Toward Face Biometric De-identification using Adversarial Examples
This work addresses privacy concerns for internet users in social media, but it is incremental as it reassesses existing methods.
The paper tackles the problem of protecting privacy in face recognition by evaluating adversarial examples for de-identification, finding that achieving high protection rates with imperceptible perturbations is difficult and that transferability depends on network training parameters.
The remarkable success of face recognition (FR) has endangered the privacy of internet users particularly in social media. Recently, researchers turned to use adversarial examples as a countermeasure. In this paper, we assess the effectiveness of using two widely known adversarial methods (BIM and ILLC) for de-identifying personal images. We discovered, unlike previous claims in the literature, that it is not easy to get a high protection success rate (suppressing identification rate) with imperceptible adversarial perturbation to the human visual system. Finally, we found out that the transferability of adversarial examples is highly affected by the training parameters of the network with which they are generated.