Research On Face Recognition Using Deep Learning With Privacy Protection

Face recognition based on deep learning has become one of the mainstream identification technologies.Many existing face recognition models based on deep neural networks have achieved good results,but the network structures are very complicated and the training process are difficult.The face recognition attack methods can obtain the privacy data through the parameters of the model and illegally obtain the access authority.Under the adversarial attack,the face recognition model makes a wrong judgment and poses a threat to the security system.Therefore,privacy protection and security issues in face recognition are an important research direction.In order to solve the privacy and security problems of face recognition,the face recognition algorithm with privacy protection and the defense strategy against against sample attacks are proposed.In order to improve the efficiency of the privacy protection algorithm,a lightweight face recognition model is constructed.The specific research contents of the thesis are as follows:(1)For the existing face recognition model,the network structure is complex and difficult to train.Therefore,a lightweight face recognition algorithm LightFace is proposed.The model reduces the computational complexity and parameters of the model based on the depth decomposable convolution,and uses the triplet loss to define the model loss function.The attention mechanism is added to the model,which adjusts the weight of the channel,and improves the recognition accuracy of the model.Compared with other face recognition models,the proposed model not only reduces the amount of calculation and parameter,but also achieves good results in the accuracy of recognition.(2)In order to protect the privacy data of face recognition model,a privacy protection strategy based on differential privacy is proposed.Firstly,by training Bayesian Generative Adversarial Networks,the training data is obtained with the same distribution of sensitive data;then,based on the differential privacy algorithm,the privacy-protected labels of the training data are obtained;finally,training the published face recognition model is trained by the ensemble learning algorithm,using the non-private data.The proposed privacy protection strategy effectively protects the parameter information of the face recognition model,so that the recognition accuracy of the image recovered by the attack is reduced.(3)A defense strategy against adversarial attacks is proposed.Firstly,the attack images are acquired by access to the trained generate network;then,based on the expanded training dataset,the noise on the attack image is removed by using the denoising network;finally,the face recognition model is trained by the training method based on the knowledge transfer,which improves the model's ability to resist small image disturbances and the generalization performance of the model around the training samples.The proposed defensive strategy can effectively reduce the success rate against adversarial attacks and improve the accuracy of the face recognition model.