Protecting Facial Privacy: Generating Adversarial Identity Masks via
Style-robust Makeup Transfer
- URL: http://arxiv.org/abs/2203.03121v1
- Date: Mon, 7 Mar 2022 03:56:17 GMT
- Title: Protecting Facial Privacy: Generating Adversarial Identity Masks via
Style-robust Makeup Transfer
- Authors: Shengshan Hu, Xiaogeng Liu, Yechao Zhang, Minghui Li, Leo Yu Zhang,
Hai Jin, Libing Wu
- Abstract summary: adversarial makeup transfer GAN (AMT-GAN) is a novel face protection method aiming at constructing adversarial face images.
In this paper, we introduce a new regularization module along with a joint training strategy to reconcile the conflicts between the adversarial noises and the cycle consistence loss in makeup transfer.
- Score: 24.25863892897547
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: While deep face recognition (FR) systems have shown amazing performance in
identification and verification, they also arouse privacy concerns for their
excessive surveillance on users, especially for public face images widely
spread on social networks. Recently, some studies adopt adversarial examples to
protect photos from being identified by unauthorized face recognition systems.
However, existing methods of generating adversarial face images suffer from
many limitations, such as awkward visual, white-box setting, weak
transferability, making them difficult to be applied to protect face privacy in
reality. In this paper, we propose adversarial makeup transfer GAN (AMT-GAN), a
novel face protection method aiming at constructing adversarial face images
that preserve stronger black-box transferability and better visual quality
simultaneously. AMT-GAN leverages generative adversarial networks (GAN) to
synthesize adversarial face images with makeup transferred from reference
images. In particular, we introduce a new regularization module along with a
joint training strategy to reconcile the conflicts between the adversarial
noises and the cycle consistence loss in makeup transfer, achieving a desirable
balance between the attack strength and visual changes. Extensive experiments
verify that compared with state of the arts, AMT-GAN can not only preserve a
comfortable visual quality, but also achieve a higher attack success rate over
commercial FR APIs, including Face++, Aliyun, and Microsoft.
Related papers
- ID-Guard: A Universal Framework for Combating Facial Manipulation via Breaking Identification [60.73617868629575]
misuse of deep learning-based facial manipulation poses a potential threat to civil rights.
To prevent this fraud at its source, proactive defense technology was proposed to disrupt the manipulation process.
We propose a novel universal framework for combating facial manipulation, called ID-Guard.
arXiv Detail & Related papers (2024-09-20T09:30:08Z) - Transferable Adversarial Facial Images for Privacy Protection [15.211743719312613]
We present a novel face privacy protection scheme with improved transferability while maintain high visual quality.
We first exploit global adversarial latent search to traverse the latent space of the generative model.
We then introduce a key landmark regularization module to preserve the visual identity information.
arXiv Detail & Related papers (2024-07-18T02:16:11Z) - DiffAM: Diffusion-based Adversarial Makeup Transfer for Facial Privacy Protection [60.73609509756533]
DiffAM is a novel approach to generate high-quality protected face images with adversarial makeup transferred from reference images.
Experiments demonstrate that DiffAM achieves higher visual quality and attack success rates with a gain of 12.98% under black-box setting.
arXiv Detail & Related papers (2024-05-16T08:05:36Z) - NeRFTAP: Enhancing Transferability of Adversarial Patches on Face
Recognition using Neural Radiance Fields [15.823538329365348]
We propose a novel adversarial attack method that considers both the transferability to the FR model and the victim's face image.
We generate new view face images for the source and target subjects to enhance transferability of adversarial patches.
Our work provides valuable insights for enhancing the robustness of FR systems in practical adversarial settings.
arXiv Detail & Related papers (2023-11-29T03:17:14Z) - Face Encryption via Frequency-Restricted Identity-Agnostic Attacks [25.198662208981467]
Malicious collectors use deep face recognition systems to easily steal biometric information.
We propose a frequency-restricted identity-agnostic (FRIA) framework to encrypt face images from unauthorized face recognition.
arXiv Detail & Related papers (2023-08-11T07:38:46Z) - Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems.
Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
arXiv Detail & Related papers (2023-05-22T23:50:43Z) - FaceMAE: Privacy-Preserving Face Recognition via Masked Autoencoders [81.21440457805932]
We propose a novel framework FaceMAE, where the face privacy and recognition performance are considered simultaneously.
randomly masked face images are used to train the reconstruction module in FaceMAE.
We also perform sufficient privacy-preserving face recognition on several public face datasets.
arXiv Detail & Related papers (2022-05-23T07:19:42Z) - Restricted Black-box Adversarial Attack Against DeepFake Face Swapping [70.82017781235535]
We introduce a practical adversarial attack that does not require any queries to the facial image forgery model.
Our method is built on a substitute model persuing for face reconstruction and then transfers adversarial examples from the substitute model directly to inaccessible black-box DeepFake models.
arXiv Detail & Related papers (2022-04-26T14:36:06Z) - Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks.
TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
arXiv Detail & Related papers (2020-03-15T12:45:10Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.