Visible to the public Introducing K-Anonymity Principles to Adversarial Attacks for Privacy Protection in Image Classification Problems

TitleIntroducing K-Anonymity Principles to Adversarial Attacks for Privacy Protection in Image Classification Problems
Publication TypeConference Paper
Year of Publication2021
AuthorsMygdalis, Vasileios, Tefas, Anastasios, Pitas, Ioannis
Conference Name2021 IEEE 31st International Workshop on Machine Learning for Signal Processing (MLSP)
Keywordsadversarial attacks, anonymity, composability, Human Behavior, k-anonymity, machine learning, Metrics, Perturbation methods, privacy, pubcrawl, resilience, Resiliency, Robustness, Signal processing, Training, visualization
AbstractThe network output activation values for a given input can be employed to produce a sorted ranking. Adversarial attacks typically generate the least amount of perturbation required to change the classifier label. In that sense, generated adversarial attack perturbation only affects the output in the 1st sorted ranking position. We argue that meaningful information about the adversarial examples i.e., their original labels, is still encoded in the network output ranking and could potentially be extracted, using rule-based reasoning. To this end, we introduce a novel adversarial attack methodology inspired by the K-anonymity principles, that generates adversarial examples that are not only misclassified, but their output sorted ranking spreads uniformly along K different positions. Any additional perturbation arising from the strength of the proposed objectives, is regularized by a visual similarity-based term. Experimental results denote that the proposed approach achieves the optimization goals inspired by K-anonymity with reduced perturbation as well.
DOI10.1109/MLSP52302.2021.9596565
Citation Keymygdalis_introducing_2021