An Attack on Feature Level-based Facial Soft-biometric Privacy
Enhancement
- URL: http://arxiv.org/abs/2111.12405v1
- Date: Wed, 24 Nov 2021 10:41:15 GMT
- Title: An Attack on Feature Level-based Facial Soft-biometric Privacy
Enhancement
- Authors: Dail\'e Osorio-Roig, Christian Rathgeb, Pawel Drozdowski, Philipp
Terh\"orst, Vitomir \v{S}truc, Christoph Busch
- Abstract summary: We introduce an attack on feature level-based facial soft-biometric privacy-enhancement techniques.
It is able to circumvent the privacy enhancement to a considerable degree and is able to correctly classify gender with an accuracy of up to approximately 90%.
- Score: 13.780253190395715
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In the recent past, different researchers have proposed novel
privacy-enhancing face recognition systems designed to conceal soft-biometric
information at feature level. These works have reported impressive results, but
usually do not consider specific attacks in their analysis of privacy
protection. In most cases, the privacy protection capabilities of these schemes
are tested through simple machine learning-based classifiers and visualisations
of dimensionality reduction tools. In this work, we introduce an attack on
feature level-based facial soft-biometric privacy-enhancement techniques. The
attack is based on two observations: (1) to achieve high recognition accuracy,
certain similarities between facial representations have to be retained in
their privacy-enhanced versions; (2) highly similar facial representations
usually originate from face images with similar soft-biometric attributes.
Based on these observations, the proposed attack compares a privacy-enhanced
face representation against a set of privacy-enhanced face representations with
known soft-biometric attributes. Subsequently, the best obtained similarity
scores are analysed to infer the unknown soft-biometric attributes of the
attacked privacy-enhanced face representation. That is, the attack only
requires a relatively small database of arbitrary face images and the
privacy-enhancing face recognition algorithm as a black-box. In the
experiments, the attack is applied to two representative approaches which have
previously been reported to reliably conceal the gender in privacy-enhanced
face representations. It is shown that the presented attack is able to
circumvent the privacy enhancement to a considerable degree and is able to
correctly classify gender with an accuracy of up to approximately 90% for both
of the analysed privacy-enhancing face recognition systems.
Related papers
- Face De-identification: State-of-the-art Methods and Comparative Studies [32.333766763819796]
Face de-identification is regarded as an effective means to protect the privacy of facial images.
We provide a review of state-of-the-art face de-identification methods, categorized into three levels: pixel-level, representation-level, and semantic-level techniques.
arXiv Detail & Related papers (2024-11-15T01:00:00Z) - Privacy-preserving Optics for Enhancing Protection in Face De-identification [60.110274007388135]
We propose a hardware-level face de-identification method to solve this vulnerability.
We also propose an anonymization framework that generates a new face using the privacy-preserving image, face heatmap, and a reference face image from a public dataset as input.
arXiv Detail & Related papers (2024-03-31T19:28:04Z) - Privacy-Preserving Face Recognition Using Trainable Feature Subtraction [40.47645421424354]
Face recognition has led to increasing privacy concerns.
This paper explores face image protection against viewing and recovery attacks.
We distill our methodologies into a novel privacy-preserving face recognition method, MinusFace.
arXiv Detail & Related papers (2024-03-19T05:27:52Z) - Privacy-Preserving Face Recognition in Hybrid Frequency-Color Domain [16.05230409730324]
Face image is a sensitive biometric attribute tied to the identity information of each user.
This paper proposes a hybrid frequency-color fusion approach to reduce the input dimensionality of face recognition.
It has around 2.6% to 4.2% higher accuracy than the state-of-the-art in the 1:N verification scenario.
arXiv Detail & Related papers (2024-01-24T11:27:32Z) - Exploring Decision-based Black-box Attacks on Face Forgery Detection [53.181920529225906]
Face forgery generation technologies generate vivid faces, which have raised public concerns about security and privacy.
Although face forgery detection has successfully distinguished fake faces, recent studies have demonstrated that face forgery detectors are very vulnerable to adversarial examples.
arXiv Detail & Related papers (2023-10-18T14:49:54Z) - Reversing Deep Face Embeddings with Probable Privacy Protection [6.492755549391469]
State-of-the-art face image reconstruction approach has been evaluated on protected face embeddings to break soft biometric privacy protection.
Results show that biometric privacy-enhanced face embeddings can be reconstructed with an accuracy of up to approximately 98%.
arXiv Detail & Related papers (2023-10-04T17:48:23Z) - Diff-Privacy: Diffusion-based Face Privacy Protection [58.1021066224765]
In this paper, we propose a novel face privacy protection method based on diffusion models, dubbed Diff-Privacy.
Specifically, we train our proposed multi-scale image inversion module (MSI) to obtain a set of SDM format conditional embeddings of the original image.
Based on the conditional embeddings, we design corresponding embedding scheduling strategies and construct different energy functions during the denoising process to achieve anonymization and visual identity information hiding.
arXiv Detail & Related papers (2023-09-11T09:26:07Z) - Privacy-Preserving Face Recognition Using Random Frequency Components [46.95003101593304]
Face recognition has sparked increasing privacy concerns.
We propose to conceal visual information by pruning human-perceivable low-frequency components.
We distill our findings into a novel privacy-preserving face recognition method, PartialFace.
arXiv Detail & Related papers (2023-08-21T04:31:02Z) - Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks.
TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
arXiv Detail & Related papers (2020-03-15T12:45:10Z) - Investigating the Impact of Inclusion in Face Recognition Training Data
on Individual Face Identification [93.5538147928669]
We audit ArcFace, a state-of-the-art, open source face recognition system, in a large-scale face identification experiment with more than one million distractor images.
We find a Rank-1 face identification accuracy of 79.71% for individuals present in the model's training data and an accuracy of 75.73% for those not present.
arXiv Detail & Related papers (2020-01-09T15:50:28Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.