College of Computer Science, Chongqing University, Chongqing, China

School of Computer Science and Information Engineering, Chongqing Technology and Business University, Chongqing, China

SAMOVAR, Telecom SudParis, CNRS, Institut Polytechnique de Paris, Palaiseau, France

Vein biometrics is a high security and privacy preserving identification technology that has attracted increasing attention over the last decade. Deep neural networks (DNNs), such as convolutional neural networks (CNN), have shown strong capabilities for robust feature representation, and have achieved, as a result, state-of-the-art performance on various vision tasks. Inspired by their success, deep learning models have been widely investigated for vein recognition and have shown significant improvement of identification accuracy compared to handcrafted models. Existing deep learning models, however, are vulnerable to adversarial perturbation attacks, where thoughtfully crafted small perturbations can cause misclassification of legitimate images, degrading, thereby, the efficiency of vein recognition systems. To address this problem, we propose, in this paper, VeinGuard, a novel defense framework to defend deep learning classifiers against adversarial palm-vein image attacks, composed of a local transformer-based GAN and a purifier. VeinGuard comprises two components: a local transformer-based GAN (LTGAN) that learns the distribution of unperturbed vein images and generates high-quality palm-vein images, and a purifier consisting of a trainable residual network and of a pre-trained generator from LTGAN that automatically removes a wide variety of adversarial perturbations. The resulting clean images are fed to vein classifiers for identification, thereby avoiding adversarial attacks. We evaluate VeinGuard on three public vein datasets in terms of white-box attacks, black-box attacks, ablation experiments, and computation time. The experimental results show that VeinGuard allows filtering the perturbations and enables the classifiers to achieve state-of-the-art recognition results for different adversarial attacks. 中文翻译： 静脉生物识别技术是一种高度安全和隐私保护的识别技术，在过去十年中引起了越来越多的关注。深度神经网络 (DNN)，例如卷积神经网络 (CNN)，已显示出强大的特征表示能力，并因此在各种视觉任务上实现了最先进的性能。受其成功的启发，深度学习模型已被广泛研究用于静脉识别，并且与手工制作的模型相比，识别精度显着提高。然而，现有的深度学习模型容易受到对抗性扰动攻击，精心设计的小扰动可能导致合法图像的错误分类，从而降低静脉识别系统的效率。为了解决这个问题，我们建议，在本文中，VeinGuard 是一种新颖的防御框架，可保护深度学习分类器免受对抗性手掌静脉图像攻击，由基于局部变换器的 GAN 和净化器组成。VeinGuard 包含两个组件：一个基于局部变换器的 GAN (LTGAN)，它学习未受干扰的静脉图像的分布并生成高质量的手掌静脉图像，以及一个由可训练的残差网络和来自 LTGAN 的预训练生成器组成的净化器自动消除各种对抗性扰动。生成的干净图像被馈送到静脉分类器进行识别，从而避免对抗性攻击。我们根据白盒攻击、黑盒攻击、消融实验和计算时间在三个公共静脉数据集上评估 VeinGuard。