Local Features Meet Stochastic Anonymization: Revolutionizing Privacy-Preserving Face Recognition for Black-Box Models

作     者：Liu, Yuanwei Jia, Chengyu Xiao, Ruqi Jia, Xuemei Wei, Hui Jiang, Kui Wang, Zheng 

作者机构：National Engineering Research Center for Multimedia Software Institute of Artificial Intelligence School of Computer Science Wuhan University China Hubei Key Laboratory of Multimedia and Network Communication Engineering Wuhan University China School of Computer Science and Technology Harbin Institute of Technology Harbin China 

出 版 物：《arXiv》 (arXiv)

年 卷 期：2024年

核心收录：

主　　题：Differential privacy 

摘      要：The task of privacy-preserving face recognition (PPFR) currently faces two major unsolved challenges: (1) existing methods are typically effective only on specific face recognition models and struggle to generalize to black-box face recognition models;(2) current methods employ data-driven reversible representation encoding for privacy protection, making them susceptible to adversarial learning and reconstruction of the original image. We observe that face recognition models primarily rely on local features (e.g., face contour, skin texture, and so on) for identification. Thus, by disrupting global features while enhancing local features, we achieve effective recognition even in black-box environments. Additionally, to prevent adversarial models from learning and reversing the anonymization process, we adopt an adversarial learning-based approach with irreversible stochastic injection to ensure the stochastic nature of the anonymization. Experimental results demonstrate that our method achieves an average recognition accuracy of 94.21% on black-box models, outperforming existing methods in both privacy protection and anti-reconstruction capabilities. Copyright © 2024, The Authors. All rights reserved.