Publication
Title
Introducing K-anonymity principles to adversarial attacks for privacy protection in image classification problems
Author
Abstract
The network output activation values for a given input can be employed to produce a sorted ranking. Adversarial attacks typically generate the least amount of perturbation required to change the classifier label. In that sense, generated adversarial attack perturbation only affects the output in the 1st sorted ranking position. We argue that meaningful information about the adversarial examples i.e., their original labels, is still encoded in the network output ranking and could potentially be extracted, using rule-based reasoning. To this end, we introduce a novel adversarial attack methodology inspired by the K-anonymity principles, that generates adversarial examples that are not only misclassified, but their output sorted ranking spreads uniformly along K different positions. Any additional perturbation arising from the strength of the proposed objectives, is regularized by a visual similarity-based term. Experimental results denote that the proposed approach achieves the optimization goals inspired by K-anonymity with reduced perturbation as well.
Language
English
Source (journal)
IEEE International Workshop on Machine Learning for Signal Processing : [proceedings]. - Piscataway, NJ
Source (book)
2021 IEEE 31st International Workshop on Machine Learning for Signal Processing (MLSP), 25-28 October, 2021, Gold Coast, Australia
Publication
Piscataway, NJ : IEEE , 2021
ISSN
1551-2541
ISBN
978-1-7281-6338-3
DOI
10.1109/MLSP52302.2021.9596565
Volume/pages
p. 1-6
Full text (Publisher's DOI)
UAntwerpen
Publication type
Subject
External links
Record
Identifier
Creation 17.10.2023
Last edited 17.06.2024
To cite this reference