Maximal adversarial perturbations for obfuscation: Hiding certain attributes while preserving rest
This addresses privacy concerns for data owners by hiding sensitive attributes from both human perception and machine detection, though it is incremental as it adapts existing adversarial methods.
The paper tackles the problem of using adversarial perturbations for privacy by obfuscating specific attributes in data while preserving others, achieving results where models trained on clean data fail to predict hidden attributes from perturbed data while maintaining prediction of other attributes.
In this paper we investigate the usage of adversarial perturbations for the purpose of privacy from human perception and model (machine) based detection. We employ adversarial perturbations for obfuscating certain variables in raw data while preserving the rest. Current adversarial perturbation methods are used for data poisoning with minimal perturbations of the raw data such that the machine learning model's performance is adversely impacted while the human vision cannot perceive the difference in the poisoned dataset due to minimal nature of perturbations. We instead apply relatively maximal perturbations of raw data to conditionally damage model's classification of one attribute while preserving the model performance over another attribute. In addition, the maximal nature of perturbation helps adversely impact human perception in classifying hidden attribute apart from impacting model performance. We validate our result qualitatively by showing the obfuscated dataset and quantitatively by showing the inability of models trained on clean data to predict the hidden attribute from the perturbed dataset while being able to predict the rest of attributes.