| Paper ID | B-2-3.6 |
| Paper Title |
Deep Face Recognizer Privacy Attack: Model Inversion Initialization by a Deep Generative Adversarial Data Space Discriminator |
| Authors |
Mahdi Khosravy, Kazuki Nakamura, Naoko Nitta, Noboru Babaguchi, Osaka University, Japan |
| Session |
B-2-3: Deep Generative Models for Media Clones and Its Detection |
| Time | Wednesday, 09 December, 17:15 - 19:15 |
| Presentation Time: | Wednesday, 09 December, 18:30 - 18:45 Check your Time Zone |
|
All times are in New Zealand Time (UTC +13) |
| Topic |
Multimedia Security and Forensics (MSF): Special Session: Deep Generative Models for Media Clones and Its Detection |
| Abstract |
A variety of Machine Learning (ML) applications involve data of privacy-sensitive content. Face recognizer is one of them which due to training by user identities face images, it is inherent to user face image as a critical biometric data. A face recognition system can be subject to privacy attacks even though it deploys a complex model structure like a deep-learning-based one. Because as the ML models advance to carry more complexity in structure and parameters, the privacy attack trends develop too. Model Inversion Attack (MIA) pioneered by Fredrikson et al [1] was applied on a shallow neural network of face recognizer, and its capability of privacy leakage was approved. Their work was on a white-box scenario wherein besides the model structure, the privacy-non-sensitive data of the users are partially available and used by the attacker for generation and leakage of the user identity face images. The present work improves the extension of MIA to deep learning models of face recognizers while performing without any data of the users. Despite the complexity of the deep models as an obstacle, this work improves the capability of MIA in this matter. To aim this goal, it initializes its training procedure by a seed image approved by a GAN-trained discriminator of face image data-space via its output probability value. In targeting two users' identities by MIA, the proposed technique approves its efficiency on a deep face recognition system. The recognition rates of the images generated by MIA associated with GAN data-space discriminator (GAN-DD) are higher than sole MIA and demonstrate efficiency improvement of deep MIA. |