|
Title
|
|
|
|
Introducing K-anonymity principles to adversarial attacks for privacy protection in image classification problems
| |
|
Author
|
|
|
|
| |
|
Abstract
|
|
|
|
| The network output activation values for a given input can be employed to produce a sorted ranking. Adversarial attacks typically generate the least amount of perturbation required to change the classifier label. In that sense, generated adversarial attack perturbation only affects the output in the 1st sorted ranking position. We argue that meaningful information about the adversarial examples i.e., their original labels, is still encoded in the network output ranking and could potentially be extracted, using rule-based reasoning. To this end, we introduce a novel adversarial attack methodology inspired by the K-anonymity principles, that generates adversarial examples that are not only misclassified, but their output sorted ranking spreads uniformly along K different positions. Any additional perturbation arising from the strength of the proposed objectives, is regularized by a visual similarity-based term. Experimental results denote that the proposed approach achieves the optimization goals inspired by K-anonymity with reduced perturbation as well. |
| |
|
Language
|
|
|
|
English
| |
|
Source (journal)
|
|
|
|
IEEE International Workshop on Machine Learning for Signal Processing : [proceedings]. - Piscataway, NJ
| |
|
Source (book)
|
|
|
|
2021 IEEE 31st International Workshop on Machine Learning for Signal Processing (MLSP), 25-28 October, 2021, Gold Coast, Australia
| |
|
Publication
|
|
|
|
Piscataway, NJ
:
IEEE
,
2021
| |
|
ISSN
|
|
|
|
1551-2541
| |
|
ISBN
|
|
|
|
978-1-7281-6338-3
| |
|
DOI
|
|
|
|
10.1109/MLSP52302.2021.9596565
| |
|
Volume/pages
|
|
|
|
p. 1-6
| |
|
Full text (Publisher's DOI)
|
|
|
|
| |
|