Model Inversion Attack by Integration of Deep Generative Models: Privacy-Sensitive Face Generation From a Face Recognition System

Cybersecurity in front of attacks to a face recognition system is an emerging issue in the cloud era, especially due to its strong bonds with the privacy of the users registered to the system. A possible attack is the model inversion attack (MIA) which aims to reveal the identity of a targeted user...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information forensics and security 2022, Vol.17, p.357-372
Main Authors: Khosravy, Mahdi, Nakamura, Kazuaki, Hirose, Yuki, Nitta, Naoko, Babaguchi, Noboru
Format: Article
Language:English
Subjects:
Bonding strength
Cloning
Convolutional neural networks
Criteria
Cybersecurity
Data models
deep generative model
deep learning
Face recognition
face recognition system
Facial recognition technology
Image recognition
Machine learning
Mathematical models
Media clone
model inversion attack
Parameters
Privacy
Search methods
Target recognition
Vectors (mathematics)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cybersecurity in front of attacks to a face recognition system is an emerging issue in the cloud era, especially due to its strong bonds with the privacy of the users registered to the system. A possible attack is the model inversion attack (MIA) which aims to reveal the identity of a targeted user by generating the most proper datapoint input to the system with maximum corresponding confidence score at the output. The generated data of a registered user can be maliciously used as a serious invasion of the user privacy. In literature, MIA processes are categorized into white-box and black-box scenarios which are respectively with and without information about the system structure, parameters, and partially about the users. This research work assumes the MIA under semi-white box scenario of availability of system model structure and parameters but not any user data information, and verifies it as a severe threat even for a deep-learning-based face recognition system despite its complex structure and the diversity of registered user data. The alert state is promoted by Deep MIA which is the integration of deep generative models in MIA, and \alpha -GAN integrated MIA-initilized by a face based seed ( \alpha -GAN-MIA-FS) is proposed. As a novel MIA search strategy, a pre-trained deep generative model with capability of generating a face image from a random feature vector is used for narrowing down the image search space to the feature vectors space, which has much lower dimensions. This allows the MIA process to efficiently search for a low-dimensional feature vector whose corresponding face image maximizes the confidence score. We have experimentally evaluated the proposed method by two objective criteria and three subjective criteria in comparison to \alpha -GAN-integrated MIA initialized with a random seed ( \alpha -GAN-MIA-RS), DCGAN-integrated MIA (DCGAN-MIA), and the conventional MIA. The evaluation results approve the efficiency and superiority of the proposed technique in generating natural looking face clones with high recognizability as the targeted users.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2022.3140687