Morphing attacks are an emerging threat to state-of-the-art Face Recognition (FR) systems, which aim to create a single image that contains the biometric information of multiple identities. Diffusion Morphs (DiM) are a recently proposed morphing attack that has achieved state-of-the-art performance for representation-based morphing attacks. However, none of the existing research on DiMs have leveraged the iterative nature of DiMs and left the DiM model as a black box, treating it no differently than one would a Generative Adversarial Network (GAN) or Varational AutoEncoder (VAE). We propose a greedy strategy on the iterative sampling process of DiM models which searches for an optimal step guided by an identity-based heuristic function. We compare our proposed algorithm against ten other state-of-the-art morphing algorithms using the open-source SYN-MAD 2022 competition dataset. We find that our proposed algorithm is unreasonably effective, fooling all of the tested FR systems with an MMPMR of 100%, outperforming all other morphing algorithms compared.

翻译：融合攻击是对当前最先进人脸识别系统的新兴威胁，其目标在于创建包含多个身份生物特征信息的单张图像。扩散融合模型（DiM）是近期提出的融合攻击方法，在基于表征的融合攻击中达到了最先进性能。然而，现有关于DiM的研究均未利用其迭代特性，始终将DiM模型视为黑箱，将其与生成对抗网络（GAN）或变分自编码器（VAE）等同对待。我们针对DiM模型的迭代采样过程提出了一种贪心策略，该策略通过基于身份的启发式函数搜索最优步骤。我们利用开源的SYN-MAD 2022竞赛数据集，将所提算法与其他十种最先进的融合算法进行对比。实验表明，所提算法异常有效，以100%的平均最大身份混淆率（MMPMR）欺骗了所有测试的人脸识别系统，性能优于所有对比的融合算法。