liu.seSearch for publications in DiVA
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
StyleAdv: A Usable Privacy Framework Against Facial Recognition with Adversarial Image Editing
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0003-2391-5951
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0003-1367-1594
2024 (English)In: Proceedings on Privacy Enhancing Technologies / [ed] De Gruyter Open, 2024, Vol. 2, p. 106-123Conference paper, Published paper (Refereed)
Abstract [en]

In this era of ubiquitous surveillance and online presence, protecting facial privacy has become a critical concern for individuals and society as a whole. Adversarial attacks have emerged as a promising solution to this problem, but current methods are limited in quality or are impractical for sensitive domains such as facial editing. This paper presents a novel adversarial image editing framework called StyleAdv, which leverages StyleGAN's latent spaces to generate powerful adversarial images, providing an effective tool against facial recognition systems. StyleAdv achieves high success rates by employing meaningful facial editing with StyleGAN while maintaining image quality, addressing a challenge faced by existing methods. To do so, the comprehensive framework integrates semantic editing, adversarial attacks, and face recognition systems, providing a cohesive and robust tool for privacy protection. We also introduce the ``residual attack`` strategy, using residual information to enhance attack success rates. Our evaluation offers insights into effective editing, discussing tradeoffs in latent spaces, optimal edits for our optimizer, and the impact of utilizing residual information. Our approach is transferable to state-of-the-art facial recognition systems, making it a versatile tool for privacy protection. In addition, we provide a user-friendly interface with multiple editing options to help users create effective adversarial images. Extensive experiments are used to provide insights and demonstrate that StyleAdv outperforms state-of-the-art methods in terms of both attack success rate and image quality. By providing a versatile tool for generating high-quality adversarial samples, StyleAdv can be used both to enhance individual users' privacy and to stimulate advances in adversarial attack and defense research.
Place, publisher, year, edition, pages
2024. Vol. 2, p. 106-123
Keywords [en]
Adversarial samples, Privacy filter, Facial anonymization
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-203224DOI: 10.56553/popets-2024-0043OAI: oai:DiVA.org:liu-203224DiVA, id: diva2:1856119
Conference
The 24th Privacy Enhancing Technologies Symposium July 15–20, 2024, Bristol, UK
Note

Funding: This work was supported by the Swedish Research Council (VR) and the Wallenberg AI, Autonomous Systems and Software Program (WASP) funded by the Knut and Alice Wallenberg Foundation.

Available from: 2024-05-06 Created: 2024-05-06 Last updated: 2024-05-06Bibliographically approved
In thesis
1. Beyond Recognition: Privacy Protections in a Surveilled World
Open this publication in new window or tab >>Beyond Recognition: Privacy Protections in a Surveilled World
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This thesis addresses the need to balance the use of facial recognition systems with the need to protect personal privacy in machine learning and biometric identification. As advances in deep learning accelerate their evolution, facial recognition systems enhance security capabilities, but also risk invading personal privacy. Our research identifies and addresses critical vulnerabilities inherent in facial recognition systems, and proposes innovative privacy-enhancing technologies that anonymize facial data while maintaining its utility for legitimate applications.

Our investigation centers on the development of methodologies and frameworks that achieve k-anonymity in facial datasets; leverage identity disentanglement to facilitate anonymization; exploit the vulnerabilities of facial recognition systems to underscore their limitations; and implement practical defenses against unauthorized recognition systems. We introduce novel contributions such as AnonFACES, StyleID, IdDecoder, StyleAdv, and DiffPrivate, each designed to protect facial privacy through advanced adversarial machine learning techniques and generative models. These solutions not only demonstrate the feasibility of protecting facial privacy in an increasingly surveilled world, but also highlight the ongoing need for robust countermeasures against the ever-evolving capabilities of facial recognition technology.

Continuous innovation in privacy-enhancing technologies is required to safeguard individuals from the pervasive reach of digital surveillance and protect their fundamental right to privacy. By providing open-source, publicly available tools, and frameworks, this thesis contributes to the collective effort to ensure that advancements in facial recognition serve the public good without compromising individual rights. Our multi-disciplinary approach bridges the gap between biometric systems, adversarial machine learning, and generative modeling to pave the way for future research in the domain and support AI innovation where technological advancement and privacy are balanced.  
Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2024. p. 81
Series
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 2392
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-203225 (URN)10.3384/9789180756761 (DOI)9789180756754 (ISBN)9789180756761 (ISBN)
Public defence
2024-06-12, Ada Lovelace, B-building, Campus Valla, Linköping, 09:15 (English)
Opponent
Supervisors
Note

Funding: This work was supported by the Swedsih Research Council (VR) and the Wallenberg AI, Autonomous Systems and Software Program (WASP) funded by the Knut and Alice Foundation.

Available from: 2024-05-06 Created: 2024-05-06 Last updated: 2024-05-08Bibliographically approved

Open Access in DiVA

fulltext(10667 kB)109 downloads
File information
File name FULLTEXT01.pdfFile size 10667 kBChecksum SHA-512
c488eda086c1bc4b79f62681c3c7acc950fd4c7f3fcbc11636c84eb7d5b4e9f744349a26b6a58aba73c08a6d4cb8a6e8304925fe30dc9e2819a688555952ea92
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records

Minh-Ha, LeCarlsson, Niklas

Search in DiVA

By author/editor
Minh-Ha, LeCarlsson, Niklas
By organisation
Database and information techniquesFaculty of Science & Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 109 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 658 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
Accessibility
|
DiVA portal
|
DiVA Log in
|
Contact us
|
LiU University Library
|
SwePub
|
Uppsök