DeepIris: An ensemble approach to defending Iris recognition classifiers against Adversarial Attacks

Despite being known for their robust performance in the biometrics domain, Deep Convolutional Neural Networks always face a high risk of being fooled by precisely engineered input samples. These samples are called adversarial examples and such attacks are called adversarial attacks. These attacks pose great threat to any biometric security system. In this paper, to guard against adversarial iris images, we propose defensive schemes. The first strategy we propose relies on our adversarial denoising encoder architecture. The second strategy relies on wavelet transformation to divide them into wavelet sub-bands following an U-net architecture wavelet domain denoising on processing each sub-band to remove the adversarial noise. We measure the efficiency against numerous attack scenarios of the suggested adversarial defence mechanism and equate the findings with state-of-the-art defence strategies.