DP-Image: Differential Privacy for Image Data in Feature Space

TL;DR

This paper introduces DP-Image, a novel differential privacy framework for images that protects personal information by adding noise in feature space, balancing privacy and image utility.

Contribution

It proposes the first image-aware differential privacy definition and a mechanism to achieve privacy by perturbing image feature vectors.

Findings

DP-Image provides strong privacy guarantees for images.

The method maintains face recognizability with controlled distortion.

Experimental results validate effective privacy protection.

Abstract

The excessive use of images in social networks, government databases, and industrial applications has posed great privacy risks and raised serious concerns from the public. Even though differential privacy (DP) is a widely accepted criterion that can provide a provable privacy guarantee, the application of DP on unstructured data such as images is not trivial due to the lack of a clear qualification on the meaningful difference between any two images. In this paper, for the first time, we introduce a novel notion of image-aware differential privacy, referred to as DP-image, that can protect user's personal information in images, from both human and AI adversaries. The DP-Image definition is formulated as an extended version of traditional differential privacy, considering the distance measurements between feature space vectors of images. Then we propose a mechanism to achieve DP-Image by adding noise to an image feature vector. Finally, we conduct experiments with a case study on face image privacy. Our results show that the proposed DP-Image method provides excellent DP protection on images, with a controllable distortion to faces.