Abstract
Today, users of social platforms upload a large number of photos. These photos contain personal private information, including user identity information, which is easily gleaned by intelligent detection algorithms. To thwart this, in this work, we propose an intelligent algorithm to prevent deep neural network (DNN) detectors from detecting private information, especially human faces, while minimizing the impact on the visual quality of the image. More specifically, we design an image privacy protection algorithm by training and generating a corresponding adversarial sample for each image to defend DNN detectors. In addition, we propose an improved model based on the previous model by training an adversarial perturbation generative network to generate perturbation instead of training for each image. We evaluate and compare our proposed algorithm with other methods on wider face dataset and others by three indicators: Mean average precision, Averaged distortion, and Time spent. The results show that our method significantly interferes with DNN detectors while causing weak impact to the visual quality of images, and our improved model does speed up the generation of adversarial perturbations.
- Alessandro Acquisti and Christina M. Fong. 2020. An experiment in hiring discrimination via online social networks. Management Science 66, 3 (2020), 1005--1024.Google Scholar
Digital Library
- Shumeet Baluja and Ian Fischer. 2017. Adversarial transformation networks: Learning to generate adversarial examples. arXiv preprint arXiv:1703.09387 (2017).Google Scholar
- Joseph Bonneau, Jonathan Anderson, and Luke Church. 2009. Privacy suites: Shared privacy for social networks. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’09), Vol. 9. 1--2.Google Scholar
Digital Library
- Avishek Joey Bose and Parham Aarabi. 2018. Adversarial attacks on face detectors using neural net-based constrained optimization. In Proceedings of the IEEE 20th International Workshop on Multimedia Signal Processing (MMSP’18). IEEE, 1--6.Google Scholar
Cross Ref
- Xueying Dong. 2018. A method of image privacy protection based on blockchain technology. In Proceedings of the International Conference on Cloud Computing, Big Data and Blockchain (ICCBB’18). IEEE, 1--4.Google Scholar
Cross Ref
- Mark Everingham, S. M. Ali Eslami, Luc Van Gool, Christopher K. I. Williams, John Winn, and Andrew Zisserman. 2015. The pascal visual object classes challenge: A retrospective. Int. J. Comput. Vision 111, 1 (2015), 98--136.Google Scholar
Digital Library
- Lujun Fang and Kristen LeFevre. 2010. Privacy wizards for social networking sites. In Proceedings of the 19th International Conference on World Wide Web. ACM, 351--360.Google Scholar
Digital Library
- Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. Stat 1050 (2015), 20.Google Scholar
- Yuwen He, Chunhong Zhang, Xinning Zhu, and Yang Ji. 2019. Generative adversarial network-based image privacy protection algorithm. In Proceedings of the 10th International Conference on Graphics and Image Processing (ICGIP’18), Vol. 11069. International Society for Optics and Photonics, 1106927.Google Scholar
Cross Ref
- Sandy Huang, Nicolas Papernot, Ian Goodfellow, Yan Duan, and Pieter Abbeel. 2017. Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284 (2017).Google Scholar
- Peter Klemperer, Yuan Liang, Michelle Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, and Michael Reiter. 2012. Tag, you can see it!: Using tags for access control in photo sharing. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 377--386.Google Scholar
Digital Library
- Jernej Kos, Ian Fischer, and Dawn Song. 2018. Adversarial examples for generative models. In Proceedings of the IEEE Security and Privacy Workshops (SPW’18). IEEE, 36--42.Google Scholar
Cross Ref
- Richard McPherson, Reza Shokri, and Vitaly Shmatikov. 2016. Defeating image obfuscation with deep learning. arXiv preprint arXiv:1609.00408 (2016).Google Scholar
- Seong Joon Oh, Mario Fritz, and Bernt Schiele. 2017. Adversarial image perturbation for privacy protection a game theory perspective. In Proceedings of the IEEE International Conference on Computer Vision (ICCV’17). IEEE, 1491--1500.Google Scholar
Cross Ref
- Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, and Norman M. Sadeh. 2009. Capturing social networking privacy preferences. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. Springer, 1--18.Google Scholar
- Shaoqing Ren, Kaiming He, Ross Girshick, and Jian Sun. 2015. Faster R-CNN: Towards real-time object detection with region proposal networks. In Advances in Neural Information Processing Systems. MIT Press, 91--99.Google Scholar
Digital Library
- Eleftherios Spyromitros-Xioufis, Symeon Papadopoulos, Adrian Popescu, and Yiannis Kompatsiaris. 2016. Personalized privacy-aware image classification. In Proceedings of the ACM on International Conference on Multimedia Retrieval. ACM, 71--78.Google Scholar
Digital Library
- Anna Squicciarini, Dan Lin, Sushama Karumanchi, and Nicole DeSisto. 2012. Automatic social group organization and privacy management. In Proceedings of the 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom’12). IEEE, 89--96.Google Scholar
Digital Library
- Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna Estrach, Dumitru Erhan, Ian Goodfellow, and Robert Fergus. 2014. Intriguing properties of neural networks. In 2nd International Conference on Learning Representations (ICLR'14).Google Scholar
- Pedro Tabacof, Julia Tavares, and Eduardo Valle. 2016. Adversarial images for variational autoencoders. arXiv preprint arXiv:1612.00155 (2016).Google Scholar
- Ashwini Tonge and Cornelia Caragea. 2015. Privacy prediction of images shared on social media sites using deep features. arXiv preprint arXiv:1510.08583 (2015).Google Scholar
- Ashwini Kishore Tonge and Cornelia Caragea. 2016. Image privacy prediction using deep features. In Proceedings of the 30th AAAI Conference on Artificial Intelligence.Google Scholar
- Michael J. Wilber, Vitaly Shmatikov, and Serge Belongie. 2016. Can we still avoid automatic face detection? In Proceedings of the IEEE Winter Conference on Applications of Computer Vision (WACV’16). IEEE, 1--9.Google Scholar
Cross Ref
- Shuo Yang, Ping Luo, Chen-Change Loy, and Xiaoou Tang. 2016. Wider face: A face detection benchmark. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 5525--5533.Google Scholar
Cross Ref
- Jun Yu, Baopeng Zhang, Zhengzhong Kuang, Dan Lin, and Jianping Fan. 2016. iPrivacy: Image privacy protection by identifying sensitive objects via deep multi-task learning. IEEE Trans. Info. Forens. Secur. 12, 5 (2016), 1005--1016.Google Scholar
Digital Library
- Sergej Zerr, Stefan Siersdorfer, Jonathon Hare, and Elena Demidova. 2012. Privacy-aware image classification and search. In Proceedings of the 35th International ACM SIGIR Conference on Research and Development in Information Retrieval. ACM, 35--44.Google Scholar
Digital Library
- Haoti Zhong, Anna Cinzia Squicciarini, David J. Miller, and Cornelia Caragea. 2017. A group-based personalized model for image privacy classification and labeling. In Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI’17), Vol. 17. 3952--3958.Google Scholar
Cross Ref
- Zhuotun Zhu, Lingxi Xie, and Alan L. Yuille. 2017. Object recognition with and without objects. In Proceedings of the 26th International Joint Conference on Artificial Intelligence. 3609--3615.Google Scholar
Index Terms
An Image Privacy Protection Algorithm Based on Adversarial Perturbation Generative Networks
Recommendations
Protecting image privacy through adversarial perturbation
AbstractIn current digital era, users of various social media upload photos which usually contain tremendous amount of private information on daily basis. Though the private information contained within photos can assist enterprises to provide users with ...
Geolocated Data Generation and Protection Using Generative Adversarial Networks
Modeling Decisions for Artificial IntelligenceAbstractData mining techniques allow us to discover patterns in large datasets. Nonetheless, data may contain sensitive information. This is especially true when data is georeferenced. Thus, an adversary could learn about individual whereabouts, points of ...
Finding "hidden" connections on linkedIn an argument for more pragmatic social network privacy
AISec '09: Proceedings of the 2nd ACM workshop on Security and artificial intelligenceSocial networking services well know that some users are unwilling to freely share the information they store with the service (e.g. profile information). To address this, ser vices typically provide various privacy "knobs" that the user may adjust to ...






Comments