Privacy Safe Representation Learning via Frequency Filtering Encoder

TL;DR

This paper proposes a frequency filtering encoder for privacy-preserving representation learning that effectively resists reconstruction attacks while maintaining high utility, advancing secure client-server image processing.

Contribution

It introduces a novel ARL method using frequency domain low-pass filtering to enhance privacy protection against reconstruction attacks.

Findings

Outperforms previous methods in privacy-utility trade-off

Resists reconstruction attacks effectively

Validated through user study

Abstract

Deep learning models are increasingly deployed in real-world applications. These models are often deployed on the server-side and receive user data in an information-rich representation to solve a specific task, such as image classification. Since images can contain sensitive information, which users might not be willing to share, privacy protection becomes increasingly important. Adversarial Representation Learning (ARL) is a common approach to train an encoder that runs on the client-side and obfuscates an image. It is assumed, that the obfuscated image can safely be transmitted and used for the task on the server without privacy concerns. However, in this work, we find that training a reconstruction attacker can successfully recover the original image of existing ARL methods. To this end, we introduce a novel ARL method enhanced through low-pass filtering, limiting the available information amount to be encoded in the frequency domain. Our experimental results reveal that our approach withstands reconstruction attacks while outperforming previous state-of-the-art methods regarding the privacy-utility trade-off. We further conduct a user study to qualitatively assess our defense of the reconstruction attack.