Cargando…
Privacy-Preserving Image Template Sharing Using Contrastive Learning
With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two differen...
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2022
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9141880/ https://www.ncbi.nlm.nih.gov/pubmed/35626528 http://dx.doi.org/10.3390/e24050643 |
_version_ | 1784715451323908096 |
---|---|
author | Rezaeifar, Shideh Voloshynovskiy, Slava Asgari Jirhandeh, Meisam Kinakh, Vitality |
author_facet | Rezaeifar, Shideh Voloshynovskiy, Slava Asgari Jirhandeh, Meisam Kinakh, Vitality |
author_sort | Rezaeifar, Shideh |
collection | PubMed |
description | With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two different training frameworks for an image classification task while preserving user data privacy against the two aforementioned attacks. In both frameworks, an encoder is trained with contrastive loss, providing a superior utility-privacy trade-off. In the reconstruction attack scenario, a supervised contrastive loss was employed to provide maximal discrimination for the targeted classification task. The encoded features are further perturbed using the obfuscator module to remove all redundant information. Moreover, the obfuscator module is jointly trained with a classifier to minimize the correlation between private feature representation and original data while retaining the model utility for the classification. For the attribute inference attack, we aim to provide a representation of data that is independent of the sensitive attribute. Therefore, the encoder is trained with supervised and private contrastive loss. Furthermore, an obfuscator module is trained in an adversarial manner to preserve the privacy of sensitive attributes while maintaining the classification performance on the target attribute. The reported results on the CelebA dataset validate the effectiveness of the proposed frameworks. |
format | Online Article Text |
id | pubmed-9141880 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2022 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-91418802022-05-28 Privacy-Preserving Image Template Sharing Using Contrastive Learning Rezaeifar, Shideh Voloshynovskiy, Slava Asgari Jirhandeh, Meisam Kinakh, Vitality Entropy (Basel) Article With the recent developments of Machine Learning as a Service (MLaaS), various privacy concerns have been raised. Having access to the user’s data, an adversary can design attacks with different objectives, namely, reconstruction or attribute inference attacks. In this paper, we propose two different training frameworks for an image classification task while preserving user data privacy against the two aforementioned attacks. In both frameworks, an encoder is trained with contrastive loss, providing a superior utility-privacy trade-off. In the reconstruction attack scenario, a supervised contrastive loss was employed to provide maximal discrimination for the targeted classification task. The encoded features are further perturbed using the obfuscator module to remove all redundant information. Moreover, the obfuscator module is jointly trained with a classifier to minimize the correlation between private feature representation and original data while retaining the model utility for the classification. For the attribute inference attack, we aim to provide a representation of data that is independent of the sensitive attribute. Therefore, the encoder is trained with supervised and private contrastive loss. Furthermore, an obfuscator module is trained in an adversarial manner to preserve the privacy of sensitive attributes while maintaining the classification performance on the target attribute. The reported results on the CelebA dataset validate the effectiveness of the proposed frameworks. MDPI 2022-05-03 /pmc/articles/PMC9141880/ /pubmed/35626528 http://dx.doi.org/10.3390/e24050643 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Rezaeifar, Shideh Voloshynovskiy, Slava Asgari Jirhandeh, Meisam Kinakh, Vitality Privacy-Preserving Image Template Sharing Using Contrastive Learning |
title | Privacy-Preserving Image Template Sharing Using Contrastive Learning |
title_full | Privacy-Preserving Image Template Sharing Using Contrastive Learning |
title_fullStr | Privacy-Preserving Image Template Sharing Using Contrastive Learning |
title_full_unstemmed | Privacy-Preserving Image Template Sharing Using Contrastive Learning |
title_short | Privacy-Preserving Image Template Sharing Using Contrastive Learning |
title_sort | privacy-preserving image template sharing using contrastive learning |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9141880/ https://www.ncbi.nlm.nih.gov/pubmed/35626528 http://dx.doi.org/10.3390/e24050643 |
work_keys_str_mv | AT rezaeifarshideh privacypreservingimagetemplatesharingusingcontrastivelearning AT voloshynovskiyslava privacypreservingimagetemplatesharingusingcontrastivelearning AT asgarijirhandehmeisam privacypreservingimagetemplatesharingusingcontrastivelearning AT kinakhvitality privacypreservingimagetemplatesharingusingcontrastivelearning |