Privacy-preserving Adversarial Facial Features

Face recognition service providers protect face privacy by extracting compact and discriminative facial features (representations) from images, and storing the facial features for real-time recognition. However, such features can still be exploited to recover the appearance of the original face by building a reconstruction network. Although sev-eral privacy-preserving methods have been proposed, the enhancement offace privacy protection is at the expense of accuracy degradation. In this paper, we propose an adver-sarial features-based face privacy protection (AdvFace) approach to generate privacy-preserving adversarial features, which can disrupt the mapping from adversarial features to facial images to defend against reconstruction attacks. To this end, we design a shadow model which simulates the attackers' behavior to capture the mapping function from facial features to images and generate adversarial la-tent noise to disrupt the mapping. The adversarial features rather than the original features are stored in the server's database to prevent leaked features from exposing facial information. Moreover, the AdvFace requires no changes to the face recognition network and can be implemented as a privacy-enhancing plugin in deployed face recognition systems. Extensive experimental results demonstrate that Adv Face outperforms the state-of-the-art face privacy-preserving methods in defending against reconstruction at-tacks while maintaining face recognition accuracy.

• Publication year

  2023

• Venue

  Computer Vision and Pattern Recognition

• Publication date

  2023-05-08

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/CVPR52729.2023.00794arXiv 2305.05391
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• DuetFace: Collaborative Privacy-Preserving Face Recognition via Channel Splitting in the Frequency Domain

  2022influential reference
• Privacy-Preserving Face Recognition with Learnable Privacy Budgets in Frequency Domain

  2022cited by this paper
• Efficient and Privacy-preserving Distributed Face Recognition Scheme via FaceNet

  2021cited by this paper
• SecureFace: Face Template Protection

  2021cited by this paper
• Privacy Preserving Face Recognition Utilizing Differential Privacy

  2020cited by this paper
• Black-Box Face Recovery from Identity Features

  2020cited by this paper
• Adversarial Learning of Privacy-Preserving and Task-Oriented Representations

  2019cited by this paper
• DeepObfuscator: Obfuscating Intermediate Representations with Privacy-Preserving Adversarial Learning on Smartphones

  2019cited by this paper
• Model inversion attacks against collaborative inference

  2019influential reference
• ArcFace: Additive Angular Margin Loss for Deep Face Recognition

  2018cited by this paper
• A Privacy-Preserving Deep Learning Approach for Face Recognition with Edge Computing

  2018cited by this paper
• JointDNN: An Efficient Training and Inference Engine for Intelligent Mobile Cloud Computing Services

  2018cited by this paper
• Edge-Host Partitioning of Deep Neural Networks with Feature Space Encoding for Resource-Constrained Internet-of-Things Platforms

  2018cited by this paper
• Boosting Adversarial Attacks with Momentum

  2017cited by this paper
• On the Reconstruction of Face Images from Deep Face Templates

  2017cited by this paper
• Towards Deep Learning Models Resistant to Adversarial Attacks

  2017influential reference
• AgeDB: The First Manually Collected, In-the-Wild Age Database

  2017cited by this paper
• Synthesizing Normalized Faces from Facial Identity Features

  2017cited by this paper
• Inverting face embeddings with convolutional neural networks

  2016influential reference
• Frontal to profile face verification in the wild

  2016influential reference
• Joint Face Detection and Alignment Using Multitask Cascaded Convolutional Networks

  2016cited by this paper
• Learning local feature descriptors with triplets and shallow convolutional neural networks

  2016cited by this paper
• Simple Functional Encryption Schemes for Inner Products

  2015cited by this paper
• FaceNet: A unified embedding for face recognition and clustering

  2015cited by this paper
• Inverting Visual Representations with Convolutional Networks

  2015influential reference
• Deep Residual Learning for Image Recognition

  2015influential reference
• Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

  2015cited by this paper
• U-Net: Convolutional Networks for Biomedical Image Segmentation

  2015cited by this paper
• Deep Learning Face Attributes in the Wild

  2014cited by this paper
• Explaining and Harnessing Adversarial Examples

  2014cited by this paper
• Adam: A Method for Stochastic Optimization

  2014cited by this paper
• Learning Face Representation from Scratch

  2014cited by this paper
• Reconstructing faces from their signatures using RBF regression

  2013cited by this paper
• Implementing Gentry's Fully-Homomorphic Encryption Scheme

  2011cited by this paper
• Labeled Faces in the Wild: A Database forStudying Face Recognition in Unconstrained Environments

  2008influential reference
• From Scores to Face Templates: A Model-Based Approach

  2007cited by this paper
• Image quality assessment: from error visibility to structural similarity

  2004influential reference

• Privacy-Preserving Rényi Layer-Wise Budget Allocation Against Gradient Leakage for Federated Learning

  2026cites this paper
• LDP-Slicing: Local Differential Privacy for Images via Randomized Bit-Plane Slicing

  2026cites this paper
• Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes

  2026cites this paper
• Privacy Preservation in Face Soft Biometrics via Attribute Disentanglement

  2026cites this paper
• Privacy-preserving Facial-based Diagnosis with Shared-Attention Multitask Learning

  2025cites this paper
• Privacy-Preserving in Connected and Autonomous Vehicles Through Vision to Text Transformation

  2025cites this paper
• IAP: Invisible Adversarial Patch Attack through Perceptibility-Aware Localization and Perturbation Optimization

  2025cites this paper
• IDFace: Face Template Protection for Efficient and Secure Identification

  2025cites this paper
• Secure and Efficient UAV-Based Face Detection via Homomorphic Encryption and Edge Computing

  2025cites this paper
• Protecting Feature Privacy in Person Re-Identification

  2025cites this paper
• Patronus: Plug-and-Play and Near-Lossless Facial Privacy Enhancement Against Reconstruction Attacks

  2025influential citation
• NouMenn: Accurate Reconstructive Privacy Protection for Facial Soft Attributes via Style Code

  2025cites this paper
• CRFD: A novel face privacy preservation via fine-grained controllable and reversible de-identification

  2025cites this paper
• Nagisa: A reversible privacy preservation scheme against facial soft-biometric attributes recognition

  2025cites this paper
• FacePurifier: Enhancing Face Identification Robustness Against Adversarial Attacks via Two-Phase Image Restoration

  2025cites this paper
• Efficient Privacy-Preserving Face Recognition Based on Feature Encoding and Symmetric Homomorphic Encryption

  2025cites this paper
• A Component-Guided Frequency Perturbation Approach for Privacy Preserving Face Recognition

  2025cites this paper
• On Privacy, Accuracy, and Fairness Trade-Offs in Facial Recognition

  2025cites this paper
• Computation-Efficient and Recognition-Friendly 3D Point Cloud Privacy Protection

  2025cites this paper
• Facial Data Minimization: Shallow Model as Your Privacy Filter

  2025influential citation
• Ensuring privacy in face recognition: a survey on data generation, inference and storage

  2025cites this paper
• FedSaaS: Class-Consistency Federated Semantic Segmentation via Global Prototype Supervision and Local Adversarial Harmonization

  2025cites this paper
• Task-Oriented Training Data Privacy Protection for Cloud-based Model Training

  2025cites this paper
• FaceObfuscator: Defending Deep Learning-based Privacy Attacks with Gradient Descent-resistant Features in Face Recognition

  2024influential citation
• Chaos-Based Index-of-Min Hashing Scheme for Cancellable Biometrics Security

  2024cites this paper
• Training with Differential Privacy: A Gradient-Preserving Noise Reduction Approach with Provable Security

  2024cites this paper
• Targeted Therapy in Data Removal: Object Unlearning Based on Scene Graphs

  2024cites this paper
• FaceTracer: Unveiling Source Identities From Swapped Face Images and Videos for Fraud Prevention

  2024cites this paper
• A Stealthy Wrongdoer: Feature-Oriented Reconstruction Attack Against Split Learning

  2024cites this paper
• RDP: Ranked Differential Privacy for Facial Feature Protection in Multiscale Sparsified Subspaces

  2024cites this paper
• SlerpFace: Face Template Protection via Spherical Linear Interpolation

  2024cites this paper
• PRINIA: Privacy-Preserving Facial Recognition Framework for Extended Reality Environments

  2024cites this paper
• Privacy-Preserving Face Recognition Using Trainable Feature Subtraction

  2024influential citation
• Facial Data Minimization: Shallow Model as Your Privacy Filter

  2023influential citation
• TransFace++: Rethinking the Face Recognition Paradigm With a Focus on Accuracy, Efficiency, and Security

  2023cites this paper