Rethinking Adversarial Examples for Location Privacy Protection
This work addresses privacy concerns for individuals whose location data might be exposed through landmark recognition, presenting an incremental improvement by applying adversarial examples to a new domain.
The paper tackles location privacy protection by using adversarial examples to defend against landmark recognition systems, introducing mask-guided multimodal projected gradient descent (MM-PGD) with strategies based on class activation maps and human vision, and experiments on the Places365 dataset show potential effectiveness with minimal image manipulation.
We have investigated a new application of adversarial examples, namely location privacy protection against landmark recognition systems. We introduce mask-guided multimodal projected gradient descent (MM-PGD), in which adversarial examples are trained on different deep models. Image contents are protected by analyzing the properties of regions to identify the ones most suitable for blending in adversarial examples. We investigated two region identification strategies: class activation map-based MM-PGD, in which the internal behaviors of trained deep models are targeted; and human-vision-based MM-PGD, in which regions that attract less human attention are targeted. Experiments on the Places365 dataset demonstrated that these strategies are potentially effective in defending against black-box landmark recognition systems without the need for much image manipulation.