Adversarial machine learning for combating the vulnerabilities of DNN-based biometric systems

The Idiap Research Institute seeks qualified candidates for a PhD position on "adversarial machine learning for combating the vulnerabilities of DNN-based biometric systems".

Recent advances in DNN-based face and speaker biometric recognition systems indicate superior performance to traditional biometric recognition methods. We envision, therefore, that future state-of-the-art face and speaker biometric systems will be largely DNN-based.

Likewise, we anticipate new challenges in dealing with such systems’ security aspects.

This first part of this project will involve an investigation into the vulnerability of DNN-based face and speaker biometric systems to various attacks, including primarily: (i) presentation attacks to bypass recognition using an altered biometric sample (“obfuscation/evasion” or “impersonation”), and (ii) manipulation of the training data to change the classification outcome to suit the attacker’s motives (”poisoning” or ”trojan”). In the second part of the project, the student will explore adversarial machine learning techniques to improve the robustness of DNN-based face and speaker biometric systems to such attacks and more particularly the following results are expected:

  • Investigation into the vulnerability of DNN-based face and speaker biometric systems to various attacks, including primarily “evasion” and “poisoning” attacks;
  • Exploration and analysis of adversarial machine learning techniques to improve the robustness of DNN-based face and speaker biometric systems to such attacks;
  • Open-source implementations of attack simulations/solutions on face and speaker recognition system baselines.

This project will be funded by the H2020 Marie Sklodowska-Curie program and the applicant will also be expected to be involved in project meetings, training activities as well as visiting research groups and/or companies.

The proposed research will be carried out in the Biometric Security and Privacy group (Dr. Sebastien Marcel) at Idiap. The research will rely on previous knowledge and softwares developed at Idiap, more specifically Bob toolkit.
Reproducible research is a cornerstone of the project. Hence a strong involvement in open source libraries such as Bob are expected.

The ideal candidate should hold a Master degree in computer science, electrical engineering or related fields. She or he should have a background in statistics, applied mathematics, optimization, linear algebra and signal processing. The applicant should also have strong programming skills and be familiar with Python, C/C++ (MATLAB is not a plus), various scripting languages and with the Linux environment. Knowledge in machine learning and more particularly deep learning (TensorFlow and pyTorch) is an asset. Shortlisted candidate may undergo a series of tests including technical reading and writing in English and programming (in Python and/or C/C++).

Idiap is affiliated with Ecole Polytechnique Federale de Lausanne (EPFL). Working at Idiap in Martigny, the successful candidate will become a doctoral student at EPFL, and thus also has to be accepted for enrolment by the Electrical Engineering (EDEE) or the Computer, Communication and Information Sciences (EDIC) Doctoral Schools. The PhD position is for 4 years, provided successful progress, and should lead to a dissertation. Annual gross salary ranges from 47,000 CHF (first year) to 50,000 CHF (last year).

Prospective candidates should apply through the Idiap Online Recruitment System (ORS) only, and applications should contain a cover letter (max 2 pages long and should explain how your background fit with our research activities -- see the short description of our research and our latest publications), CV, statement of research interests and accomplishments, and names and email addresses of 3 references. In your CV, relative ranking should be included when possible, such as average grade or ranks in the class. Inquiries about the position can be addressed to Dr. Sébastien Marcel.

The project start date is expected to be late 2019 or early 2020. The position will remain open until filled.

Interested? Please submit your candidature through the Idiap online recruitment system:

Adversarial machine learning for combating the vulnerabilities of DNN-based biometric systems