Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (5): 384-391.doi: 10.11896/jsjkx.241100066

• Information Security • Previous Articles    

Reversible Facial Privacy Protection Method Based on “Invisible Masks”

ZHENG Xu1, HUANG Xiangjie1, YANG Yang1,2   

  1. 1 School of Electronics and Information Engineering,Anhui University,Hefei 230601,China
    2 Institute of Artificial Intelligence,Hefei Comprehensive National Science Center,Hefei 230026,China
  • Received:2024-11-11 Revised:2024-12-28 Online:2025-05-15 Published:2025-05-12
  • About author:ZHENG Xu,born in 2000,postgraduate.His main research interest is information hiding.
    YANG Yang,born in 1980,professor,is a member of CCF(No.H3489M).Her main research interests include information hiding,quantum artificial intelligenceand image quality assessment.
  • Supported by:
    National Natural Science Foundation of China(62272003) and Natural Science Foundation of Anhui Provincial Colleges and Universities(KJ2021A0016).

PDF (PC)

115

Abstract: With the rapid progress of artificial intelligence and computer vision technology,facial information has been widely used in smart security,financial payment,and social media,etc.Once the collected facial information is leaked or illegally sold by unscrupulous individuals,it will cause adverse consequences.Therefore,how to prevent the original facial database from being illegally accessed and trained by malicious parties,and how to prevent illegal recognition,is an urgent issue that needs to be solved.Therefore,a reversible facial privacy protection method based on “invisible mask” is proposed.If the adversarial facial image is illegally accessed,it will cause the unauthorized facial recognition system to incorrectly recognize,and for authorized users,the original facial information can be recovered by removing the “invisible mask”,ensuring that the authorized facial recognition system can correctly recognize,thus achieving the purpose of protecting the facial database.Experimental results show that the method generates adversarial facial images with higher visual quality,the average PSNR between the adversarial facial image and the original facial image without attack layer can reach 55 dB,and the false recognition rate of the unauthorized system can reach 99.6%.At the same time,the method realizes reversible recovery of facial images,the average PSNR of the recovered facial image is 61 dB,and the correct recognition rate of the authorized system can reach 99.8%.Therefore,the proposed method can effectively protect the facial database.

Key words: Deep learning, Invisible masks, Adversarial examples, Facial dataset protection, Visual transformation, Reversible facial privacy protection

CLC Number: 

  • TP311
[1]BORENSTEIN J,AYANNA H.Emerging challenges in AI and the need for AI ethics education[J].AI and Ethics,2021,1(1):61-65.
[2]MRIT M,NARAYANAN P.The de-identification camera[C]//Proceedings of the 2011 Third National Conference on Computer Vision and PatternRecognition.2011:192-195.
[3]ZHANG Y,LU Y,NAGAHARA H,et al.Anonymous camera for privacy protection[C]//Proceedings of the 22nd InternationalConference on Pattern Recognition.2014:4170-4175.
[4]LETOURNEL G,BUGEAU A,DOMENGER J P.Face de-identification with expressions preservation[C]//ProcEedings of the Internationak Conference on Image Processing.2015:4366-4370.
[5]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2015.
[6]YIN B,WANG W,YAO T,et al.Adv-Makeup:A New Imperceptible and Transferable Attack on Face Recognition[C]//International Joint Conference on Artificial Intelligence.2021:1252-1258.
[7]JIA X J,WEI X X,CAO X C,et al.Comdefend:An efficient image compressionmodel to defend adversarial examples[C]//Proceedingsof the IEEE/CVF Conference on Computer Vision andPattern Recognition.2019:6084-6092.
[8]ZHANG X P.Reversible data hiding with optimalvalue transfer[J].IEEE Transactions on Multimedia,2012,15(2):316-325.
[9]LIU J Y,HOU D D,ZHANG W M,et al.Reversible adversarial examples[J].arXiv:1811.00189,2018.
[10]CHEN K J,CHEN K J,ZENG X H,et al.Invertible image dataset protection[J].arXiv:2021,14420,2021.
[11]KE X,WU H Q,GUO W Z.StegFormer:Rebuilding the Glory of Autoencoder-Based Steganography[C]//Proceedings of theAAAI Conference on Artificial Intelligence.Vancouver,Canada,2024:2723-2731.
[12]ZHU J,RUSSELL K,JUSTIN J,et al.Hidden:Hiding datawith deep networks[C]//European Conference on Computer Vision.Munich,Germany,2018:657-672.
[13]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.In-triguing properties of neural networks[J].arXiv:1312.6199,2013.
[14]CARLININ,WAGNER D.Towards evaluating the robustnessof neural networks[J].IEEE Symposium on Security and Privacy.San Francisco.USA,2017:39-57.
[15]XIAO C,LI B,ZHU J,et al.Generating adversarial exampleswith adversarial networks[J].arXiv:1801.02610,2018.
[16]CHINOMI K,NITTA N,ITO Y.PriSurv:Privacy protected video surveillance system using adaptive visual abstraction[C]//Proceedings of the 14th International Conference on Advances in Multimedia Modeling.Berlin:Springer,2008:144-154.
[17]YOU Z,LI S,QIAN Z,et al.Reversible privacy-preserving recognition[C]//2021 IEEE International Conference on Multimedia and Expo(ICME).IEEE,2021:1-6.
[18]YANG Y,HUANG Y,SHI M,et al.Invertible Mask Network for Face Privacy Preservation[J].Information Sciences,2023,629:566-579.
[19]DEBAYAND,ZHANG J B,JAIN A.Advfaces:adversarial face synthesis[J]arXiv:1908.05008,2019.
[20]LIN Y,CAO Y,HU H.Swin transformer:Hierarchical vision transformer using shifted windows[C]//Proceedings ofthe IEEE/CVFInternational Conference on ComputerVision.Montreal,Canada,2021:10012-10022.
[21]CHU X,TIAN Z,ZHANG B,et al.Conditional positional encodings for vision transformers[J].arXiv:2102.10882,2021.
[22]SCHROFF F,KALENICHENKO D,PHILBIN J.Facenet:A- unified embedding for face recognition and clustering.[C]//2015 IEEE Conference on Computer Vision and Pattern Recognition.Santa Barbara,USA,2015:815-823.
[23]CHARBONNIE R,BLANC-FERAUD L,AUBERT G,et al.Two deterministic half-quadratic regularization algorithms for computed imaging[C]//Proceedings of 1st International Conference on Image Processing.1994:168-172.
[24]YI D,YANG M,WU Y M.CASIA-WebFace:A Web Face Database for Face Recognition[C]//IEEE Conference on ComputerVision and Pattern Recognition(CVPR).Columbus,USA,2014.
[25]HUANG G B,RAMESH M,LEARNED E.Labeled Faces inthe Wild:A Survey of Face Recognition in Unconstrained Environments[J].IEEE Transactions on Pattern Analysis and Machine Intelligence(PAMI),2008,12(30):2127-2140.
[26]WANG Z,BOVIK A,SHEIKH H R.Image quality asses-sment:From error visibility to structural similarity[J].IEEE Transactions on Image Processing.2004,13(4):600-612.
[1] LIU Wei, XU Yong, FANG Juan, LI Cheng, ZHU Yujun, FANG Qun, HE Xin. Multimodal Air-writing Gesture Recognition Based on Radar-Vision Fusion [J]. Computer Science, 2025, 52(9): 259-268.
[2] YIN Shi, SHI Zhenyang, WU Menglin, CAI Jinyan, YU De. Deep Learning-based Kidney Segmentation in Ultrasound Imaging:Current Trends and Challenges [J]. Computer Science, 2025, 52(9): 16-24.
[3] ZENG Lili, XIA Jianan, LI Shaowen, JING Maike, ZHAO Huihui, ZHOU Xuezhong. M2T-Net:Cross-task Transfer Learning Tongue Diagnosis Method Based on Multi-source Data [J]. Computer Science, 2025, 52(9): 47-53.
[4] LI Yaru, WANG Qianqian, CHE Chao, ZHU Deheng. Graph-based Compound-Protein Interaction Prediction with Drug Substructures and Protein 3D Information [J]. Computer Science, 2025, 52(9): 71-79.
[5] LUO Chi, LU Lingyun, LIU Fei. Partial Differential Equation Solving Method Based on Locally Enhanced Fourier NeuralOperators [J]. Computer Science, 2025, 52(9): 144-151.
[6] LIU Leyuan, CHEN Gege, WU Wei, WANG Yong, ZHOU Fan. Survey of Data Classification and Grading Studies [J]. Computer Science, 2025, 52(9): 195-211.
[7] TANG Boyuan, LI Qi. Review on Application of Spatial-Temporal Graph Neural Network in PM2.5 ConcentrationForecasting [J]. Computer Science, 2025, 52(8): 71-85.
[8] LIU Zhengyu, ZHANG Fan, QI Xiaofeng, GAO Yanzhao, SONG Yijing, FAN Wang. Review of Research on Deep Learning Compiler [J]. Computer Science, 2025, 52(8): 29-44.
[9] ZHENG Cheng, YANG Nan. Aspect-based Sentiment Analysis Based on Syntax,Semantics and Affective Knowledge [J]. Computer Science, 2025, 52(7): 218-225.
[10] FAN Xing, ZHOU Xiaohang, ZHANG Ning. Review on Methods and Applications of Short Text Similarity Measurement in Social Media Platforms [J]. Computer Science, 2025, 52(6A): 240400206-8.
[11] YANG Jixiang, JIANG Huiping, WANG Sen, MA Xuan. Research Progress and Challenges in Forest Fire Risk Prediction [J]. Computer Science, 2025, 52(6A): 240400177-8.
[12] WANG Jiamin, WU Wenhong, NIU Hengmao, SHI Bao, WU Nier, HAO Xu, ZHANG Chao, FU Rongsheng. Review of Concrete Defect Detection Methods Based on Deep Learning [J]. Computer Science, 2025, 52(6A): 240900137-12.
[13] HAO Xu, WU Wenhong, NIU Hengmao, SHI Bao, WU Nier, WANG Jiamin, CHU Hongkun. Survey of Man-Machine Distance Detection Method in Construction Site [J]. Computer Science, 2025, 52(6A): 240700098-10.
[14] WANG Chanfei, YANG Jing, XU Yamei, HE Jiai. OFDM Index Modulation Signal Detection Based on Deep Learning [J]. Computer Science, 2025, 52(6A): 240900122-6.
[15] CHEN Shijia, YE Jianyuan, GONG Xuan, ZENG Kang, NI Pengcheng. Aircraft Landing Gear Safety Pin Detection Algorithm Based on Improved YOlOv5s [J]. Computer Science, 2025, 52(6A): 240400189-7.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.