Adversarial Privacy-preserving Filter

TL;DR

This paper introduces an end-cloud collaborative adversarial attack method called APF to protect online face images from malicious recognition, balancing privacy, utility, and accessibility.

Contribution

The work presents a novel end-cloud adversarial attack framework that generates privacy-preserving perturbations for face images shared online, with extensive validation and a prototype application.

Findings

Effective in preventing face recognition on multiple datasets

Balances privacy protection with image utility

Efficient and practical for real-world deployment

Abstract

While widely adopted in practical applications, face recognition has been critically discussed regarding the malicious use of face images and the potential privacy problems, e.g., deceiving payment system and causing personal sabotage. Online photo sharing services unintentionally act as the main repository for malicious crawler and face recognition applications. This work aims to develop a privacy-preserving solution, called Adversarial Privacy-preserving Filter (APF), to protect the online shared face images from being maliciously used.We propose an end-cloud collaborated adversarial attack solution to satisfy requirements of privacy, utility and nonaccessibility. Specifically, the solutions consist of three modules: (1) image-specific gradient generation, to extract image-specific gradient in the user end with a compressed probe model; (2) adversarial gradient transfer, to fine-tune the image-specific gradient in the server cloud; and (3) universal adversarial perturbation enhancement, to append image-independent perturbation to derive the final adversarial noise. Extensive experiments on three datasets validate the effectiveness and efficiency of the proposed solution. A prototype application is also released for further evaluation.We hope the end-cloud collaborated attack framework could shed light on addressing the issue of online multimedia sharing privacy-preserving issues from user side.