Self-recoverable Adversarial Examples: A New Effective Protection Mechanism in Social Networks

TL;DR

This paper introduces a novel recoverable adversarial example generation method using a generative adversarial network, enhancing privacy protection in social networks by enabling both effective attacks and recoverability.

Contribution

It proposes a recoverable generative adversarial network that models attack and recovery as a unified task, improving the robustness and recoverability of adversarial examples for privacy security.

Findings

Generated adversarial examples show superior recoverability and attack ability.

The method enhances robustness across different datasets and network architectures.

Experimental results confirm effectiveness as a privacy protection mechanism.

Abstract

Malicious intelligent algorithms greatly threaten the security of social users' privacy by detecting and analyzing the uploaded photos to social network platforms. The destruction to DNNs brought by the adversarial attack sparks the potential that adversarial examples serve as a new protection mechanism for privacy security in social networks. However, the existing adversarial example does not have recoverability for serving as an effective protection mechanism. To address this issue, we propose a recoverable generative adversarial network to generate self-recoverable adversarial examples. By modeling the adversarial attack and recovery as a united task, our method can minimize the error of the recovered examples while maximizing the attack ability, resulting in better recoverability of adversarial examples. To further boost the recoverability of these examples, we exploit a dimension reducer to optimize the distribution of adversarial perturbation. The experimental results prove that the adversarial examples generated by the proposed method present superior recoverability, attack ability, and robustness on different datasets and network architectures, which ensure its effectiveness as a protection mechanism in social networks.