NIST releases new guidelines for detecting face morphing attacks

The US National Institute of Standards and Technology (NIST) published new guidelines to help organizations optimize their efforts to detect face morphing software, a deepfake technology that blends two people's photos into a single image to trick face recognition systems.

What happened

NIST released a new report titled "Face Analysis Technology Evaluation (FATE) MORPH 4B: Considerations for Implementing Morph Detection in Operations" (NISTIR 8584). The guidelines focus on face morphing, a deepfake technology where threat actors blend photos of two people into a single image. This technique enables identity fraud by tricking face recognition systems into identifying an image as belonging to both original individuals, allowing individual A to assume the identity of individual B and vice versa. The report introduces the topic and key detection methods, focusing on pros and cons of various investigatory techniques. It aims to prevent morphs from entering operational systems in locations such as passport application offices and border crossings. The guidelines differentiate between two detection scenarios: single-image morph attack detection where examiners only have the synthesized photo, and differential morph attack detection where they have both the synthesized photo and a genuine image for comparison.

The backstory

As far back as 2022, Europol warned that face morphing could be used in document fraud, such as applying for a passport or passing identity checks.

Going deeper

The report outlines specific accuracy rates for different detection methods:

Single-image detection can detect morphs up to 100% of the time at a false detection rate of 1%, but only if the tool has been trained on examples from the software that generated the morph. If not trained on specific software examples, accuracy can fall to under 40%.

Differential detectors show more consistent performance, with accuracy ranging from 72% to 90% for morphs created via open-source and proprietary software. However, these detectors require an additional genuine photo for comparison, which may not always be available in operational settings.

What was said

Report author Mei Ngan explained the guidelines' purpose: "What we're trying to do is guide operational staff in determining whether there is a need for investigation and what steps that might take."

Ngan emphasized the importance of awareness and prevention: "It's important to know that morphing attacks are happening, and there are ways to mitigate them. The most effective way is to not allow users the opportunity to submit a manipulated photo for an ID credential in the first place."

She also noted improvements in detection capabilities: "Detection tools have improved dramatically in recent years."

In the know

Face morphing represents a specific type of deepfake technology that creates synthetic images by blending facial features from two different people. Unlike traditional deepfakes that might replace one person's face entirely, morphing creates a hybrid image that can fool facial recognition systems into accepting the image as legitimate for multiple identities. This technology poses particular risks for identity verification systems used in government services, border control, and other high-security applications where accurate identity confirmation is critical.

Why it matters

Face morphing attacks target the foundation of identity verification systems used across critical infrastructure including passport offices and border crossings. Unlike generic cybersecurity threats, these attacks exploit the reliance on automated facial recognition technology in government and security applications. The ability for a single morphed image to fool systems into accepting multiple identities creates risks for national security and identity verification processes. Organizations implementing facial recognition systems need these specific guidelines because traditional cybersecurity measures don't address the unique challenges of synthetic image detection. 

FAQs

How do face morphing attacks differ from other types of deepfakes?

Face morphing creates a blended identity from two people, while other deepfakes usually replace one person’s likeness with another.

Are there international standards for detecting face morphing attacks?

Currently, guidelines vary, and NIST’s work represents one of the first structured approaches to standardization.