A framework for evaluating image obfuscation under deep learning-assisted privacy attacks

Abstract

Image obfuscation techniques (e.g., pixelation, blurring and masking,..) have been developed to protect sensitive information in images (e.g. individuals’ faces). In a previous work, we designed a recommendation framework that evaluates the robustness of image obfuscation techniques and recommends the most resilient obfuscation against Deep-Learning assisted attacks. In this paper, we extend the framework due to two main reasons. First, to the best of our knowledge there is not a standardized evaluation methodology nor a defined model for adversaries when evaluating the robustness of image obfuscation and more specifically face obfuscation techniques. Therefore, we adapt a three-components adversary model (goal, knowledge and capabilities) to our application domain (i.e., facial features obfuscations) and embed it in our framework. Second, considering several attacking scenarios is vital when evaluating the robustness of image obfuscation techniques. Hence, we define three threat levels and explore new aspects of an adversary and its capabilities by extending the background knowledge to include the obfuscation technique along with its hyper-parameters and the identities of the target individuals. We conduct three sets of experiments on a publicly available celebrity faces dataset. Throughout the first experiment, we implement and evaluate the recommendation framework by considering four adversaries attacking obfuscation techniques (e.g. pixelating, Gaussian/motion blur and masking) via restoration-based attacks. Throughout the second and third experiments, we demonstrate how the adversary’s attacking capabilities (recognition-based and Restoration & Recognition-based attacks) scale with its background knowledge and how it increases the potential risk of breaching the identities of blurred faces.