Face Encryption via Frequency-Restricted Identity-Agnostic Attacks

• URL: http://arxiv.org/abs/2308.05983v3
• Date: Fri, 25 Aug 2023 03:20:12 GMT
• Title: Face Encryption via Frequency-Restricted Identity-Agnostic Attacks
• Authors: Xin Dong, Rui Wang, Siyuan Liang, Aishan Liu, Lihua Jing
• Abstract summary: Malicious collectors use deep face recognition systems to easily steal biometric information. We propose a frequency-restricted identity-agnostic (FRIA) framework to encrypt face images from unauthorized face recognition.
• Score: 25.198662208981467
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Billions of people are sharing their daily live images on social media everyday. However, malicious collectors use deep face recognition systems to easily steal their biometric information (e.g., faces) from these images. Some studies are being conducted to generate encrypted face photos using adversarial attacks by introducing imperceptible perturbations to reduce face information leakage. However, existing studies need stronger black-box scenario feasibility and more natural visual appearances, which challenge the feasibility of privacy protection. To address these problems, we propose a frequency-restricted identity-agnostic (FRIA) framework to encrypt face images from unauthorized face recognition without access to personal information. As for the weak black-box scenario feasibility, we obverse that representations of the average feature in multiple face recognition models are similar, thus we propose to utilize the average feature via the crawled dataset from the Internet as the target to guide the generation, which is also agnostic to identities of unknown face recognition systems; in nature, the low-frequency perturbations are more visually perceptible by the human vision system. Inspired by this, we restrict the perturbation in the low-frequency facial regions by discrete cosine transform to achieve the visual naturalness guarantee. Extensive experiments on several face recognition models demonstrate that our FRIA outperforms other state-of-the-art methods in generating more natural encrypted faces while attaining high black-box attack success rates of 96%. In addition, we validate the efficacy of FRIA using real-world black-box commercial API, which reveals the potential of FRIA in practice. Our codes can be found in https://github.com/XinDong10/FRIA.

Related papers

• A Machine Learning-Based Secure Face Verification Scheme and Its Applications to Digital Surveillance [0.9208007322096533]
  Most real-world recognition systems ignore the importance of protecting the identity-sensitive facial images that are used for verification. We use the DeepID2 convolutional neural network to extract the features of a facial image and an EM algorithm to solve the facial verification problem. We develop three face verification systems for surveillance (or entrance) control of a local community based on three levels of privacy concerns.
  arXiv  Detail & Related papers  (2024-10-29T12:25:00Z)
• Transferable Adversarial Facial Images for Privacy Protection [15.211743719312613]
  We present a novel face privacy protection scheme with improved transferability while maintain high visual quality. We first exploit global adversarial latent search to traverse the latent space of the generative model. We then introduce a key landmark regularization module to preserve the visual identity information.
  arXiv  Detail & Related papers  (2024-07-18T02:16:11Z)
• Privacy-preserving Optics for Enhancing Protection in Face De-identification [60.110274007388135]
  We propose a hardware-level face de-identification method to solve this vulnerability. We also propose an anonymization framework that generates a new face using the privacy-preserving image, face heatmap, and a reference face image from a public dataset as input.
  arXiv  Detail & Related papers  (2024-03-31T19:28:04Z)
• Privacy-Preserving Face Recognition Using Trainable Feature Subtraction [40.47645421424354]
  Face recognition has led to increasing privacy concerns. This paper explores face image protection against viewing and recovery attacks. We distill our methodologies into a novel privacy-preserving face recognition method, MinusFace.
  arXiv  Detail & Related papers  (2024-03-19T05:27:52Z)
• Privacy-Preserving Face Recognition in Hybrid Frequency-Color Domain [16.05230409730324]
  Face image is a sensitive biometric attribute tied to the identity information of each user. This paper proposes a hybrid frequency-color fusion approach to reduce the input dimensionality of face recognition. It has around 2.6% to 4.2% higher accuracy than the state-of-the-art in the 1:N verification scenario.
  arXiv  Detail & Related papers  (2024-01-24T11:27:32Z)
• Exploring Decision-based Black-box Attacks on Face Forgery Detection [53.181920529225906]
  Face forgery generation technologies generate vivid faces, which have raised public concerns about security and privacy. Although face forgery detection has successfully distinguished fake faces, recent studies have demonstrated that face forgery detectors are very vulnerable to adversarial examples.
  arXiv  Detail & Related papers  (2023-10-18T14:49:54Z)
• Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
  We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems. Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
  arXiv  Detail & Related papers  (2023-05-22T23:50:43Z)
• OPOM: Customized Invisible Cloak towards Face Privacy Protection [58.07786010689529]
  We investigate the face privacy protection from a technology standpoint based on a new type of customized cloak. We propose a new method, named one person one mask (OPOM), to generate person-specific (class-wise) universal masks. The effectiveness of the proposed method is evaluated on both common and celebrity datasets.
  arXiv  Detail & Related papers  (2022-05-24T11:29:37Z)
• FaceMAE: Privacy-Preserving Face Recognition via Masked Autoencoders [81.21440457805932]
  We propose a novel framework FaceMAE, where the face privacy and recognition performance are considered simultaneously. randomly masked face images are used to train the reconstruction module in FaceMAE. We also perform sufficient privacy-preserving face recognition on several public face datasets.
  arXiv  Detail & Related papers  (2022-05-23T07:19:42Z)
• Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
  We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks. TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
  arXiv  Detail & Related papers  (2020-03-15T12:45:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.