Image Transformation Network for Privacy-Preserving Deep Neural Networks and Its Security Evaluation
This addresses privacy concerns in image classification for users and systems, though it appears incremental as it builds on perceptual encryption methods.
The authors tackled the problem of privacy-preserving deep neural networks by proposing a transformation network that converts plain images into visually-protected ones, achieving strong visual protection without degrading classification accuracy on CIFAR datasets and robustness against DNN-based attacks.
We propose a transformation network for generating visually-protected images for privacy-preserving DNNs. The proposed transformation network is trained by using a plain image dataset so that plain images are transformed into visually protected ones. Conventional perceptual encryption methods have a weak visual-protection performance and some accuracy degradation in image classification. In contrast, the proposed network enables us not only to strongly protect visual information but also to maintain the image classification accuracy that using plain images achieves. In an image classification experiment, the proposed network is demonstrated to strongly protect visual information on plain images without any performance degradation under the use of CIFAR datasets. In addition, it is shown that the visually protected images are robust against a DNN-based attack, called inverse transformation network attack (ITN-Attack) in an experiment.