Mitigating Cross-modal Retrieval Violations with Privacy-preserving Backdoor Learning

Deep cross-modal retrieval, with its effective and efficient search capabilities, has gained widespread adoption in today's media-sharing practices yet raises concerns regarding potential threats to user data privacy. The cutting-edge data-centric countermeasures usually adopt adversarial learn...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on circuits and systems for video technology 2024-11, p.1-1
Main Authors: Liu, Qiang, Qiu, Yanlong, Zhou, Tongqing, Xu, Ming, Qin, Jiaohua, Ma, Wentao, Zhang, Fan, Cai, Zhiping
Format: Article
Language:English
Subjects:
backdoor learning
Circuits and systems
cross-modal retrieval
Data privacy
Generators
Perturbation methods
poisoned data
Privacy
privacy-preserving
Protection
Social networking (online)
Symbols
Training
Visualization
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Deep cross-modal retrieval, with its effective and efficient search capabilities, has gained widespread adoption in today's media-sharing practices yet raises concerns regarding potential threats to user data privacy. The cutting-edge data-centric countermeasures usually adopt adversarial learning, i.e., laboriously crafting the proper perturbation for each image, resulting in the noticeable noise in adversarial examples that greatly undermines the aesthetic appeal of image sharing. To address this issue, we propose a novel Model-centric Cross-modal Privacy-preserving framework (MCP), wherein the pre-defined invisible backdoor is seamlessly integrated into the global retrieval model via backdoor learning, thereby effectively preventing shared images containing such triggers from being retrieved. Specifically, we introduce a simple yet effective cross-modal backdoor learning algorithm that alternately optimizes two losses: 1) a privacy-preserving loss for perturbing retrieval with a user-injected trigger and 2) the standard utility loss for maintaining normal retrieval performance. Compared to state-of-the-art methods, MCP excels in providing excellent stealthiness, manifesting in a notable improvement of approximately 100% in SSIM metrics. Furthermore, it achieves an outstanding privacy-preserving (backdoor) success rate, as evidenced by a substantial mAP reduction of 22.3% (for FashionVC), 11.5% (for NUS-WIDE), and 21.8% (for MIRFlickr-25K) in poisoned retrieval, while maintaining similar normal retrieval performance. Additionally, MCP exhibits robust resistance against potential black-box defenses (e.g., trigger filtering) and white-box defenses (e.g., fine-tuning and model pruning). The code and data are available at https://github.com/lqsunshine/MCP.
ISSN:1051-8215
1558-2205
DOI:10.1109/TCSVT.2024.3489886