Research On Face Privacy Protection Based On Adversarial Samples

With the development of face recognition technology,face recognition systems are widely used in transportation and financial payment and other fields,making life more convenient.However,attackers can use face recognition technology to attain user privacy in massive image data in social networks,which threatens user privacy security.In the existing research on protecting the privacy of face images by generating personal adversarial perturbations for specific identities,lack of attack on the whole face region and attack on directional features,which leads to poor effect of personal adversarial perturbations attack and low transfer performance.It is particularly important to study privacy protection methods for facial images to enhance the privacy protection effect of adversarial samplesThis article conducts research work on the construction methods of adversarial sample,Increasing the diversity of adversarial information can enhance the protection effect of adversarial sample,Using targeted attacks to construct adversarial sample has better attack effectiveness.the main work are as follows :(1)To solve the problem of insufficient mining of general facial information,a method based on convex hull and general perturbation for face privacy protection(PMUP)is proposed.First,The convex hull method use a small number of images to construct accurate identity feature subspaces,improve the utilization efficiency of training images,and construct personal adversarial perturbations away from the identity feature subspace during the iteration process;Then,construct a universal adversarial perturbation for the overall dataset,making the universal adversarial perturbation have the effect of attacking general facial information;Finally,combining personal adversarial perturbation and universal adversarial perturbation,a specific identity personal mask is constructed.This mask fully use of the general information of the face and the specific information of the specific identity face,significantly improving the protective effect and migration of the personal mask.(2)To solve the lack of directional attacks against adversarial perturbations,a directional personal mask(DPM)based face privacy protection method is proposed.First,using the class center method to generate the feature space points of the directional identity,providing direction for the directional offset of the feature vector.Then,construct a feature subspace for a specific identity,and the noised image is shifted to the directional identity to enhance the against adversarial perturbations attack.Experimental results show that directional features can change the offset direction of perturbations,which improves the migration and privacy protection effect of the personal mask.