A Systematic Failure Analysis of Vision Foundation Models for Open Set Iris Presentation Attack Detection

Rahul Anand, Siddharth Singh, Dileep A D, Mahadeva Prasanna, Raghavendra Ramachandra

arXiv:2605.19020 · 2026-05-20 공개 · arXiv · PDF

foundation-models low-rank-adaptation security-evaluation periocular-imagery cross-spectral presentation-attack-instruments vision-foundation-models biometric-applications

Abstract

Vision foundation models have demonstrated strong transferability across diverse visual recognition tasks and are increasingly considered for biometric applications. Their suitability for iris Presentation Attack Detection (PAD), particularly under realistic open-set operating conditions, remains insufficiently examined. This work presents a systematic failure analysis of general-purpose vision foundation models for open-set iris PAD using periocular imagery. Five representative foundation models are evaluated under three open-set protocols that explicitly separate different sources of distribution shift: unseen Presentation Attack Instruments (PAIs), unseen datasets captured with different sensors and cross-spectral transfer from near-infrared (NIR) to visible spectrum (VIS) imagery. Both frozen feature representations and parameter-efficient task adaptation using Low-Rank Adaptation (LoRA) are assessed within a unified experimental framework. The results indicate that foundation models can transfer across datasets with similar sensing characteristics, but fail to generalise reliably to unseen attack instruments and degrade sharply under cross-spectral evaluation. While LoRA improves performance in certain cross-dataset settings, it frequently amplifies failure under attack-level and spectral shifts. Additional validation experiments using segmented iris inputs, full backbone fine-tuning, joint cross-dataset and cross-PAI shifts, and reverse VIS to NIR transfer further confirm that these failures are not simply artefacts of periocular input, weak adaptation, or one-directional spectral evaluation. These findings show that strong closed-set or cross-dataset performance should not be treated as evidence of robust open-set security, and highlight the need for PAD representations that maintain sensitivity to presentation artefacts while remaining stable under realistic deployment variation.

한국어 요약

한 줄 요약

**[홍채 위변조 탐지 / 비전 파운데이션 모델 견고성]** 개방 집합(open-set) 운영 조건에서 일반 목적 비전 파운데이션 모델 5종이 홍채 Presentation Attack Detection(PAD)에 얼마나 일반화되는지 체계적으로 진단한 실패 분석 연구.

핵심 기여도

핵심 아이디어

"closed-set 또는 cross-dataset 성능이 좋다"는 사실이 실제 배포에서의 "open-set 보안 견고성"을 보장하지 않는다는 점을 정량적으로 드러내고, PAD 표현은 제시 아티팩트(presentation artefact)에 대한 민감도를 유지하면서도 배포 변동에 안정해야 함을 강조.

기술적 접근법

주요 결과

의의 및 한계

**의의**: 생체 인식·보안 분야에서 파운데이션 모델 도입을 고려하는 실무자에게 closed-set 평가에 의존한 채택이 위험하다는 명확한 진단을 제공. **한계**: 평가가 holistic periocular 입력 위주이며, 실제 운영 환경의 더 광범위한 변동(조명·자세·연령)에 대한 영향은 후속 연구가 필요.

실용적 활용