Skip to main content

Running the experiments as given in paper: "On the Vulnerability of Palm Vein Recognition to Spoofing Attacks".

Project description

This package provides the source code to run the experiments published in the paper On the Vulnerability of Palm Vein Recognition to Spoofing Attacks. It relies on the PalmveinRecLib to execute the palmvein recognition experiments, and some satellite packages from Bob to compute the evaluation.


Currently, this package only works in Unix-like environments and under MacOS. Due to limitations of the Bob library, MS Windows operating systems are not supported. We are working on a port of Bob for MS Windows, but it might take a while. In the meanwhile you could use our VirtualBox images that can be downloaded here.


The installation of this package relies on the BuildOut system. By default, the command line sequence:

$ ./python
$ ./bin/buildout

should download and install all requirements, including the PalmveinRecLib, the database interface bob.db.verapalm, the Spoofing evaluation framework antispoofing.evaluation and all their required packages. There are a few exceptions, which are not automatically downloaded:


The face recognition experiments rely on the open source signal-processing and machine learning toolbox Bob. To install Bob, please visit and follow the installation instructions. Please verify that you have at least version 2.0 of Bob installed. If you have installed Bob in a non-standard directory, please open the buildout.cfg file from the base directory and set the prefixes directory accordingly.


The experiments that we report in the Paper were generated with Bob version 2.0 and PalmveinRecLib version 2.0.0. If you use different versions of either of these packages, the results might differ slightly. For example, we are aware that, due to some initialization differences, the results using Bob 1.2.0 and 1.2.1 are not identical, but similar.

Image Databases

The experiments are run on external image databases. We do not provide the images from the databases themselves. Hence, please contact the database owners to obtain a copy of the images. The two databases used in our experiments can be downloaded here:


For the experiments you have to create a unique directory (example: vera) and two subdirectories (vera/Palmvein) and (vera/SpoofingPalmvein) that contain the databases. After downloading the databases, you will need to tell our software, where it can find them by changing the configuration files. In particular, please update the --imagedir to indicate the directory of the images in bob.db.verapalm.

Please let all other configuration parameters unchanged as this might influence the face recognition experiments and, hence, the reproducibility of the results.

Getting help

In case anything goes wrong, please feel free to open a new ticket in our GitLab page, or send an email to

Recreating the results of the Paper

After successfully setting up the databases, you are now able to run the palmvein recognition and spoofing attack experiments as explained in the Paper.

The experiment configuration

The palmvein recognition experiment are run using the bob.palmvein package, but for convenience there exists a wrapper script that set up the right parametrization for the call to the PalmveinRecLib. The configuration files that are used by the PalmveinRecLib, which contain all the parameters of the experiments, can be found in the bob.palmvein/bob/palmvein/configurations directory.

Running the experiments

This script can be found in bin/ It requires some command line options, which you can list using ./bin/ --help. Usually, the command line options have a long version (starting with --) and a shortcut (starting with a single -), here we use only the long versions:

  • --database: Specify the name of the databases to run experiments on. (default: verapalm).
  • --preprocessing: Specify the image preprocessing to run; the preprocessors will automatically assigned to the according experiment. Possible value is palmvein-preprocessor.
  • --features: Specify the features to run the experimetns. By default, the feature selected is the ‘lbp-linearbinarypatterns’ local binary patterns - LBP.
  • --tool: Specify the matcher to run the experimetns. By default, the match-lbp is selected.
  • --protocols: Specify a list of protocols that you want to run. Possible values are NOM50 and SpoofingAttack50. By default, all protocols are used.
  • --dry-run: Use this option to print the calls to the PalmveinRecLib without executing them.
  • --temp-directory: Specify a directory where temporary files will be stored (default: temp). This directory can be deleted after all experiments ran successfully.
  • --result-directory: Specify a directory where final result files will be stored (default: results). This directory is required to evaluate the experiments.

Additionally, you can pass options directly to the PalmveinRecLib, but you should do that with care. Simply use -- to separate options to the bin/ from options to the PalmveinRecLib. For example, the --force option might be of interest. See ./bin/ --help for a complete list of options.

It is advisable to use the --dry-run option before actually running the experiments, just to see that everything is correct. Also, the Info (2) verbosity level prints useful information, e.g., by adding the --verbose --verbose (or shortly -vv) on the command line. A commonly used command line sequence to execute the face recognition algorithm on both databases could be:

  1. Run the experiments on the VERA Palm database:

    $ ./bin/ -vv --databases verapalm


All output directories of the scripts will be automatically generated if they do not exist yet.


The execution of the script may take a long time and require large amounts of memory. Nevertheless, the scripts are set up such that they re-use all parts of the experiments as far as this is possible.

Evaluating the experiments

After all experiments have finished successfully, the resulting score files can be evaluated. For this, the bin/ script can be used to create a pdf file with the SFAR curves that are provided in the paper. See ./bin/ --help for a complete list of options. To replicate the results of the paper:

  • --dev-file: Specify the file of the scores file (4-column) containing the scores for the verification system, Normal Operation Mode (NOM) scenario.
  • --spoofing-file: The file of the scores file (4-column) containing the scores for the verification system, Spoofing Attack scenario.
  • --output-file: (Optional) Specify the name of the output pdf file.
  • --demandedplot: Specify the option to plotting the score distribution for licit and spoof scenario and threshold line and probability of success line.

Again, the most usual way to compute the resulting tables could be:

  1. Evaluate experiments on VERA:

    $ bin/ -vvv

Cite our paper

If you use the results in any of your contributions, please cite the following paper:

     author = {Tome, Pedro and Marcel, S{\'{e}}bastien},
   keywords = {Biometrics, Palm vein, Spoofing Attacks},
      month = may,
      title = {On the Vulnerability of Palm Vein Recognition to Spoofing Attacks},
  booktitle = {The 8th IAPR International Conference on Biometrics (ICB)},
       year = {2015},
   location = {Pucket, Thailand},
        url = {}

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution (33.7 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page