Adversarially Robust Fingerprint Authentication via PGD-Aware Training and Diffusion-Based Purification

Abstract

Fingerprint recognition is widely used for biometric authentication in digital financial systems, but its vulnerability to adversarial perturbations is a growing security concern. Projected Gradient Descent (PGD) attacks are particularly damaging—by iteratively refining perturbations within a constrained noise budget, they can cause fingerprint recognition models to fail in ways that simpler one-step attacks cannot. In this paper, we propose a two-stage defense that pairs PGD-aware adversarial training with a diffusion model-based purification module (DiffPure). The first stage exposes the model to PGD-perturbed samples during training, building intrinsic robustness. The second stage runs a score-based diffusion model at inference time to clean adversarial noise from incoming fingerprint images before recognition. We use EfficientNet-B3 as the backbone and cosine similarity for identity matching. On the SOCOFing dataset, the combined framework reduces EER under PGD-7 attack from 0.42 to 0.19—a 55% relative improvement—while keeping clean-input EER at 0.23. Neither defense alone comes close to this. The results suggest that adversarial training and diffusion purification are genuinely complementary, and that pairing them is worth the added complexity.