计算机科学与探索 ›› 2024, Vol. 18 ›› Issue (1): 244-251.DOI: 10.3778/j.issn.1673-9418.2210098

• 网络·安全 • 上一篇    下一篇

通过美颜保护人脸隐私

汪涛,张玉书,赵若宇,温文媖,朱友文   

  1. 1. 南京航空航天大学 计算机科学与技术学院,南京 211106
    2. 江西财经大学 信息管理学院,南昌 330013
  • 出版日期:2024-01-01 发布日期:2024-01-01

Protecting Face Privacy via Beautification

WANG Tao, ZHANG Yushu, ZHAO Ruoyu, WEN Wenying, ZHU Youwen   

  1. 1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China
    2. School of Information Management, Jiangxi University of Finance and Economics, Nanchang 330013, China
  • Online:2024-01-01 Published:2024-01-01

摘要: 社交网络上广泛传播的人脸图像易被未授权的自动识别系统推断出敏感信息,这为用户隐私带来了威胁。为保护用户隐私,一些方法通过在人脸上添加具有可迁移性的扰动来去除可识别信息。然而,它们生成的结果由于存在较为明显的扰动使得视觉感知效果较差,因此并不适合在社交网络上分享。为此,提出了一种基于美颜的对抗性人脸生成方案Adv-beauty。Adv-beauty利用人脸匹配器和美颜鉴别器来协同监督生成器的训练过程,促使生成器在原始人脸上产生类似美颜的扰动来混淆人脸匹配器,换句话说美颜带来的像素变化遮盖了扰动产生的不良视觉效果。此外,在身份损失上设置对抗性阈值,用来防止身份特征的过分偏离而导致的人脸区域扭曲。充分的实验表明,Adv-beauty不仅能够保持良好的视觉效果,而且能够防御多种未知人脸识别分类器和商业APIs。

关键词: 美颜, 人脸隐私, 身份, 生成对抗网络(GAN)

Abstract: Face images distributed widely on social networks are vulnerable to inferring sensitive information by unauthorized automatic identification systems, which poses a threat to user privacy. To protect face privacy, several methods have been proposed to generate highly transferable adversarial faces to remove identity information. However, the results generated by existing methods still suffer from obvious perturbations that make visual perception poor, which is not friendly for sharing on social networks. This paper proposes an adversarial face generation scheme via beautification, i.e., Adv-beauty. Adv-beauty utilizes a face matcher and a beautification discriminator to collaboratively supervise the training process of the generator, prompting the generator to produce a beauty-like perturbation on the original face to confront the face matcher. In other words, the pixel changes produced by the beauty mask the undesirable visual effects produced by the perturbations. In addition, this paper sets an adversarial threshold for identity loss to prevent face distortion due to excessive deviation of identity features. Sufficient experiments show that Adv-beauty maintains good visual results and is effectively against unknown face recognition classifiers and commercial APIs.

Key words: beautification, face privacy, identity, generative adversarial networks (GAN)