16 research outputs found
Different Approaches to Blurring Digital Images and Their Effect on Facial Detection
The purpose of this thesis is to analyze the usage of multiple image blurring techniques and determine their effectiveness in combatting facial detection algorithms. This type of analysis is anticipated to reveal potential flaws in the privacy expected from blurring images or, rather, portions of images. Three different blurring algorithms were designed and implemented: a box blurring method, a Gaussian blurring method, and a differential privacy-based pixilation method. Datasets of images were collected from multiple sources, including the AT&T Database of Faces. Each of these three methods were implemented via their own original method, but, because of how common they are, box blurring and Gaussian blurring were also implemented utilizing the OpenCV open-source library to conserve time. Extensive tests were run on each of these algorithms, including how the blurring acts on color and grayscale images, images with and without faces, and the effectiveness of each blurring algorithm in hiding faces from being detected via the popular open-source OpenCV library facial detection method. Of the chosen blurring techniques, the differential privacy blurring method appeared the most effective against mitigating facial detection
Privacy-Preserving Medical Image Classification through Deep Learning and Matrix Decomposition
Deep learning (DL)-based solutions have been extensively researched in the
medical domain in recent years, enhancing the efficacy of diagnosis, planning,
and treatment. Since the usage of health-related data is strictly regulated,
processing medical records outside the hospital environment for developing and
using DL models demands robust data protection measures. At the same time, it
can be challenging to guarantee that a DL solution delivers a minimum level of
performance when being trained on secured data, without being specifically
designed for the given task. Our approach uses singular value decomposition
(SVD) and principal component analysis (PCA) to obfuscate the medical images
before employing them in the DL analysis. The capability of DL algorithms to
extract relevant information from secured data is assessed on a task of
angiographic view classification based on obfuscated frames. The security level
is probed by simulated artificial intelligence (AI)-based reconstruction
attacks, considering two threat actors with different prior knowledge of the
targeted data. The degree of privacy is quantitatively measured using
similarity indices. Although a trade-off between privacy and accuracy should be
considered, the proposed technique allows for training the angiographic view
classifier exclusively on secured data with satisfactory performance and with
no computational overhead, model adaptation, or hyperparameter tuning. While
the obfuscated medical image content is well protected against human
perception, the hypothetical reconstruction attack proved that it is also
difficult to recover the complete information of the original frames.Comment: 6 pages, 9 figures, Published in: 2023 31st Mediterranean Conference
on Control and Automation (MED
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning
Deep Learning has recently become hugely popular in machine learning,
providing significant improvements in classification accuracy in the presence
of highly-structured and large databases.
Researchers have also considered privacy implications of deep learning.
Models are typically trained in a centralized manner with all the data being
processed by the same training algorithm. If the data is a collection of users'
private data, including habits, personal pictures, geographical positions,
interests, and more, the centralized server will have access to sensitive
information that could potentially be mishandled. To tackle this problem,
collaborative deep learning models have recently been proposed where parties
locally train their deep learning structures and only share a subset of the
parameters in the attempt to keep their respective training sets private.
Parameters can also be obfuscated via differential privacy (DP) to make
information extraction even more challenging, as proposed by Shokri and
Shmatikov at CCS'15.
Unfortunately, we show that any privacy-preserving collaborative deep
learning is susceptible to a powerful attack that we devise in this paper. In
particular, we show that a distributed, federated, or decentralized deep
learning approach is fundamentally broken and does not protect the training
sets of honest participants. The attack we developed exploits the real-time
nature of the learning process that allows the adversary to train a Generative
Adversarial Network (GAN) that generates prototypical samples of the targeted
training set that was meant to be private (the samples generated by the GAN are
intended to come from the same distribution as the training data).
Interestingly, we show that record-level DP applied to the shared parameters of
the model, as suggested in previous work, is ineffective (i.e., record-level DP
is not designed to address our attack).Comment: ACM CCS'17, 16 pages, 18 figure
GAN-Based Differential Private Image Privacy Protection Framework for the Internet of Multimedia Things.
With the development of the Internet of Multimedia Things (IoMT), an increasing amount of image data is collected by various multimedia devices, such as smartphones, cameras, and drones. This massive number of images are widely used in each field of IoMT, which presents substantial challenges for privacy preservation. In this paper, we propose a new image privacy protection framework in an effort to protect the sensitive personal information contained in images collected by IoMT devices. We aim to use deep neural network techniques to identify the privacy-sensitive content in images, and then protect it with the synthetic content generated by generative adversarial networks (GANs) with differential privacy (DP). Our experiment results show that the proposed framework can effectively protect users' privacy while maintaining image utility
DP-Image: Differential Privacy for Image Data in Feature Space
The excessive use of images in social networks, government databases, and
industrial applications has posed great privacy risks and raised serious
concerns from the public. Even though differential privacy (DP) is a widely
accepted criterion that can provide a provable privacy guarantee, the
application of DP on unstructured data such as images is not trivial due to the
lack of a clear qualification on the meaningful difference between any two
images. In this paper, for the first time, we introduce a novel notion of
image-aware differential privacy, referred to as DP-image, that can protect
user's personal information in images, from both human and AI adversaries. The
DP-Image definition is formulated as an extended version of traditional
differential privacy, considering the distance measurements between feature
space vectors of images. Then we propose a mechanism to achieve DP-Image by
adding noise to an image feature vector. Finally, we conduct experiments with a
case study on face image privacy. Our results show that the proposed DP-Image
method provides excellent DP protection on images, with a controllable
distortion to faces