Siamese Generative Adversarial Privatizer for Biometric Data

TL;DR

This paper introduces SGAP, a method that uses adversarial training and Siamese networks to anonymize biometric data like faces and fingerprints, balancing privacy with data utility.

Contribution

We propose a novel Siamese Generative Adversarial Privatizer (SGAP) that effectively anonymizes biometric data while preserving its utility for other tasks.

Findings

Successfully anonymized biometric datasets with minimal utility loss

Effective in disguising identifying features in faces and fingerprints

Outperforms baseline privacy-preserving methods

Abstract

State-of-the-art machine learning algorithms can be fooled by carefully crafted adversarial examples. As such, adversarial examples present a concrete problem in AI safety. In this work we turn the tables and ask the following question: can we harness the power of adversarial examples to prevent malicious adversaries from learning identifying information from data while allowing non-malicious entities to benefit from the utility of the same data? For instance, can we use adversarial examples to anonymize biometric dataset of faces while retaining usefulness of this data for other purposes, such as emotion recognition? To address this question, we propose a simple yet effective method, called Siamese Generative Adversarial Privatizer (SGAP), that exploits the properties of a Siamese neural network to find discriminative features that convey identifying information. When coupled with a generative model, our approach is able to correctly locate and disguise identifying information, while minimally reducing the utility of the privatized dataset. Extensive evaluation on a biometric dataset of fingerprints and cartoon faces confirms usefulness of our simple yet effective method.