Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (5): 384-391.doi: 10.11896/jsjkx.241100066

• Information Security • Previous Articles    

Reversible Facial Privacy Protection Method Based on “Invisible Masks”

ZHENG Xu1, HUANG Xiangjie1, YANG Yang1,2   

  1. 1 School of Electronics and Information Engineering,Anhui University,Hefei 230601,China
    2 Institute of Artificial Intelligence,Hefei Comprehensive National Science Center,Hefei 230026,China
  • Received:2024-11-11 Revised:2024-12-28 Online:2025-05-15 Published:2025-05-12
  • About author:ZHENG Xu,born in 2000,postgraduate.His main research interest is information hiding.
    YANG Yang,born in 1980,professor,is a member of CCF(No.H3489M).Her main research interests include information hiding,quantum artificial intelligenceand image quality assessment.
  • Supported by:
    National Natural Science Foundation of China(62272003) and Natural Science Foundation of Anhui Provincial Colleges and Universities(KJ2021A0016).

PDF (PC)

53

Abstract: With the rapid progress of artificial intelligence and computer vision technology,facial information has been widely used in smart security,financial payment,and social media,etc.Once the collected facial information is leaked or illegally sold by unscrupulous individuals,it will cause adverse consequences.Therefore,how to prevent the original facial database from being illegally accessed and trained by malicious parties,and how to prevent illegal recognition,is an urgent issue that needs to be solved.Therefore,a reversible facial privacy protection method based on “invisible mask” is proposed.If the adversarial facial image is illegally accessed,it will cause the unauthorized facial recognition system to incorrectly recognize,and for authorized users,the original facial information can be recovered by removing the “invisible mask”,ensuring that the authorized facial recognition system can correctly recognize,thus achieving the purpose of protecting the facial database.Experimental results show that the method generates adversarial facial images with higher visual quality,the average PSNR between the adversarial facial image and the original facial image without attack layer can reach 55 dB,and the false recognition rate of the unauthorized system can reach 99.6%.At the same time,the method realizes reversible recovery of facial images,the average PSNR of the recovered facial image is 61 dB,and the correct recognition rate of the authorized system can reach 99.8%.Therefore,the proposed method can effectively protect the facial database.

Key words: Deep learning, Invisible masks, Adversarial examples, Facial dataset protection, Visual transformation, Reversible facial privacy protection

CLC Number: 

  • TP311
[1]BORENSTEIN J,AYANNA H.Emerging challenges in AI and the need for AI ethics education[J].AI and Ethics,2021,1(1):61-65.
[2]MRIT M,NARAYANAN P.The de-identification camera[C]//Proceedings of the 2011 Third National Conference on Computer Vision and PatternRecognition.2011:192-195.
[3]ZHANG Y,LU Y,NAGAHARA H,et al.Anonymous camera for privacy protection[C]//Proceedings of the 22nd InternationalConference on Pattern Recognition.2014:4170-4175.
[4]LETOURNEL G,BUGEAU A,DOMENGER J P.Face de-identification with expressions preservation[C]//ProcEedings of the Internationak Conference on Image Processing.2015:4366-4370.
[5]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2015.
[6]YIN B,WANG W,YAO T,et al.Adv-Makeup:A New Imperceptible and Transferable Attack on Face Recognition[C]//International Joint Conference on Artificial Intelligence.2021:1252-1258.
[7]JIA X J,WEI X X,CAO X C,et al.Comdefend:An efficient image compressionmodel to defend adversarial examples[C]//Proceedingsof the IEEE/CVF Conference on Computer Vision andPattern Recognition.2019:6084-6092.
[8]ZHANG X P.Reversible data hiding with optimalvalue transfer[J].IEEE Transactions on Multimedia,2012,15(2):316-325.
[9]LIU J Y,HOU D D,ZHANG W M,et al.Reversible adversarial examples[J].arXiv:1811.00189,2018.
[10]CHEN K J,CHEN K J,ZENG X H,et al.Invertible image dataset protection[J].arXiv:2021,14420,2021.
[11]KE X,WU H Q,GUO W Z.StegFormer:Rebuilding the Glory of Autoencoder-Based Steganography[C]//Proceedings of theAAAI Conference on Artificial Intelligence.Vancouver,Canada,2024:2723-2731.
[12]ZHU J,RUSSELL K,JUSTIN J,et al.Hidden:Hiding datawith deep networks[C]//European Conference on Computer Vision.Munich,Germany,2018:657-672.
[13]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.In-triguing properties of neural networks[J].arXiv:1312.6199,2013.
[14]CARLININ,WAGNER D.Towards evaluating the robustnessof neural networks[J].IEEE Symposium on Security and Privacy.San Francisco.USA,2017:39-57.
[15]XIAO C,LI B,ZHU J,et al.Generating adversarial exampleswith adversarial networks[J].arXiv:1801.02610,2018.
[16]CHINOMI K,NITTA N,ITO Y.PriSurv:Privacy protected video surveillance system using adaptive visual abstraction[C]//Proceedings of the 14th International Conference on Advances in Multimedia Modeling.Berlin:Springer,2008:144-154.
[17]YOU Z,LI S,QIAN Z,et al.Reversible privacy-preserving recognition[C]//2021 IEEE International Conference on Multimedia and Expo(ICME).IEEE,2021:1-6.
[18]YANG Y,HUANG Y,SHI M,et al.Invertible Mask Network for Face Privacy Preservation[J].Information Sciences,2023,629:566-579.
[19]DEBAYAND,ZHANG J B,JAIN A.Advfaces:adversarial face synthesis[J]arXiv:1908.05008,2019.
[20]LIN Y,CAO Y,HU H.Swin transformer:Hierarchical vision transformer using shifted windows[C]//Proceedings ofthe IEEE/CVFInternational Conference on ComputerVision.Montreal,Canada,2021:10012-10022.
[21]CHU X,TIAN Z,ZHANG B,et al.Conditional positional encodings for vision transformers[J].arXiv:2102.10882,2021.
[22]SCHROFF F,KALENICHENKO D,PHILBIN J.Facenet:A- unified embedding for face recognition and clustering.[C]//2015 IEEE Conference on Computer Vision and Pattern Recognition.Santa Barbara,USA,2015:815-823.
[23]CHARBONNIE R,BLANC-FERAUD L,AUBERT G,et al.Two deterministic half-quadratic regularization algorithms for computed imaging[C]//Proceedings of 1st International Conference on Image Processing.1994:168-172.
[24]YI D,YANG M,WU Y M.CASIA-WebFace:A Web Face Database for Face Recognition[C]//IEEE Conference on ComputerVision and Pattern Recognition(CVPR).Columbus,USA,2014.
[25]HUANG G B,RAMESH M,LEARNED E.Labeled Faces inthe Wild:A Survey of Face Recognition in Unconstrained Environments[J].IEEE Transactions on Pattern Analysis and Machine Intelligence(PAMI),2008,12(30):2127-2140.
[26]WANG Z,BOVIK A,SHEIKH H R.Image quality asses-sment:From error visibility to structural similarity[J].IEEE Transactions on Image Processing.2004,13(4):600-612.
[1] MIAO Zhuang, CUI Haoran, ZHANG Qiyang, WANG Jiabao, LI Yang. Restoration of Atmospheric Turbulence-degraded Images Based on Contrastive Learning [J]. Computer Science, 2025, 52(5): 171-178.
[2] GAO Wei, WANG Lei, LI Jianan, LI Shuailong, HAN Lin. Operator Fusion Optimization for Deep Learning Compiler TVM [J]. Computer Science, 2025, 52(5): 58-66.
[3] SUN Tanghui, ZHAO Gang, GUO Meiqian. Long-tail Distributed Medical Image Classification Based on Large Selective Nuclear Bilateral-branch Networks [J]. Computer Science, 2025, 52(4): 231-239.
[4] MENG Sijiang, WANG Hongxia, ZENG Qiang, ZHOU Yang. Multi-view and Multi-scale Fusion Attention Network for Document Image Forgery Localization [J]. Computer Science, 2025, 52(4): 327-335.
[5] LI Xiaolan, MA Yong. Study on Lightweight Flame Detection Algorithm with Progressive Adaptive Feature Fusion [J]. Computer Science, 2025, 52(4): 64-73.
[6] DENG Ceyu, LI Duantengchuan, HU Yiren, WANG Xiaoguang, LI Zhifei. Joint Inter-word and Inter-sentence Multi-relationship Modeling for Review-basedRecommendation Algorithm [J]. Computer Science, 2025, 52(4): 119-128.
[7] PENG Linna, ZHANG Hongyun, MIAO Duoqian. Complex Organ Segmentation Based on Edge Constraints and Enhanced Swin Unetr [J]. Computer Science, 2025, 52(4): 177-184.
[8] KONG Jialin, ZHANG Qi, WEI Jianze, LI Qi. Adaptive Contextual Learning Method Based on Iris Texture Perception [J]. Computer Science, 2025, 52(4): 185-193.
[9] ZHOU Yi, MAO Kuanmin. Research on Individual Identification of Cattle Based on YOLO-Unet Combined Network [J]. Computer Science, 2025, 52(4): 194-201.
[10] ZHONG Yue, GU Jieming. 3D Reconstruction of Single-view Sketches Based on Attention Mechanism and Contrastive Loss [J]. Computer Science, 2025, 52(3): 77-85.
[11] WANG Yuan, HUO Peng, HAN Yi, CHEN Tun, WANG Xiang, WEN Hui. Survey on Deep Learning-based Meteorological Forecasting Models [J]. Computer Science, 2025, 52(3): 112-126.
[12] SHEN Yaxin, GAO Lijian , MAO Qirong. Semi-supervised Sound Event Detection Based on Meta Learning [J]. Computer Science, 2025, 52(3): 222-230.
[13] HAN Lin, WANG Yifan, LI Jianan, GAO Wei. Automatic Scheduling Search Optimization Method Based on TVM [J]. Computer Science, 2025, 52(3): 268-276.
[14] WANG Tao, BAI Xuefei, WANG Wenjian. Selective Feature Fusion for 3D CT Image Segmentation of Renal Cancer Based on Edge Enhancement [J]. Computer Science, 2025, 52(3): 41-49.
[15] WANG Jie, WANG Chuangye, XIE Jiucheng, GAO Hao. Animatable Head Avatar Reconstruction Algorithm Based on Region Encoding [J]. Computer Science, 2025, 52(3): 50-57.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.