Please use this identifier to cite or link to this item:
Title: A framework for evaluating image obfuscation under deep learning-assisted privacy attacks
Authors: Tekli, Jimmy
Al Bouna, Bechara
Tekli, Gilbert 
Couturier, Raphaël
Affiliations: Department of Mechatronics Engineering 
Keywords: Adversary model
Background knowledge
Deep learning-assisted attacks
Face obfuscation
Image transformation
Privacy-preserving techniques
Issue Date: 2023-04-11
Publisher: Springer nature
Part of: Multimedia Tools and Applications
Volume: 82
Start page: 42173
End page: 42205
Image obfuscation techniques (e.g., pixelation, blurring and masking,..) have been developed to protect sensitive information in images (e.g. individuals’ faces). In a previous work, we designed a recommendation framework that evaluates the robustness of image obfuscation techniques and recommends the most resilient obfuscation against Deep-Learning assisted attacks. In this paper, we extend the framework due to two main reasons. First, to the best of our knowledge there is not a standardized evaluation methodology nor a defined model for adversaries when evaluating the robustness of image obfuscation and more specifically face obfuscation techniques. Therefore, we adapt a three-components adversary model (goal, knowledge and capabilities) to our application domain (i.e., facial features obfuscations) and embed it in our framework. Second, considering several attacking scenarios is vital when evaluating the robustness of image obfuscation techniques. Hence, we define three threat levels and explore new aspects of an adversary and its capabilities by extending the background knowledge to include the obfuscation technique along with its hyper-parameters and the identities of the target individuals. We conduct three sets of experiments on a publicly available celebrity faces dataset. Throughout the first experiment, we implement and evaluate the recommendation framework by considering four adversaries attacking obfuscation techniques (e.g. pixelating, Gaussian/motion blur and masking) via restoration-based attacks. Throughout the second and third experiments, we demonstrate how the adversary’s attacking capabilities (recognition-based and Restoration & Recognition-based attacks) scale with its background knowledge and how it increases the potential risk of breaching the identities of blurred faces.
ISSN: 13807501
DOI: 10.1007/s11042-023-14664-y
Open URL: Link to full text
Type: Journal Article
Appears in Collections:Department of Mechatronics Engineering

Show full item record


checked on Jun 15, 2024

Record view(s)

checked on Jun 20, 2024

Google ScholarTM


Dimensions Altmetric

Dimensions Altmetric

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.