Deep Poisoning: Towards Robust Image Data Sharing against Visual Disclosure

TL;DR

This paper proposes a novel data sharing method that enables entities to share visual data for training deep networks without revealing sensitive contents, using a structure-based poisoning technique to prevent image reconstruction.

Contribution

It introduces a new vision task and a structure-based training regime with Deep Poisoning Modules to protect sensitive images during data sharing.

Findings

Effective prevention of image reconstruction from shared features

Maintains task performance despite data poisoning

Enables secure multi-entity collaborative training

Abstract

Due to respectively limited training data, different entities addressing the same vision task based on certain sensitive images may not train a robust deep network. This paper introduces a new vision task where various entities share task-specific image data to enlarge each other's training data volume without visually disclosing sensitive contents (e.g. illegal images). Then, we present a new structure-based training regime to enable different entities learn task-specific and reconstruction-proof image representations for image data sharing. Specifically, each entity learns a private Deep Poisoning Module (DPM) and insert it to a pre-trained deep network, which is designed to perform the specific vision task. The DPM deliberately poisons convolutional image features to prevent image reconstructions, while ensuring that the altered image data is functionally equivalent to the non-poisoned data for the specific vision task. Given this equivalence, the poisoned features shared from one entity could be used by another entity for further model refinement. Experimental results on image classification prove the efficacy of the proposed method.