60,098 research outputs found
Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners
The k-nearest neighbors (k-NN) algorithm is a popular and effective
classification algorithm. Due to its large storage and computational
requirements, it is suitable for cloud outsourcing. However, k-NN is often run
on sensitive data such as medical records, user images, or personal
information. It is important to protect the privacy of data in an outsourced
k-NN system.
Prior works have all assumed the data owners (who submit data to the
outsourced k-NN system) are a single trusted party. However, we observe that in
many practical scenarios, there may be multiple mutually distrusting data
owners. In this work, we present the first framing and exploration of privacy
preservation in an outsourced k-NN system with multiple data owners. We
consider the various threat models introduced by this modification. We discover
that under a particularly practical threat model that covers numerous
scenarios, there exists a set of adaptive attacks that breach the data privacy
of any exact k-NN system. The vulnerability is a result of the mathematical
properties of k-NN and its output. Thus, we propose a privacy-preserving
alternative system supporting kernel density estimation using a Gaussian
kernel, a classification algorithm from the same family as k-NN. In many
applications, this similar algorithm serves as a good substitute for k-NN. We
additionally investigate solutions for other threat models, often through
extensions on prior single data owner systems
Semi-Adversarial Networks: Convolutional Autoencoders for Imparting Privacy to Face Images
In this paper, we design and evaluate a convolutional autoencoder that
perturbs an input face image to impart privacy to a subject. Specifically, the
proposed autoencoder transforms an input face image such that the transformed
image can be successfully used for face recognition but not for gender
classification. In order to train this autoencoder, we propose a novel training
scheme, referred to as semi-adversarial training in this work. The training is
facilitated by attaching a semi-adversarial module consisting of a pseudo
gender classifier and a pseudo face matcher to the autoencoder. The objective
function utilized for training this network has three terms: one to ensure that
the perturbed image is a realistic face image; another to ensure that the
gender attributes of the face are confounded; and a third to ensure that
biometric recognition performance due to the perturbed image is not impacted.
Extensive experiments confirm the efficacy of the proposed architecture in
extending gender privacy to face images
- …