Subset of Replay-Attack Dataset
This dataset is a (protocolled) subset of the Replay Attack Dataset. Please proceed to its home page instead.

The Print-Attack Replay Database for consists of 200 video clips of printed-photo attack attempts to 50 clients, under different lighting conditions. It also contains 200 real-access attempt videos from the same clients. This Database was produced at the Idiap Research Institute, in Switzerland.


If you use this database, please cite the following publication:

         author = {Anjos, Andr{\'{e}} and Marcel, S{\'{e}}bastien},
       keywords = {Attack, Counter-Measures, Counter-Spoofing, Disguise, Dishonest Acts, Face Recognition, Forgery, Liveness Detection, Replay, Spoofing, Trick},
          month = oct,
          title = {Counter-Measures to Photo Attacks in Face Recognition: a public database and a baseline},
        journal = {International Joint Conference on Biometrics 2011},
      booktitle = {International Joint Conference on Biometrics 2011},
           year = {2011},

Spoofing Attacks Description

The data is split into 4 sub-groups comprising:

  1. Training data ("train"), to be used for training your anti-spoof classifier;
  2. Development data ("devel"), to be used for threshold estimation. Please note these data will also be used for threshold estimation using the scores you will send us for the performance evaluation of your algorithm. Results on the test set will be evaluated with this prior;
  3. Test data ("test"), with which to report error figures
  4. Enrollment data ("enroll"), that can be used to verify spoofing sensitivity on face detection algorithms.

Clients that appear on the one of the data sets (train, devel or test) do not appear in any other set.

Technical Information

All videos are generated by either having a (real) client trying to access a laptop through a built-in webcam or by displaying a printed photo of the same client for at least 9 seconds. The webcam produces colour videos with a resolution of 320 pixels (width) by 240 pixels (height). The movies were recorded on a Macbook laptop using the QuickTime framework (codec: Motion JPEG) and saved into ".mov" files. The frame rate is about 25 Hz. Besides the native support on Apple computers, these files are *easily* readable using mplayer, ffmpeg or any other video utilities available under Linux or MS Windows systems.

Real client accesses as well as data collected for the print attacks are taken under two different lighting conditions:

  • controlled: The office light was turned on, blinds are down, background is homogene
  • adverse: Blinds up, more complex background, office lights are out.

To generate the photo-attacks, high-resolution photos from each client were taken under the same conditions as in their authentication sessions and printed in colour using the whole spaaace of an A4 paper. The attacks can be divided into two subsets. The first subset is composed of videos generated using a stand to hold the client printed photo ("fixed"). For the second set, the attacker holds the picture with their own hands. Please note that your final classifier should be able to treat both subsets indistinctively.

The 200 real-accesses and attacks were divided in the following way:

  1. "train" contains 60 real-accesses and 60 attacks under different lighting conditions
  2. "devel" contains 60 real-accesses and 60 attacks under different lighting conditions
  3. "test" contains 80 real-accesses and 80 attacks under different lighting conditions

We also provide face locations automatically annotated by a cascade of classifiers based on a variant of Local Binary Patterns (LBP) referred as Modified Census Transform (MCT). The annotations live in the directory "face-locations". Another README file located in the root of that directory explain usage details.


Since the database was first published for the IJCB'2011 competition on anti-spoofing (, we have discovered 3 files that carried wrong client identities. We have then replaced the following original raw data with corrected versions:

  • devel/attack/fixed/
  • test/attack/fixed/
  • test/attack/fixed/

Matching face-location files have also been updated. The modified settings corresponds to the "v2" file prefixes you have available in the downloads section. We don't believe changing 3 files will drastically improve or degrade your results. If it is the case, please write us: we can still provide the old (uncorrected) files if you need them for comparison.