN110059569B (en) 2019-03-21 2019-03-21 Living body detection method and device, and model evaluation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910216920.XA CN110059569B (en) 2019-03-21 2019-03-21 Living body detection method and device, and model evaluation method and device

Publications (2)

Publication Number Publication Date
CN110059569A CN110059569A (en) 2019-07-26
CN110059569B true CN110059569B (en) 2022-12-27

Family

ID=67317243

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910216920.XA Active CN110059569B (en) 2019-03-21 2019-03-21 Living body detection method and device, and model evaluation method and device

Country Status (1)

Country Link
CN (1) CN110059569B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110674856A (en) * 2019-09-12 2020-01-10 阿里巴巴集团控股有限公司 Method and device for machine learning
CN111553202B (en) * 2020-04-08 2023-05-16 浙江大华技术股份有限公司 Training method, detection method and device for neural network for living body detection
CN112084915A (en) * 2020-08-31 2020-12-15 支付宝(杭州)信息技术有限公司 Model training method, living body detection method, device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229375A (en) * 2017-12-29 2018-06-29 百度在线网络技术(北京)有限公司 For detecting the method and apparatus of facial image
CN108322349A (en) * 2018-02-11 2018-07-24 浙江工业大学 The deep learning antagonism attack defense method of network is generated based on confrontation type
CN108416324A (en) * 2018-03-27 2018-08-17 百度在线网络技术(北京)有限公司 Method and apparatus for detecting live body

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102403494B1 (en) * 2017-04-27 2022-05-27 에스케이텔레콤 주식회사 Method for learning Cross-domain Relations based on Generative Adversarial Network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229375A (en) * 2017-12-29 2018-06-29 百度在线网络技术(北京)有限公司 For detecting the method and apparatus of facial image
CN108322349A (en) * 2018-02-11 2018-07-24 浙江工业大学 The deep learning antagonism attack defense method of network is generated based on confrontation type
CN108416324A (en) * 2018-03-27 2018-08-17 百度在线网络技术(北京)有限公司 Method and apparatus for detecting live body

Also Published As

Publication number Publication date
CN110059569A (en) 2019-07-26

Similar Documents

Publication Publication Date Title
CN113095124B (en) Face living body detection method and device and electronic equipment
CN111476306B (en) Object detection method, device, equipment and storage medium based on artificial intelligence
CN107808098B (en) Model safety detection method and device and electronic equipment
CN110059569B (en) Living body detection method and device, and model evaluation method and device
US9407706B2 (en) Methods, devices, and apparatuses for activity classification using temporal scaling of time-referenced features
US8930300B2 (en) Systems, methods, and apparatuses for classifying user activity using temporal combining in a mobile device
Yang et al. Activity graph based convolutional neural network for human activity recognition using acceleration and gyroscope data
CN112507831B (en) Living body detection method, living body detection device, living body detection apparatus, and storage medium
CN112308113A (en) Target identification method, device and medium based on semi-supervision
CN113392180A (en) Text processing method, device, equipment and storage medium
CN113065593A (en) Model training method and device, computer equipment and storage medium
Ji et al. Real-time embedded object detection and tracking system in Zynq SoC
CN111310590B (en) Action recognition method and electronic equipment
CN112912889B (en) Image template updating method, device and storage medium
CN112052724A (en) Finger tip positioning method and device based on deep convolutional neural network
CN116152933A (en) Training method, device, equipment and storage medium of anomaly detection model
CN112364851A (en) Automatic modulation recognition method and device, electronic equipment and storage medium
CN111860056B (en) Blink-based living body detection method, blink-based living body detection device, readable storage medium and blink-based living body detection equipment
CN111126358A (en) Face detection method, face detection device, storage medium and equipment
Pan et al. Magthief: Stealing private app usage data on mobile devices via built-in magnetometer
CN117953341A (en) Pathological image segmentation network model, method, device and medium
CN111753583A (en) Identification method and device
CN110889290B (en) Text encoding method and apparatus, text encoding validity checking method and apparatus
CN111931148A (en) Image processing method and device and electronic equipment
CN112200109A (en) Face attribute recognition method, electronic device, and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200929

Address after: 27 Hospital Road, George Town, Grand Cayman ky1-9008

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

Effective date of registration: 20200929

Address after: 27 Hospital Road, George Town, Grand Cayman ky1-9008

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: 27 Hospital Road, George Town, Grand Cayman ky1-9008

Applicant before: Advanced innovation technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant