Towards Privacy-Preserving Visual Recognition via Adversarial Training: A Pilot Study

Wu, Zhenyu; Wang, Zhangyang; Wang, Zhaowen; Jin, Hailin

doi:10.1007/978-3-030-01270-0_37

Cited by 132 publications

(79 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In fact, the two suboptimizations in (1) denote an iterative routine to solve this unified form (performing coordinate descent between {f T , f O }, and f N ). This form can easily capture many other settings or scenarios, e.g., privacy-preserving visual recognition [51,48] where f T encodes features to avoid peeps from f N while preserving utility for f O .…”

Section: Formulation Of Ndftmentioning

confidence: 99%

Delving Into Robust Object Detection From Unmanned Aerial Vehicles: A Deep Nuisance Disentanglement Approach

Suresh

Narayanan

et al. 2019

2019 IEEE/CVF International Conference on Computer Vision (ICCV)

Self Cite

View full text Add to dashboard Cite

Object detection from images captured by Unmanned Aerial Vehicles (UAVs) is becoming increasingly useful. Despite the great success of the generic object detection methods trained on ground-to-ground images, a huge performance drop is observed when they are directly applied to images captured by UAVs. The unsatisfactory performance is owing to many UAV-specific nuisances, such as varying flying altitudes, adverse weather conditions, dynamically changing viewing angles, etc. Those nuisances constitute a large number of fine-grained domains, across which the detection model has to stay robust. Fortunately, UAVs will record meta-data that depict those varying attributes, which are either freely available along with the UAV images, or can be easily obtained. We propose to utilize those free meta-data in conjunction with associated UAV images to learn domain-robust features via an adversarial training framework dubbed Nuisance Disentangled Feature Transform (NDFT), for the specific challenging problem of object detection in UAV images, achieving a substantial gain in robustness to those nuisances. We demonstrate the effectiveness of our proposed algorithm, by showing state-ofthe-art performance (single model) on two existing UAVbased object detection benchmarks. The code is available at https:// github.com/ TAMU-VITA/ UAV-NDFT.

show abstract

Section: Formulation Of Ndftmentioning

confidence: 99%

Delving Into Robust Object Detection From Unmanned Aerial Vehicles: A Deep Nuisance Disentanglement Approach

Suresh

Narayanan

et al. 2019

2019 IEEE/CVF International Conference on Computer Vision (ICCV)

Self Cite

View full text Add to dashboard Cite

show abstract

“…While differentialprivacy based perturbation approaches are emerging (e.g., [17,18]) they are currently not reversible. Perturbation schemes that thwart one pre-specified classifier while allowing another pre-specified classifier to classify correctly (e.g., [31,79]) have also been proposed. However, those approaches are also not reversible.…”

Section: Lack Of Strong Guaranteesmentioning

confidence: 99%

On the (Im)Practicality of Adversarial Perturbation for Image Privacy

Rajabi

Bobba

Rosulek

et al. 2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Image hosting platforms are a popular way to store and share images with family members and friends. However, such platforms typically have full access to images raising privacy concerns. These concerns are further exacerbated with the advent of Convolutional Neural Networks (CNNs) that can be trained on available images to automatically detect and recognize faces with high accuracy.Recently, adversarial perturbations have been proposed as a potential defense against automated recognition and classification of images by CNNs. In this paper, we explore the practicality of adversarial perturbation-based approaches as a privacy defense against automated face recognition. Specifically, we first identify practical requirements for such approaches and then propose two practical adversarial perturbation approaches – (i) learned universal ensemble perturbations (UEP), and (ii) k-randomized transparent image overlays (k-RTIO) that are semantic adversarial perturbations. We demonstrate how users can generate effective transferable perturbations under realistic assumptions with less effort.We evaluate the proposed methods against state-of-theart online and offline face recognition models, Clarifai.com and DeepFace, respectively. Our findings show that UEP and k-RTIO respectively achieve more than 85% and 90% success against face recognition models. Additionally, we explore potential countermeasures that classifiers can use to thwart the proposed defenses. Particularly, we demonstrate one effective countermeasure against UEP.

show abstract

“…Seong et al introduce an adversarial game to learn the image obfuscation strategy, in which the user and recogniser (attacker) strive for antagonistic goals: dis-/enabling recognition [32]. Wu et al [41] propose an adversarial framework to learn the degradation transformation (e.g. anonymized video) of video inputs.…”

Section: Related Workmentioning

confidence: 99%

Privacy Adversarial Network

Shrivastava

Lin

2019

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

The remarkable success of machine learning has fostered a growing number of cloud-based intelligent services for mobile users. Such a service requires a user to send data, e.g. image, voice and video, to the provider, which presents a serious challenge to user privacy. To address this, prior works either obfuscate the data, e.g. add noise and remove identity information, or send representations extracted from the data, e.g. anonymized features. They struggle to balance between the service utility and data privacy because obfuscated data reduces utility and extracted representation may still reveal sensitive information.This work departs from prior works in methodology: we leverage adversarial learning to better balance between privacy and utility. We design a representation encoder that generates the feature representations to optimize against the privacy disclosure risk of sensitive information (a measure of privacy) by the privacy adversaries, and concurrently optimize with the task inference accuracy (a measure of utility) by the utility discriminator. The result is the privacy adversarial network (PAN), a novel deep model with the new training algorithm, that can automatically learn representations from the raw data. And the trained encoder can be deployed on the user side to generate representations that satisfy the task-defined utility requirements and the user-specified/agnostic privacy budgets.Intuitively, PAN adversarially forces the extracted representations to only convey information required by the target task. Surprisingly, this constitutes an implicit regularization that actually improves task accuracy. As a result, PAN achieves better utility and better privacy at the same time! We report extensive experiments on six popular datasets, and demonstrate the superiority of PAN compared with alternative methods reported in prior work. CCS Concepts: • Human-centered computing → Ubiquitous and mobile computing systems and tools; • Security and privacy → Usability in security and privacy. 144:2 • Liu et al.activity records, to the service provider, posing well-known privacy risks [1,2,9]. Our goal is to avoid disclosing raw data to service providers by creating a device-local intermediate component that encodes the raw data and only sends the encoded data to the service provider. And the encoded data must be both useful and private. For inference-based services, utility can be quantified by the inference accuracy, achieved by the service provider using a discriminative model. And Privacy can be quantified by the disclosure risk of private information.Existing solutions addressing the privacy concern struggle to balance between above two seemingly conflicting objectives: privacy vs. utility. An obvious and widely practiced solution is to transform the raw data into taskspecific features and upload features only, like Google Now [17] and Google Cloud [16]; This not only reduces the data utility but also is vulnerable to reverse models that reconstruct the raw data from extracted features [28]. The authors of...

show abstract

Towards Privacy-Preserving Visual Recognition via Adversarial Training: A Pilot Study

Cited by 132 publications

References 62 publications

Delving Into Robust Object Detection From Unmanned Aerial Vehicles: A Deep Nuisance Disentanglement Approach

Delving Into Robust Object Detection From Unmanned Aerial Vehicles: A Deep Nuisance Disentanglement Approach

On the (Im)Practicality of Adversarial Perturbation for Image Privacy

Privacy Adversarial Network

Contact Info

Product

Resources

About