research-article

Towards compression-resistant privacy-preserving photo sharing on social networks

Authors:

Ben NiuAuthors Info & Claims

Mobihoc '20: Proceedings of the Twenty-First International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing

Pages 81 - 90

https://doi.org/10.1145/3397166.3409141

Published: 11 October 2020 Publication History

Abstract

The massive photos shared through the social networks nowadays, e.g., Facebook and Instagram, have aided malicious entities to snoop private information, especially by utilizing deep neural networks (DNNs) to learn from those personal photos. To protect photo privacy against DNNs, recent advances adopting adversarial examples could successfully fool DNNs. However, they are sensitive to those image compression methods that are commonly used on social networks to reduce transmission bandwidth or storage space. A recent work proposed to resist JPEG compression, while the compression methods adopted in social networks are black boxes, and variation of compression methods would significantly degrade the resistance.

To the best of our knowledge, this paper gives the first attempt to investigate a generic compression-resistant scheme to protect photo privacy against DNNs in the social network scenario. We propose the Compression-Resistant Adversarial framework (ComReAdv) that can achieve adversarial examples robust to an unknown compression method. To this end, we design an encoding-decoding based compression approximation model (ComModel) to approximate the unknown compression method by learning the transformation from the original-compressed pairs of images queried through the social network. In addition, we involve the pre-trained differentiable ComModel into the optimization process of adversarial example generation and adapt existing attack algorithms to generate compression-resistant adversarial examples. Extensive experimental results on different social networks demonstrate the effectiveness and superior resistance of the proposed ComReAdv to unknown compression as compared to the state-of-the-art methods.

References

[1]

Ayse Elvan Aydemir, Alptekin Temizel, and Tugba Taskaya Temizel. 2018. The effects of JPEG and JPEG2000 compression on attacks using adversarial examples. arXiv preprint arXiv:1803.10418 (2018).

[2]

François Chollet et al. 2015. Keras. https://keras.io.

[3]

Nilaksh Das, Madhuri Shanbhogue, Shang-Tse Chen, Fred Hohman, Li Chen, Michael E Kounavis, and Duen Horng Chau. 2017. Keeping the bad guys out: Protecting and vaccinating deep learning with jpeg compression. arXiv preprint arXiv:1705.02900 (2017).

[4]

Nilaksh Das, Madhuri Shanbhogue, Shang-Tse Chen, Fred Hohman, Siwei Li, Li Chen, Michael E Kounavis, and Duen Horng Chau. 2018. Shield: Fast, practical defense and vaccination for deep learning using jpeg compression. In Proc. of ACM SIGKDD. 196--204.

Digital Library

[5]

Alexandre Devaux, Nicolas Paparoditis, Frédéric Precioso, and Bertrand Cannelle. 2009. Face Blurring for Privacy in Street-level Geoviewers Combining Face, Body and Skin Detectors. In Proc. of MVA. 86--89.

[6]

Chao Dong, Chen Change Loy, Kaiming He, and Xiaoou Tang. 2015. Image super-resolution using deep convolutional networks. IEEE transactions on pattern analysis and machine intelligence 38, 2 (2015), 295--307.

[7]

Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li. 2018. Boosting adversarial attacks with momentum. In Proc. of IEEE CVPR. 9185--9193.

[8]

Gintare Karolina Dziugaite, Zoubin Ghahramani, and Daniel M Roy. 2016. A study of the effect of jpg compression on adversarial images. arXiv preprint arXiv:1608.00853 (2016).

[9]

Liyue Fan. 2018. Image pixelization with differential privacy. In Proc. of IFIP DBSec. 148--162.

[10]

Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).

[11]

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proc. of IEEE CVPR. 770--778.

[12]

Phillip Isola, Jun-Yan Zhu, Tinghui Zhou, and Alexei A Efros. 2017. Image-to-image translation with conditional adversarial networks. In Proc. of IEEE CVPR. 1125--1134.

[13]

Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).

[14]

Balachander Krishnamurthy and Craig E Wills. 2009. On the leakage of personally identifiable information via online social networks. In Proc. of ACM workshop. 7--12.

Digital Library

[15]

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Proc. of NIPS. 1097--1105.

[16]

Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016).

[17]

Bo Liu, Ming Ding, Tianqing Zhu, Yong Xiang, and Wanlei Zhou. 2018. Using Adversarial Noises to Protect Privacy in Deep Learning Era. In Proc. of IEEE GLOBECOM. 1--6.

[18]

Yujia Liu, Weiming Zhang, and Nenghai Yu. 2017. Protecting privacy in shared photos via adversarial examples based stealth. Security and Communication Networks 2017 (2017).

[19]

Douglas MacMillan and Elizabeth Dwoskin. 2014. Smile! Marketing Firms Are Mining Your Selfies. Wall Street Journal (2014).

[20]

Zuckerberg Mark et al. 2004. Facebook. https://www.facebook.com.

[21]

Richard McPherson, Reza Shokri, and Vitaly Shmatikov. 2016. Defeating image obfuscation with deep learning. arXiv preprint arXiv:1609.00408 (2016).

[22]

Wei Meng, Xinyu Xing, Anmol Sheth, Udi Weinsberg, and Wenke Lee. 2014. Your online interests: Pwned! a pollution attack against targeted advertising. In Proc. of ACM SIGSAC. 129--140.

Digital Library

[23]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In Proc. of IEEE CVPR. 2574--2582.

[24]

Dan Noyes. 2015. The top 20 valuable Facebook statistics. Zephoria, Florida, Available from: at https://zephoria.Com/social-media/top-15-valuable-facebookstatistics/ [Accessed 10 February 2015] (2015).

[25]

Augustus Odena, Vincent Dumoulin, and Chris Olah. 2016. Deconvolution and checkerboard artifacts. Distill 1, 10 (2016), e3.

[26]

Seong Joon Oh, Rodrigo Benenson, Mario Fritz, and Bernt Schiele. 2016. Faceless person recognition: Privacy implications in social media. In Proc. of ECCV. 19--35.

[27]

Seong Joon Oh, Mario Fritz, and Bernt Schiele. 2017. Adversarial image perturbation for privacy protection a game theory perspective. In Proc. of IEEE ICCV. 1491--1500.

[28]

Omkar M Parkhi, Andrea Vedaldi, Andrew Zisserman, et al. 2015. Deep face recognition. In Proc. of BMVC, Vol. 1. 6.

[29]

Richard Shin and Dawn Song. 2017. JPEG-resistant adversarial images. In Proc. of NIPS Workshop.

[30]

Yang Song, Zhifei Zhang, and Hairong Qi. 2018. r-BTN: Cross-domain Face Composite and Synthesis from Limited Facial Patches. In Proc. of AAAI.

[31]

Christian Szegedy, Alexander Toshev, and Dumitru Erhan. 2013. Deep neural networks for object detection. In Proc. of NIPS. 2553--2561.

[32]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013).

[33]

Igor Vasiljevic, Ayan Chakrabarti, and Gregory Shakhnarovich. 2016. Examining the impact of blur on recognition by convolutional networks. arXiv preprint arXiv:1611.05760 (2016).

[34]

Zhidong Wang et al. 2009. Weibo. https://www.weibo.com.

[35]

Michael J Wilber, Vitaly Shmatikov, and Serge Belongie. 2016. Can we still avoid automatic face detection. In Proc. of IEEE WACV. 1--9.

[36]

Bo Yang et al. 2005. Douban. https://www.douban.com/.

Cited By

Dey SAlshehabi Al-Ani JBourazeri ASaha SPurkait RHill SThompson J(2024)Pixelator v2: A Novel Perceptual Image Comparison Method with LAB Colour Space and Sobel Edge Detection for Enhanced Security AnalysisElectronics10.3390/electronics1322454113:22(4541)Online publication date: 19-Nov-2024
https://doi.org/10.3390/electronics13224541
Xu HWang YWang ZBa ZLiu WJin LWeng HWei TRen KLuo BLiao XXu JKirda ELie D(2024)ProFake: Detecting Deepfakes in the Wild against Quality Degradation with Progressive Quality-adaptive LearningProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690238(2207-2221)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690238
Qu ZXi ZLu WLuo XWang QLi B(2024)DF-RAP: A Robust Adversarial Perturbation for Defending Against Deepfakes in Real-World Social Network ScenariosIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337280319(3943-3957)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3372803
Show More Cited By

Index Terms

Towards compression-resistant privacy-preserving photo sharing on social networks
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections

Recommendations

Privacy-preserving social network publication against friendship attacks
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining

Due to the rich information in graph data, the technique for privacy protection in published social networks is still in its infancy, as compared to the protection in relational databases. In this paper we identify a new type of attack called a ...
Towards Privacy-Preserving Content Sharing for Online Social Networks
UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

This paper presents presents an approach to preserve privacy for content sharing in online social networks. The approach is based on the concept of friendship strengths and social ties within a friendship circle. Friends can be categorized into ...
Exploiting vulnerability to secure user privacy on a social networking site
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining

As (one's) social network expands, a user's privacy protection goes beyond his privacy settings and becomes a social networking problem. In this research, we aim to address some critical issues related to privacy protection: Would the highest privacy ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Mobihoc '20: Proceedings of the Twenty-First International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing

October 2020

384 pages

ISBN:9781450380157

DOI:10.1145/3397166

General Chairs:
Tommaso Melodia
Northeastern University
,
Eylem Ekici
The Ohio State University
,
Program Chairs:
Alhussein Abouzeid
Rensselaer Polytechnic Institute
,
Minghua Chen
City University of Hong Kong

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Natural Science of China
Ministry of Education of China
Central Universities

Conference

Mobihoc '20

Sponsor:

SIGMOBILE

Mobihoc '20: The Twenty-first ACM International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing

October 11 - 14, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 296 of 1,843 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
442
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)8

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dey SAlshehabi Al-Ani JBourazeri ASaha SPurkait RHill SThompson J(2024)Pixelator v2: A Novel Perceptual Image Comparison Method with LAB Colour Space and Sobel Edge Detection for Enhanced Security AnalysisElectronics10.3390/electronics1322454113:22(4541)Online publication date: 19-Nov-2024
https://doi.org/10.3390/electronics13224541
Xu HWang YWang ZBa ZLiu WJin LWeng HWei TRen KLuo BLiao XXu JKirda ELie D(2024)ProFake: Detecting Deepfakes in the Wild against Quality Degradation with Progressive Quality-adaptive LearningProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690238(2207-2221)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690238
Qu ZXi ZLu WLuo XWang QLi B(2024)DF-RAP: A Robust Adversarial Perturbation for Defending Against Deepfakes in Real-World Social Network ScenariosIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337280319(3943-3957)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3372803
Nie HLu SWu JZhu J(2024)Deep Model Intellectual Property Protection With Compression-Resistant Model WatermarkingIEEE Transactions on Artificial Intelligence10.1109/TAI.2024.33511165:7(3362-3373)Online publication date: Jul-2024
https://doi.org/10.1109/TAI.2024.3351116
Yin PChen WZheng JZhang YWu L(2024)Privacy Protection for Image Sharing Using Reversible Adversarial ExamplesICC 2024 - IEEE International Conference on Communications10.1109/ICC51166.2024.10623090(1170-1175)Online publication date: 9-Jun-2024
https://doi.org/10.1109/ICC51166.2024.10623090
Wen WFan JZhang YFang Y(2023)APCAS: Autonomous Privacy Control and Authentication Sharing in Social NetworksIEEE Transactions on Computational Social Systems10.1109/TCSS.2022.321888310:6(3169-3180)Online publication date: Dec-2023
https://doi.org/10.1109/TCSS.2022.3218883
Xue MWang XSun SZhang YWang JLiu W(2023)Compression-resistant backdoor attack against deep neural networksApplied Intelligence10.1007/s10489-023-04575-853:17(20402-20417)Online publication date: 12-Apr-2023
https://doi.org/10.1007/s10489-023-04575-8
Lou RLeng LWang HJin Z(2023)Adversarial Face Example Generation in AMBTC Compressed DomainBiometric Recognition10.1007/978-981-99-8565-4_20(202-211)Online publication date: 2-Dec-2023
https://doi.org/10.1007/978-981-99-8565-4_20
Wang QYe D(2023)Robust Anti-forensics on Audio Forensics SystemAdvanced Intelligent Computing Technology and Applications10.1007/978-981-99-4761-4_50(589-599)Online publication date: 31-Jul-2023
https://doi.org/10.1007/978-981-99-4761-4_50
Jiang YYan XQi JLi LLiu Y(2022)Meaningful secret image sharing resist to typical image processing of shadowsMultimedia Tools and Applications10.1007/s11042-022-12207-581:11(16097-16115)Online publication date: 2-Mar-2022
https://doi.org/10.1007/s11042-022-12207-5

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten