Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (5): 384-391.doi: 10.11896/jsjkx.241100066

• Information Security • Previous Articles    

Reversible Facial Privacy Protection Method Based on “Invisible Masks”

ZHENG Xu1, HUANG Xiangjie1, YANG Yang1,2   

  1. 1 School of Electronics and Information Engineering,Anhui University,Hefei 230601,China
    2 Institute of Artificial Intelligence,Hefei Comprehensive National Science Center,Hefei 230026,China
  • Received:2024-11-11 Revised:2024-12-28 Online:2025-05-15 Published:2025-05-12
  • About author:ZHENG Xu,born in 2000,postgraduate.His main research interest is information hiding.
    YANG Yang,born in 1980,professor,is a member of CCF(No.H3489M).Her main research interests include information hiding,quantum artificial intelligenceand image quality assessment.
  • Supported by:
    National Natural Science Foundation of China(62272003) and Natural Science Foundation of Anhui Provincial Colleges and Universities(KJ2021A0016).

PDF (PC)

299

Abstract: With the rapid progress of artificial intelligence and computer vision technology,facial information has been widely used in smart security,financial payment,and social media,etc.Once the collected facial information is leaked or illegally sold by unscrupulous individuals,it will cause adverse consequences.Therefore,how to prevent the original facial database from being illegally accessed and trained by malicious parties,and how to prevent illegal recognition,is an urgent issue that needs to be solved.Therefore,a reversible facial privacy protection method based on “invisible mask” is proposed.If the adversarial facial image is illegally accessed,it will cause the unauthorized facial recognition system to incorrectly recognize,and for authorized users,the original facial information can be recovered by removing the “invisible mask”,ensuring that the authorized facial recognition system can correctly recognize,thus achieving the purpose of protecting the facial database.Experimental results show that the method generates adversarial facial images with higher visual quality,the average PSNR between the adversarial facial image and the original facial image without attack layer can reach 55 dB,and the false recognition rate of the unauthorized system can reach 99.6%.At the same time,the method realizes reversible recovery of facial images,the average PSNR of the recovered facial image is 61 dB,and the correct recognition rate of the authorized system can reach 99.8%.Therefore,the proposed method can effectively protect the facial database.

Key words: Deep learning, Invisible masks, Adversarial examples, Facial dataset protection, Visual transformation, Reversible facial privacy protection

CLC Number: 

  • TP311
[1]BORENSTEIN J,AYANNA H.Emerging challenges in AI and the need for AI ethics education[J].AI and Ethics,2021,1(1):61-65.
[2]MRIT M,NARAYANAN P.The de-identification camera[C]//Proceedings of the 2011 Third National Conference on Computer Vision and PatternRecognition.2011:192-195.
[3]ZHANG Y,LU Y,NAGAHARA H,et al.Anonymous camera for privacy protection[C]//Proceedings of the 22nd InternationalConference on Pattern Recognition.2014:4170-4175.
[4]LETOURNEL G,BUGEAU A,DOMENGER J P.Face de-identification with expressions preservation[C]//ProcEedings of the Internationak Conference on Image Processing.2015:4366-4370.
[5]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2015.
[6]YIN B,WANG W,YAO T,et al.Adv-Makeup:A New Imperceptible and Transferable Attack on Face Recognition[C]//International Joint Conference on Artificial Intelligence.2021:1252-1258.
[7]JIA X J,WEI X X,CAO X C,et al.Comdefend:An efficient image compressionmodel to defend adversarial examples[C]//Proceedingsof the IEEE/CVF Conference on Computer Vision andPattern Recognition.2019:6084-6092.
[8]ZHANG X P.Reversible data hiding with optimalvalue transfer[J].IEEE Transactions on Multimedia,2012,15(2):316-325.
[9]LIU J Y,HOU D D,ZHANG W M,et al.Reversible adversarial examples[J].arXiv:1811.00189,2018.
[10]CHEN K J,CHEN K J,ZENG X H,et al.Invertible image dataset protection[J].arXiv:2021,14420,2021.
[11]KE X,WU H Q,GUO W Z.StegFormer:Rebuilding the Glory of Autoencoder-Based Steganography[C]//Proceedings of theAAAI Conference on Artificial Intelligence.Vancouver,Canada,2024:2723-2731.
[12]ZHU J,RUSSELL K,JUSTIN J,et al.Hidden:Hiding datawith deep networks[C]//European Conference on Computer Vision.Munich,Germany,2018:657-672.
[13]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.In-triguing properties of neural networks[J].arXiv:1312.6199,2013.
[14]CARLININ,WAGNER D.Towards evaluating the robustnessof neural networks[J].IEEE Symposium on Security and Privacy.San Francisco.USA,2017:39-57.
[15]XIAO C,LI B,ZHU J,et al.Generating adversarial exampleswith adversarial networks[J].arXiv:1801.02610,2018.
[16]CHINOMI K,NITTA N,ITO Y.PriSurv:Privacy protected video surveillance system using adaptive visual abstraction[C]//Proceedings of the 14th International Conference on Advances in Multimedia Modeling.Berlin:Springer,2008:144-154.
[17]YOU Z,LI S,QIAN Z,et al.Reversible privacy-preserving recognition[C]//2021 IEEE International Conference on Multimedia and Expo(ICME).IEEE,2021:1-6.
[18]YANG Y,HUANG Y,SHI M,et al.Invertible Mask Network for Face Privacy Preservation[J].Information Sciences,2023,629:566-579.
[19]DEBAYAND,ZHANG J B,JAIN A.Advfaces:adversarial face synthesis[J]arXiv:1908.05008,2019.
[20]LIN Y,CAO Y,HU H.Swin transformer:Hierarchical vision transformer using shifted windows[C]//Proceedings ofthe IEEE/CVFInternational Conference on ComputerVision.Montreal,Canada,2021:10012-10022.
[21]CHU X,TIAN Z,ZHANG B,et al.Conditional positional encodings for vision transformers[J].arXiv:2102.10882,2021.
[22]SCHROFF F,KALENICHENKO D,PHILBIN J.Facenet:A- unified embedding for face recognition and clustering.[C]//2015 IEEE Conference on Computer Vision and Pattern Recognition.Santa Barbara,USA,2015:815-823.
[23]CHARBONNIE R,BLANC-FERAUD L,AUBERT G,et al.Two deterministic half-quadratic regularization algorithms for computed imaging[C]//Proceedings of 1st International Conference on Image Processing.1994:168-172.
[24]YI D,YANG M,WU Y M.CASIA-WebFace:A Web Face Database for Face Recognition[C]//IEEE Conference on ComputerVision and Pattern Recognition(CVPR).Columbus,USA,2014.
[25]HUANG G B,RAMESH M,LEARNED E.Labeled Faces inthe Wild:A Survey of Face Recognition in Unconstrained Environments[J].IEEE Transactions on Pattern Analysis and Machine Intelligence(PAMI),2008,12(30):2127-2140.
[26]WANG Z,BOVIK A,SHEIKH H R.Image quality asses-sment:From error visibility to structural similarity[J].IEEE Transactions on Image Processing.2004,13(4):600-612.
[1] ZHENG Cheng, BAN Qingqing. Knowledge-assisted and Reinforced Syntax-driven for Aspect-based Sentiment Analysis [J]. Computer Science, 2026, 53(4): 406-414.
[2] YIN Chuang, LIU Jianyi, ZHANG Ru. Cross-modal Fusion Few-sample Ransomware Classifier:Multimodal Encoding Based on Pre-trained Models [J]. Computer Science, 2026, 53(4): 435-444.
[3] GAO Tai, REN Yanzhang, WANG Huiqing, LI Ying, WANG Bin. KGMamba:Gene Regulatory Network Prediction Model Based on Kolmogorov-Arnold Network Optimizing Graph Convolutional Network and Mamba [J]. Computer Science, 2026, 53(4): 101-111.
[4] ZHANG Xueqin, WANG Zhineng, LI Jinsheng, LU Yisong, LUO Fei. Key Node Identification in Temporal Social Networks Based on Deep Learning and Multi-feature Fusion [J]. Computer Science, 2026, 53(4): 143-154.
[5] GU Bokai, LIU Dun, SUN Yang. STWD-DLFRD:Multi-granularity Fake Review Detection via Sequential Three-way Decisions and Deep Learning [J]. Computer Science, 2026, 53(4): 188-196.
[6] FU Yukai, LI Qingzhen, DONG Zhixue, SHI Dongli, ZHAO Peng. Pedestrian Re-identification Methods Based on Limited Target Data and Deep Learning [J]. Computer Science, 2026, 53(3): 287-294.
[7] YU Ding, LI Zhangwei. Prediction Method of RNA Secondary Structure Based on Transformer Architecture [J]. Computer Science, 2026, 53(3): 375-382.
[8] DU Jiantong, GUAN Zeli, XUE Zhe. Multi-task Learning-based Ophthalmic Video Feature Fusion and Multi-dimensional Profiling [J]. Computer Science, 2026, 53(3): 383-391.
[9] SU Ruitao, REN Jiongjiong, CHEN Shaozhen. Deep Learning-based Neural Differential Distinguishers for GIFT-128 and ASCON [J]. Computer Science, 2026, 53(3): 453-458.
[10] LI Zequn, DING Fei. Fatigue Driving Detection Based on Dual-branch Fusion and Segmented Domain AdaptationTransfer Learning [J]. Computer Science, 2026, 53(3): 78-87.
[11] XI Penghui, WU Xiazhen, JIANG Wencong, FANG Liangda, HE Chaobo, GUAN Quanlong. Review of Personalized Educational Resource Recommendations [J]. Computer Science, 2026, 53(2): 1-15.
[12] HUANG Jing, WANG Teng, LIU Jian, HU Kai, PENG Xin, HUANG Yamin, WEN Yuanqiao. Multimodal Visual Detection for Underwater Sonar Target Images [J]. Computer Science, 2026, 53(2): 227-235.
[13] LIU Chenhong, LI Fenglian, YANG Jia, WANG Suzhe, CHEN Guijun. Boundary-focused Multi-scale Feature Fusion Network for Stroke Lesion Segmentation [J]. Computer Science, 2026, 53(2): 264-272.
[14] HUANG Miaomiao, WANG Huiying, WANG Meixia, WANG Yejiang , ZHAO Yuhai. Review of Graph Embedding Learning Research:From Simple Graph to Complex Graph [J]. Computer Science, 2026, 53(1): 58-76.
[15] WANG Cheng, JIN Cheng. KAN-based Unsupervised Multivariate Time Series Anomaly Detection Network [J]. Computer Science, 2026, 53(1): 89-96.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.