Human-imperceptible, Machine-recognizable Images
- URL: http://arxiv.org/abs/2306.03679v1
- Date: Tue, 6 Jun 2023 13:41:37 GMT
- Title: Human-imperceptible, Machine-recognizable Images
- Authors: Fusheng Hao, Fengxiang He, Yikai Wang, Fuxiang Wu, Jing Zhang, Jun
Cheng, Dacheng Tao
- Abstract summary: A major conflict is exposed relating to software engineers between better developing AI systems and distancing from the sensitive training data.
This paper proposes an efficient privacy-preserving learning paradigm, where images are encrypted to become human-imperceptible, machine-recognizable''
We show that the proposed paradigm can ensure the encrypted images have become human-imperceptible while preserving machine-recognizable information.
- Score: 76.01951148048603
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Massive human-related data is collected to train neural networks for computer
vision tasks. A major conflict is exposed relating to software engineers
between better developing AI systems and distancing from the sensitive training
data. To reconcile this conflict, this paper proposes an efficient
privacy-preserving learning paradigm, where images are first encrypted to
become ``human-imperceptible, machine-recognizable'' via one of the two
encryption strategies: (1) random shuffling to a set of equally-sized patches
and (2) mixing-up sub-patches of the images. Then, minimal adaptations are made
to vision transformer to enable it to learn on the encrypted images for vision
tasks, including image classification and object detection. Extensive
experiments on ImageNet and COCO show that the proposed paradigm achieves
comparable accuracy with the competitive methods. Decrypting the encrypted
images requires solving an NP-hard jigsaw puzzle or an ill-posed inverse
problem, which is empirically shown intractable to be recovered by various
attackers, including the powerful vision transformer-based attacker. We thus
show that the proposed paradigm can ensure the encrypted images have become
human-imperceptible while preserving machine-recognizable information. The code
is available at \url{https://github.com/FushengHao/PrivacyPreservingML.}
Related papers
- ID-Guard: A Universal Framework for Combating Facial Manipulation via Breaking Identification [60.73617868629575]
misuse of deep learning-based facial manipulation poses a potential threat to civil rights.
To prevent this fraud at its source, proactive defense technology was proposed to disrupt the manipulation process.
We propose a novel universal framework for combating facial manipulation, called ID-Guard.
arXiv Detail & Related papers (2024-09-20T09:30:08Z) - Attack GAN (AGAN ): A new Security Evaluation Tool for Perceptual Encryption [1.6385815610837167]
Training state-of-the-art (SOTA) deep learning models requires a large amount of data.
Perceptional encryption converts images into an unrecognizable format to protect the sensitive visual information in the training data.
This comes at the cost of a significant reduction in the accuracy of the models.
Adversarial Visual Information Hiding (AV IH) overcomes this drawback to protect image privacy by attempting to create encrypted images that are unrecognizable to the human eye.
arXiv Detail & Related papers (2024-07-09T06:03:32Z) - Recoverable Privacy-Preserving Image Classification through Noise-like
Adversarial Examples [26.026171363346975]
Cloud-based image related services such as classification have become crucial.
In this study, we propose a novel privacypreserving image classification scheme.
encrypted images can be decrypted back into their original form with high fidelity (recoverable) using a secret key.
arXiv Detail & Related papers (2023-10-19T13:01:58Z) - Generative Model-Based Attack on Learnable Image Encryption for
Privacy-Preserving Deep Learning [14.505867475659276]
We propose a novel generative model-based attack on learnable image encryption methods proposed for privacy-preserving deep learning.
We use two state-of-the-art generative models: a StyleGAN-based model and latent diffusion-based one.
Results show that images reconstructed by the proposed method have perceptual similarities to plain images.
arXiv Detail & Related papers (2023-03-09T05:00:17Z) - EViT: Privacy-Preserving Image Retrieval via Encrypted Vision
Transformer in Cloud Computing [9.41257807502252]
We propose a novel paradigm named Encrypted Vision Transformer (EViT), which advances the discriminative representations capability of cipher-images.
EViT achieves both excellent encryption and retrieval performance, outperforming current schemes in terms of retrieval accuracy by large margins while protecting image privacy effectively.
arXiv Detail & Related papers (2022-08-31T07:07:21Z) - Masked Autoencoders Are Scalable Vision Learners [60.97703494764904]
Masked autoencoders (MAE) are scalable self-supervised learners for computer vision.
Our MAE approach is simple: we mask random patches of the input image and reconstruct the missing pixels.
Coupling these two designs enables us to train large models efficiently and effectively.
arXiv Detail & Related papers (2021-11-11T18:46:40Z) - Controlled Caption Generation for Images Through Adversarial Attacks [85.66266989600572]
We study adversarial examples for vision and language models, which typically adopt a Convolutional Neural Network (i.e., CNN) for image feature extraction and a Recurrent Neural Network (RNN) for caption generation.
In particular, we investigate attacks on the visual encoder's hidden layer that is fed to the subsequent recurrent network.
We propose a GAN-based algorithm for crafting adversarial examples for neural image captioning that mimics the internal representation of the CNN.
arXiv Detail & Related papers (2021-07-07T07:22:41Z) - Adversarial Attacks on Binary Image Recognition Systems [78.78811131936622]
We study adversarial attacks on models for binary (i.e. black and white) image classification.
In contrast to colored and grayscale images, the search space of attacks on binary images is extremely restricted.
We introduce a new attack algorithm called SCAR, designed to fool classifiers of binary images.
arXiv Detail & Related papers (2020-10-22T14:57:42Z) - Key-Nets: Optical Transformation Convolutional Networks for Privacy
Preserving Vision Sensors [3.3517146652431378]
Key-nets are convolutional networks paired with a custom vision sensor.
We show that a key-net is equivalent to homomorphic encryption using a Hill cipher.
arXiv Detail & Related papers (2020-08-11T01:21:29Z) - Scene Text Synthesis for Efficient and Effective Deep Network Training [62.631176120557136]
We develop an innovative image synthesis technique that composes annotated training images by embedding foreground objects of interest into background images.
The proposed technique consists of two key components that in principle boost the usefulness of the synthesized images in deep network training.
Experiments over a number of public datasets demonstrate the effectiveness of our proposed image synthesis technique.
arXiv Detail & Related papers (2019-01-26T10:15:24Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.