Adaptive Hybrid Masking Strategy for Privacy-Preserving Face Recognition Against Model Inversion Attack

arXiv:2403.10558v1 Announce Type: cross
Abstract: The utilization of personal sensitive data in training face recognition (FR) models poses significant privacy concerns, as adversaries can employ model inversion attacks (MIA) to infer the original training data. Existing defense methods, such as data augmentation and differential privacy, have been employed to mitigate this issue. However, these methods often fail to strike an optimal balance between privacy and accuracy. To address this limitation, this paper introduces an adaptive hybrid masking algorithm against MIA. …

adversaries arxiv attack attacks augmentation can cs.cr cs.cv cs.lg data defense differential privacy face recognition hybrid masking personal privacy privacy concerns recognition sensitive sensitive data strategy training training data