Abstract
We propose a novel image transformation network for generating visually protected images for privacy-preserving deep neural networks (DNNs). The proposed transformation network is trained by using a plain image dataset so that plain images are converted into visually protected ones. Conventional perceptual encryption methods cause some accuracy degradation in image classification and are not robust enough against state-of-the-art attacks. In contrast, the proposed network not only enables us to maintain the image classification accuracy that using plain images achieves but is also strongly robust against attacks including DNN-based ones. Furthermore, there is no need to manage any security keys as the conventional methods require. In an image classification experiment, the proposed network is demonstrated to strongly protect the visual information of plain images while maintaining a high classification accuracy under the use of two typical classification networks: ResNet and VGG. In addition, it is shown that the visually protected images are robust enough against various attacks in an experiment in which we tried to restore the visual information of plain images.
Highlights
The spread of deep neural networks (DNNs) has greatly contributed to solving complex tasks for many applications [1], [2], such as computer vision, biomedical systems, and information technology
In this paper, we propose a novel transformation network for generating visually protected images for privacy-preserving DNNs under the visual information-protection strategy
Model ψ is available for plain test images, so the cloud provider can provide services to clients who do not worry about protecting visual information or cannot prepare the computing cost needed for image transformation with hθ
Summary
The spread of deep neural networks (DNNs) has greatly contributed to solving complex tasks for many applications [1], [2], such as computer vision, biomedical systems, and information technology. Ito et al.: Image to Perturbation: Image Transformation Network for Generating Visually Protected Images privacy These studies have made a great contribution to the research field of privacy-preserving machine learning. They are not robust against various attacks For such reasons, in this paper, we propose a novel transformation network for generating visually protected images for privacy-preserving DNNs under the visual information-protection strategy. It enables us to protect visual information on plain images and to maintain the performance of DNNs. In addition, the proposed framework has no security keys unlike the conventional methods because the proposed network irreversibly transforms images into visually protected ones with features used for classifying images, like a robust hashing function. Experiments on the proposed method in terms of classification accuracy and robustness are presented in Section IV, and Section V concludes this paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
