DPImageBench: A Unified Benchmark for Differentially Private Image Synthesis
- URL: http://arxiv.org/abs/2503.14681v2
- Date: Thu, 10 Apr 2025 18:52:27 GMT
- Title: DPImageBench: A Unified Benchmark for Differentially Private Image Synthesis
- Authors: Chen Gong, Kecen Li, Zinan Lin, Tianhao Wang,
- Abstract summary: Differentially private (DP) image synthesis aims to generate artificial images that retain the properties of sensitive images while protecting the privacy of individual images within the dataset.<n>Despite recent advancements, inconsistent--and sometimes flawed--evaluation protocols have been applied across studies.<n>This paper introduces DPImageBench for DP image synthesis, with thoughtful design across several dimensions.
- Score: 13.888119355726909
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Differentially private (DP) image synthesis aims to generate artificial images that retain the properties of sensitive images while protecting the privacy of individual images within the dataset. Despite recent advancements, we find that inconsistent--and sometimes flawed--evaluation protocols have been applied across studies. This not only impedes the understanding of current methods but also hinders future advancements. To address the issue, this paper introduces DPImageBench for DP image synthesis, with thoughtful design across several dimensions: (1) Methods. We study eleven prominent methods and systematically characterize each based on model architecture, pretraining strategy, and privacy mechanism. (2) Evaluation. We include nine datasets and seven fidelity and utility metrics to thoroughly assess them. Notably, we find that a common practice of selecting downstream classifiers based on the highest accuracy on the sensitive test set not only violates DP but also overestimates the utility scores. DPImageBench corrects for these mistakes. (3) Platform. Despite the methods and evaluation protocols, DPImageBench provides a standardized interface that accommodates current and future implementations within a unified framework. With DPImageBench, we have several noteworthy findings. For example, contrary to the common wisdom that pretraining on public image datasets is usually beneficial, we find that the distributional similarity between pretraining and sensitive images significantly impacts the performance of the synthetic images and does not always yield improvements. In addition, adding noise to low-dimensional features, such as the high-level characteristics of sensitive images, is less affected by the privacy budget compared to adding noise to high-dimensional features, like weight gradients. The former methods perform better than the latter under a low privacy budget.
Related papers
- From Easy to Hard: Building a Shortcut for Differentially Private Image Synthesis [14.93795597224185]
Differentially private (DP) image synthesis aims to generate synthetic images from a sensitive dataset.
We propose a two-stage DP image synthesis framework, where diffusion models learn to generate synthetic images from easy to hard.
We conduct experiments to present that on the average of four investigated image datasets, the fidelity and utility metrics of our synthetic images are 33.1% and 2.1% better than the state-of-the-art method.
arXiv Detail & Related papers (2025-04-02T06:30:55Z) - CO-SPY: Combining Semantic and Pixel Features to Detect Synthetic Images by AI [58.35348718345307]
Current efforts to distinguish between real and AI-generated images may lack generalization.
We propose a novel framework, Co-Spy, that first enhances existing semantic features.
We also create Co-Spy-Bench, a comprehensive dataset comprising 5 real image datasets and 22 state-of-the-art generative models.
arXiv Detail & Related papers (2025-03-24T01:59:29Z) - Noise-Tolerant Hybrid Prototypical Learning with Noisy Web Data [72.32706907910477]
We focus on the challenging problem of learning an unbiased classifier from a large number of potentially relevant but noisily labeled web images.
In the few clean and many noisy scenarios, the class prototype can be severely biased due to the presence of irrelevant noisy images.
Our approach considers the diversity of noisy images by explicit division and overcomes the optimization discrepancy issue.
arXiv Detail & Related papers (2025-01-05T08:21:43Z) - Differentially Private Random Feature Model [52.468511541184895]
We produce a differentially private random feature model for privacy-preserving kernel machines.<n>We show that our method preserves privacy and derive a generalization error bound for the method.
arXiv Detail & Related papers (2024-12-06T05:31:08Z) - Beyond MOS: Subjective Image Quality Score Preprocessing Method Based on Perceptual Similarity [2.290956583394892]
ITU-R BT.500, ITU-T P.910, and ITU-T P.913 have been standardized to clean up the original opinion scores.
PSP exploit the perceptual similarity between images to alleviate subjective bias in less annotated scenarios.
arXiv Detail & Related papers (2024-04-30T16:01:14Z) - Improving Adversarial Robustness of Masked Autoencoders via Test-time
Frequency-domain Prompting [133.55037976429088]
We investigate the adversarial robustness of vision transformers equipped with BERT pretraining (e.g., BEiT, MAE)
A surprising observation is that MAE has significantly worse adversarial robustness than other BERT pretraining methods.
We propose a simple yet effective way to boost the adversarial robustness of MAE.
arXiv Detail & Related papers (2023-08-20T16:27:17Z) - Masked Images Are Counterfactual Samples for Robust Fine-tuning [77.82348472169335]
Fine-tuning deep learning models can lead to a trade-off between in-distribution (ID) performance and out-of-distribution (OOD) robustness.
We propose a novel fine-tuning method, which uses masked images as counterfactual samples that help improve the robustness of the fine-tuning model.
arXiv Detail & Related papers (2023-03-06T11:51:28Z) - Cap2Aug: Caption guided Image to Image data Augmentation [41.53127698828463]
Cap2Aug is an image-to-image diffusion model-based data augmentation strategy using image captions as text prompts.
We generate captions from the limited training images and using these captions edit the training images using an image-to-image stable diffusion model.
This strategy generates augmented versions of images similar to the training images yet provides semantic diversity across the samples.
arXiv Detail & Related papers (2022-12-11T04:37:43Z) - ConfounderGAN: Protecting Image Data Privacy with Causal Confounder [85.6757153033139]
We propose ConfounderGAN, a generative adversarial network (GAN) that can make personal image data unlearnable to protect the data privacy of its owners.
Experiments are conducted in six image classification datasets, consisting of three natural object datasets and three medical datasets.
arXiv Detail & Related papers (2022-12-04T08:49:14Z) - Content-Aware Differential Privacy with Conditional Invertible Neural
Networks [0.7102341019971402]
Invertible Neural Networks (INNs) have shown excellent generative performance while still providing the ability to quantify the exact likelihood.
We hypothesize that adding noise to the latent space of an INN can enable differentially private image modification.
We conduct experiments on publicly available benchmarking datasets as well as dedicated medical ones.
arXiv Detail & Related papers (2022-07-29T11:52:16Z) - Mix-up Self-Supervised Learning for Contrast-agnostic Applications [33.807005669824136]
We present the first mix-up self-supervised learning framework for contrast-agnostic applications.
We address the low variance across images based on cross-domain mix-up and build the pretext task based on image reconstruction and transparency prediction.
arXiv Detail & Related papers (2022-04-02T16:58:36Z) - DP-Image: Differential Privacy for Image Data in Feature Space [23.593790091283225]
We introduce a novel notion of image-aware differential privacy, referred to as DP-image, that can protect user's personal information in images.
Our results show that the proposed DP-Image method provides excellent DP protection on images, with a controllable distortion to faces.
arXiv Detail & Related papers (2021-03-12T04:02:23Z) - The Power of Triply Complementary Priors for Image Compressive Sensing [89.14144796591685]
We propose a joint low-rank deep (LRD) image model, which contains a pair of complementaryly trip priors.
We then propose a novel hybrid plug-and-play framework based on the LRD model for image CS.
To make the optimization tractable, a simple yet effective algorithm is proposed to solve the proposed H-based image CS problem.
arXiv Detail & Related papers (2020-05-16T08:17:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.