2.1. Outline

The overall process of the proposed method is shown in Figure 1. First, different features of facial images are extracted. In our implementation, we use color pixels, LBP and image quality [8]. The framework is flexible and features can be easily added or removed. Second, a capsule layer is used, which is the key contribution of the proposed method. In this layer, different features are enclosed to capsules and then they are integrated with hypergraph regularization. Third, the integrated features are further processed by three full connected layers to obtain the final feature representation, which is similar to the implementation of the original capsule networks.

Figure 1

The flowchart of face spoof attack detection with hypergraph capsule convolutional neural networks. (1) Face detection is performed to obtain facial images. (2) The features of facial images are extracted. Different types of features can be used, such as color features, LBP and image quality. (3) Different features are enclosed in capsules. (4) Different types of features are integrated with hypergraph regularization. (5) Three FC layers are used to compute the hidden representations. They can be used in classification with different classifiers, such as SVM, softmax and so on.

2.2. Graph Regularized Capsule Convolutional Neural Networks

CNNs have proven successful in image description due to their high-level semantic abstraction capabilities. Let X = {x_i|i = 1, 2, ... N} be a set of input samples. In traditional CNNs with ℒ layers, the forward output on x_i on the l-layer can be defined as

where f(⋅) is widely-known as the activation function and (W)^l is the mapping parameters of the l–th layer.

There are several drawbacks on the traditional definition of CNNs. The first one is CNNs ignore the semantic correlations among samples. Therefore, Kipf and Welling proposed GCNNs [17]. In GCNNs, the output on x_i depends on its K neighbors, which is given by

where a_ik denotes the adjacency weights between nodes i and k. It is usually normalized.

The second drawback of traditional CNNs is they simply work on scale values, which limits the descriptive ability. To improve it, Sabour et al. proposed capsule neural networks [18]. In capsule networks, the input is formed as a vector. This vector is called a capsule and more properties can be contained in it. In this way, highly informative outputs can be computed with

where P is the types of properties in one capsule.

Inspired by GCNN and capsule networks, the proposed graph-regularized capsule convolutional neural networks (GRC-CNNs) combines the above two ideas and propose a novel approach for multiple-feature learning. The key forward operation is defined as

Then, the general form of GRC-CNN can be rewritten as

L is known as the graph Laplacian matrix and contains the semantic correlations among samples in X.

2.3. Hypergraph Construction

In the scenario of using multiple features, simple summing is used in the traditional routine of capsule networks. According to it, Eq. (5) can be transformed to

However, in the proposed method, we propose multiple-feature integration by hypergraph regularization. In traditional graph regularization methods, the relationships among features are assumed to be pairwise, which is over-simplified and limits the descriptive power. In hypergraph, features with the same property are connected by hyperedges. With hyperedges, more than two features can be connected. Therefore, the key to obtain good performance is the hypergraph construction of a uniform L which integrates multiple L_p.

To simplify the notation, Xp¯ is used to represent the output of X_p instead of W_pX_p, which can be assumed to be new features. To integrate them, we use patch alignment framework [19,20]. In this framework, feature vectors can be represented by vertices in this graph. Notations are shown in Table 1 and the process of multiple-feature integration is shown in Figure 2. In details, the Laplacian matrix L_p for p-th features and the global L can be computed with two stages.

Figure 2

The process of multiple-feature integration with hypergraph regularization.

1. Part optimization stage: We define one patch to be the vertices connected by one hyperedge. Thus, a patch in this graph is defined by

   argminf∈R|V|∑m,n⊂ew(e)δ(e)(ymdm−yndn)2(7)

   To solve the above minimal problem, for one patch, we need to compute

   ∑m,n⊂ew(e)δ(e)(ymdm−yndn)2,(8)

   In Eq. (8), we use all pairs of vertices contained by a hyperedge, e, and compute the summing value of

   w(e)δ(e)(ymdm−yndn)2.(9)

   By expanding Eq. (9) and combining items, the patch optimization formulation for each hyperedge can be defined as

   Lp=12∑v⊂eYDVv12He′ΩDEHeYDVv12,(10)
   where Y=yi∣1,2,…,n is the labels of images. For out-of-sample images, Y can be estimated by KNN. Besides, Matrix E is defined as
   [−e→TI](11)
   where e→=[1,…,1]T, I is an n × n identity matrix. The computational complexity of this stage is K×n×d2.

2. Whole alignment stage: In the hypergraph, the weight of a hyperedge is computed by summing the adjacency scores of all the pairs of vertices contained in this hyperedge. The adjacency score of any pair of vertices is defined as the L2 distance of image features:

   S(u,v)=exp(−1σ‖feat(u),feat(v)‖),(12)
   where feat(u) represents the image feature vector of vertex u. σ is calculated by the the standard deviation of distances. In this way, Ω can be computed by
   Ωu=∑S(u,v) where v is the k nearest neighbors of u.(13)

   Then, DE and DV can be computed by

   DEe=∑v=1NH(v,e),(14)
   and
   DVv=∑Ωu where H(u,e)=1.(15)

   With the hyper edge weighting matrix, the multi-feature hypergraph Laplacian can be computed by summing the patch optimization defined in Eq. (10) of all the hyperedges:

   L=12∑e∈E∑v∈eYDVv12He′ΩDEHeYDVv12.(16)

   The computational complexity of this stage is n².

Then, the overall output can be computed by standard eigen-decomposition on L. The dimensionality of resulting vectors D are determined by the number of eigen values we retain.

3.1. Datasets and Settings

In the experiments, we use two challenging datasets for face spoof attack detection. The first one is the NUAA Photogrph Imposter Database (NUAA). NUAA is collected by generic and commonly-used webcams [21]. It is collected in three sessions. The place and illumination conditions of each session are different. There are 5105 real faces and 7509 fake images from 15 subjects in total. Some sample images are shown in Figure 3.

Figure 3

Sample images in the NUAA dataset are shown. The images in the left two columns are real and the other two columns are fake.

The second dataset is the multispectral-spoof face spoofing database built at Idiap Research institute (MSSPOOF) [22]. It contains both color images and infrared images. Similar to NUAA, images in MSSPOOF are recorded in different light conditions. The number of subjects in the database is 21. There are 70 real faces and 144 fake images for each subject. Examples of the database are shown in Figure 4.

Figure 4

Sample images in the MSSPOOF dataset are shown. The first row are images taken with in Visible spectra (VIS), while the second one are images taken in Near-Infrared spectra (NIR). The first column are real accesses. The second column are VIS attacks. The third column are NIR attacks.

In the experiments, the performance is measured by two criteria as error rates. In face spoof attack detection, we pay more attention on the ratio of fake images classified as real faces, which is known as the false negative (FN) rate. However, the ratio of real faces classified as fake images is also used in our experiments, which is known as the false positive (FP) rate. For cross validation, we randomly choose a subset of samples in training and the rest samples are used in testing. The proportion ranges from 10% to 50%. This process is repeated 10 times and the average results are shown. All the facial parts are detected and resized to 200 × 200. SVM is used as the classifier for image features. A laptop with i7-9750H CPU, 16G RAM and GTX1650 GPU is used. Evaluations are run on MATLAB R2017a.

3.2. Parameter Sensitivities

There are two parameters to be tuned in the proposed method. They are the number of neighbors and the dimensionality of output features D. To demonstrate the effectiveness of hypergraph regularization, we compare it with existing graph learning methods, such as LDA, DLA, LPP, NPE, LSDA and ISOMAP [20]. For simplicity, only the results on FN rates under 50% training proportion are shown in Figures 5 and 6. Although the proposed hypergraph regularization is not always the best for each number and dimensionality, the overall best performance is still achieved with it. However, for different datasets, the conditions of the best performance are different. For NUAA, the best performance is achieved with K = 20 and D = 150. On the other hand, for MSSPOOF, the best performance is achieved with K = 25 and D = 200.

Figure 5

Comparison under different numbers of neighbors. The left figure is the result of NUAA while the right one is the result of MSSPOOF.

Figure 6

Comparison under different dimensionality. The left figure is the result of NUAA while the right one is the result of MSSPOOF.

3.3. Comparison with Existing Methods

To demonstrate the performance of face spoof attack detection, the following methods including the proposed HGC-CNN are used in comparison.

• Face anti-spoofing with domain generalization (FAS-DG) [13]. FAS-DG estimates the depth information to get depth loss and employs a meta-learner to compute classification loss. Both of them are used in face spoof attack detection.

• SeetaFace6. SeetaFace is an open solution for various applications related to faces, such as face detection, face recognition and so on. The latest version, which is named SeetaFace6, provides face spoof attack detection. The model has been trained and we simply use it in testing.

• GS-LBP [7]. GS-LBP makes use of the edge-preserving property of the guided scale space. Besides, joint quantization is used to encode the spatial locality. SVM is used as the classifier.

• HGC-CNNs. The proposed multiple-feature method applied capsule networks and hypergraph regularization.

The results on NUAA is shown in Table 2, while the results on MSSPOOF is shown in Table 3. The best results in each row are highlighted. According to them, we can figure out the following observation.

1. Generally speaking, the performance on NUAA is better than MSSPOOF. Fake Images in MSSPOOF are taken with good quality, which makes it more difficult to distinguish fake images and real faces.

2. FP rates are much lower than FN rates. However, FN rates are more important.

3. The proposed HGC-CNN achieves the best performance on FN rates. However, in some cases, SeetaFace6 achieves the best performance on FP rates.

4. Averagely, HGC-CNN achieves better performance over existing methods.

In Tables 2 and 3, the proposed method is not always the best on FP. We have looked into the failed samples of the proposed method. We can figure out that blurred images and dark images may cause failures. Therefore, in the future, some image preprocessing can be introduced to further improve the performance.