Cargando…

Privacy-Preserving Image Template Sharing Using Contrastive Learning

With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two differen...

Descripción completa

Detalles Bibliográficos
Autores principales: Rezaeifar, Shideh, Voloshynovskiy, Slava, Asgari Jirhandeh, Meisam, Kinakh, Vitality
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2022
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9141880/
https://www.ncbi.nlm.nih.gov/pubmed/35626528
http://dx.doi.org/10.3390/e24050643
_version_ 1784715451323908096
author Rezaeifar, Shideh
Voloshynovskiy, Slava
Asgari Jirhandeh, Meisam
Kinakh, Vitality
author_facet Rezaeifar, Shideh
Voloshynovskiy, Slava
Asgari Jirhandeh, Meisam
Kinakh, Vitality
author_sort Rezaeifar, Shideh
collection PubMed
description With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two different training frameworks for an image classification task while preserving user data privacy against the two aforementioned attacks. In both frameworks, an encoder is trained with contrastive loss, providing a superior utility-privacy trade-off. In the reconstruction attack scenario, a supervised contrastive loss was employed to provide maximal discrimination for the targeted classification task. The encoded features are further perturbed using the obfuscator module to remove all redundant information. Moreover, the obfuscator module is jointly trained with a classifier to minimize the correlation between private feature representation and original data while retaining the model utility for the classification. For the attribute inference attack, we aim to provide a representation of data that is independent of the sensitive attribute. Therefore, the encoder is trained with supervised and private contrastive loss. Furthermore, an obfuscator module is trained in an adversarial manner to preserve the privacy of sensitive attributes while maintaining the classification performance on the target attribute. The reported results on the CelebA dataset validate the effectiveness of the proposed frameworks.
format Online
Article
Text
id pubmed-9141880
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-91418802022-05-28 Privacy-Preserving Image Template Sharing Using Contrastive Learning Rezaeifar, Shideh Voloshynovskiy, Slava Asgari Jirhandeh, Meisam Kinakh, Vitality Entropy (Basel) Article With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two different training frameworks for an image classification task while preserving user data privacy against the two aforementioned attacks. In both frameworks, an encoder is trained with contrastive loss, providing a superior utility-privacy trade-off. In the reconstruction attack scenario, a supervised contrastive loss was employed to provide maximal discrimination for the targeted classification task. The encoded features are further perturbed using the obfuscator module to remove all redundant information. Moreover, the obfuscator module is jointly trained with a classifier to minimize the correlation between private feature representation and original data while retaining the model utility for the classification. For the attribute inference attack, we aim to provide a representation of data that is independent of the sensitive attribute. Therefore, the encoder is trained with supervised and private contrastive loss. Furthermore, an obfuscator module is trained in an adversarial manner to preserve the privacy of sensitive attributes while maintaining the classification performance on the target attribute. The reported results on the CelebA dataset validate the effectiveness of the proposed frameworks. MDPI 2022-05-03 /pmc/articles/PMC9141880/ /pubmed/35626528 http://dx.doi.org/10.3390/e24050643 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Rezaeifar, Shideh
Voloshynovskiy, Slava
Asgari Jirhandeh, Meisam
Kinakh, Vitality
Privacy-Preserving Image Template Sharing Using Contrastive Learning
title Privacy-Preserving Image Template Sharing Using Contrastive Learning
title_full Privacy-Preserving Image Template Sharing Using Contrastive Learning
title_fullStr Privacy-Preserving Image Template Sharing Using Contrastive Learning
title_full_unstemmed Privacy-Preserving Image Template Sharing Using Contrastive Learning
title_short Privacy-Preserving Image Template Sharing Using Contrastive Learning
title_sort privacy-preserving image template sharing using contrastive learning
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9141880/
https://www.ncbi.nlm.nih.gov/pubmed/35626528
http://dx.doi.org/10.3390/e24050643
work_keys_str_mv AT rezaeifarshideh privacypreservingimagetemplatesharingusingcontrastivelearning
AT voloshynovskiyslava privacypreservingimagetemplatesharingusingcontrastivelearning
AT asgarijirhandehmeisam privacypreservingimagetemplatesharingusingcontrastivelearning
AT kinakhvitality privacypreservingimagetemplatesharingusingcontrastivelearning