Paper ID: 2302.03657

Toward Face Biometric De-identification using Adversarial Examples

Mahdi Ghafourian, Julian Fierrez, Luis Felipe Gomez, Ruben Vera-Rodriguez, Aythami Morales, Zohra Rezgui, Raymond Veldhuis

The remarkable success of face recognition (FR) has endangered the privacy of internet users particularly in social media. Recently, researchers turned to use adversarial examples as a countermeasure. In this paper, we assess the effectiveness of using two widely known adversarial methods (BIM and ILLC) for de-identifying personal images. We discovered, unlike previous claims in the literature, that it is not easy to get a high protection success rate (suppressing identification rate) with imperceptible adversarial perturbation to the human visual system. Finally, we found out that the transferability of adversarial examples is highly affected by the training parameters of the network with which they are generated.

Submitted: Feb 7, 2023

Topics

Adversarial Example
Face Recognition
Adversarial Method
Imperceptible Adversarial Perturbation
Face De Identification

Links

arXiv PDF