Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
143 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Deep Privacy Funnel Model: From a Discriminative to a Generative Approach with an Application to Face Recognition (2404.02696v1)

Published 3 Apr 2024 in cs.LG

Abstract: In this study, we apply the information-theoretic Privacy Funnel (PF) model to the domain of face recognition, developing a novel method for privacy-preserving representation learning within an end-to-end training framework. Our approach addresses the trade-off between obfuscation and utility in data protection, quantified through logarithmic loss, also known as self-information loss. This research provides a foundational exploration into the integration of information-theoretic privacy principles with representation learning, focusing specifically on the face recognition systems. We particularly highlight the adaptability of our framework with recent advancements in face recognition networks, such as AdaFace and ArcFace. In addition, we introduce the Generative Privacy Funnel ($\mathsf{GenPF}$) model, a paradigm that extends beyond the traditional scope of the PF model, referred to as the Discriminative Privacy Funnel ($\mathsf{DisPF}$). This $\mathsf{GenPF}$ model brings new perspectives on data generation methods with estimation-theoretic and information-theoretic privacy guarantees. Complementing these developments, we also present the deep variational PF (DVPF) model. This model proposes a tractable variational bound for measuring information leakage, enhancing the understanding of privacy preservation challenges in deep representation learning. The DVPF model, associated with both $\mathsf{DisPF}$ and $\mathsf{GenPF}$ models, sheds light on connections with various generative models such as Variational Autoencoders (VAEs), Generative Adversarial Networks (GANs), and Diffusion models. Complementing our theoretical contributions, we release a reproducible PyTorch package, facilitating further exploration and application of these privacy-preserving methodologies in face recognition systems.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (269)
  1. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 308–318, 2016.
  2. Biometric template attacks and recent protection mechanisms: A survey. Information Fusion, 103:102144, 2024.
  3. A review of state-of-the-art in face presentation attack detection: From early development to advanced deep learning and multi-modal fusion methods. Information fusion, 75:55–69, 2021.
  4. Privacy-preserving data mining. In Proceedings of the 2000 ACM SIGMOD international conference on Management of data, pages 439–450, 2000.
  5. Deep variational information bottleneck. arXiv preprint arXiv:1612.00410, 2016.
  6. A general class of coefficients of divergence of one distribution from another. Journal of the Royal Statistical Society: Series B (Methodological), 28(1):131–142, 1966.
  7. Genattack: Practical black-box attacks with gradient-free optimization. In Proceedings of the genetic and evolutionary computation conference, pages 1111–1119, 2019.
  8. Learning representations for neural network-based classification using the information bottleneck principle. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2019.
  9. Openface: A general-purpose face recognition library with mobile applications. Technical report, CMU-CS-16-118, CMU School of Computer Science, 2016.
  10. Suguru Arimoto. Information measures and capacity of order α𝛼\alphaitalic_α for discrete memoryless channels. Topics in Information Theory, 16:41–52, 1977.
  11. Bottleneck problems: An information and estimation-theoretic view. Entropy, 22(11):1325, 2020.
  12. Notes on information-theoretic privacy. In 52nd Annual Allerton Conference on Communication, Control, and Computing, pages 1272–1278. IEEE, 2014.
  13. Information extraction under privacy constraints. Information, 7(1):15, 2016.
  14. Estimation efficiency under privacy constraints. IEEE Transactions on Information Theory, 65(3):1512–1534, 2018.
  15. Local differential privacy is equivalent to contraction of an f𝑓fitalic_f-divergence. In 2021 IEEE International Symposium on Information Theory (ISIT), pages 545–550. IEEE, 2021.
  16. Variational leakage: The role of information complexity in privacy leakage. In 3rd ACM Workshop on Wireless Security and Machine Learning, pages 91–96, 2021.
  17. Privacy in epigenetics: Temporal linkability of {{\{{MicroRNA}}\}} expression profiles. In 25th USENIX security symposium (USENIX Security 16), pages 1223–1240, 2016.
  18. Explaining a black-box using deep variational information bottleneck approach. arXiv preprint arXiv:1902.06918, 2019.
  19. On privacy-utility tradeoffs for constrained data release mechanisms. In Information Theory and Applications Workshop (ITA), pages 1–6. IEEE, 2016.
  20. Fast and accurate likelihood ratio-based biometric verification secure against malicious adversaries. IEEE transactions on information forensics and security, 16:5045–5060, 2021.
  21. {{\{{CSI}}\}}{{\{{NN}}\}}: Reverse engineering of neural network architectures through electromagnetic side channel. In 28th USENIX Security Symposium (USENIX Security 19), pages 515–532, 2019.
  22. A survey on privacy in social media: Identification, mitigation, and applications. ACM Transactions on Data Science, 1(1):1–38, 2020.
  23. Mutual information neural estimation. In International conference on machine learning, pages 531–540. PMLR, 2018.
  24. Practical black-box attacks on deep neural networks using efficient query mechanisms. In Proceedings of the European conference on computer vision (ECCV), pages 154–169, 2018.
  25. Protection against reconstruction and its applications in private federated learning. arXiv preprint arXiv:1812.00984, 2018.
  26. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389, 2012.
  27. Adversarial biometric recognition: A review on biometric system security from the adversarial machine-learning perspective. IEEE Signal Processing Magazine, 32(5):31–41, 2015.
  28. Pattern recognition and machine learning, volume 4. Springer, 2006.
  29. An overview of information-theoretic security and privacy: Metrics, limits and applications. IEEE Journal on Selected Areas in Information Theory, 2(1):5–22, 2021.
  30. Architectural backdoors in neural networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 24595–24604, 2023.
  31. Vishnu Naresh Boddeti. Secure face matching using fully homomorphic encryption. In 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS), pages 1–10. IEEE, 2018.
  32. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer security, 11(3):431–448, 2003.
  33. Poisoning web-scale training datasets is practical. arXiv preprint arXiv:2302.10149, 2023.
  34. Exploring connections between active learning and model extraction. In 29th USENIX Security Symposium (USENIX Security 20), pages 1309–1326, 2020.
  35. David Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030–1044, 1985.
  36. David L Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84–90, 1981.
  37. Advdiffuser: Natural adversarial example synthesis with diffusion models. In Proceedings of the IEEE/CVF International Conference on Computer Vision, pages 4562–4572, 2023.
  38. Secure multiparty computation. Cambridge University Press, 2015.
  39. Imre Csiszár. Information-type measures of difference of probability distributions and indirect observation. studia scientiarum Mathematicarum Hungarica, 2:229–318, 1967.
  40. Information theory and statistics: A tutorial. Foundations and Trends® in Communications and Information Theory, 1(4):417–528, 2004.
  41. Funck: Information funnels and bottlenecks for invariant representation learning. arXiv preprint arXiv:2211.01446, 2022.
  42. Arcface: Additive angular margin loss for deep face recognition. In IEEE/CVF CVPR, 2019a. doi:10.1109/CVPR.2019.00482.
  43. Lightweight face recognition challenge. In IEEE/CVF ICCV Workshops, 2019b.
  44. On the robustness of information-theoretic privacy measures and mechanisms. IEEE Transactions on Information Theory, 66(4):1949–1978, 2019.
  45. New directions in cryptography. IEEE Transactions on Information Theory, 1976.
  46. Ni Ding and Parastoo Sadeghi. A submodularity-based clustering algorithm for the information bottleneck and privacy funnel. In IEEE Information Theory Workshop (ITW), pages 1–5. IEEE, 2019.
  47. Asymptotic evaluation of certain markov process expectations for large time. iv. Communications on pure and applied mathematics, 36(2):183–212, 1983.
  48. Secure multi-party computation problems and their applications: a review and open problems. In Proceedings of the 2001 workshop on New security paradigms, pages 13–22, 2001.
  49. John Duchi. Lecture notes for statistics 311/electrical engineering 377. URL: https://stanford. edu/class/stats311/Lectures/full notes., 2, 2016.
  50. Local privacy, data processing inequalities, and statistical minimax rates. arXiv preprint arXiv:1302.3203, 2013a.
  51. Local privacy and statistical minimax rates. In 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, pages 429–438. IEEE, 2013b.
  52. Privacy aware learning. Journal of the ACM (JACM), 61(6):1–57, 2014.
  53. Minimax optimal procedures for locally private estimation. Journal of the American Statistical Association, 113(521):182–201, 2018.
  54. Robert L Dunne. Deterring unauthorized access to computers: Controlling behavior in cyberspace through a contract law paradigm. Jurimetrics J., 35:1, 1994.
  55. Improved residual networks for image and video recognition. In 25th International Conference on Pattern Recognition (ICPR), pages 9415–9422. IEEE, 2021.
  56. A decentralized privacy-preserving healthcare blockchain for iot. Sensors, 19(2):326, 2019.
  57. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology-EUROCRYPT 2006: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, May 28-June 1, 2006. Proceedings 25, pages 486–503. Springer, 2006a.
  58. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, pages 265–284. Springer, 2006b.
  59. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4):211–407, 2014.
  60. Exposed! a survey of attacks on private data. Annual Review of Statistics and Its Application, 4:61–84, 2017.
  61. Censoring representations with an adversary. In International Conference on Learning Representation (ICLR), 2016.
  62. Social media and political participation: are facebook, twitter and youtube democratizing our political systems? In Electronic Participation: Third IFIP WG 8.5 International Conference, ePart 2011, Delft, The Netherlands, August 29–September 1, 2011. Proceedings 3, pages 25–35. Springer, 2011.
  63. A systematic review of re-identification attacks on health data. PloS one, 6(12):e28071, 2011.
  64. Limiting privacy breaches in privacy preserving data mining. In 22th ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 211–222. ACM, 2003.
  65. Learning robust representations via multi-view information bottleneck. International Conference on Learning Representations (ICLR), 2020.
  66. Privacy-preserving image sharing via sparsifying layers on convolutional groups. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2797–2801. IEEE, 2020.
  67. Zero knowledge proofs of identity. In Proceedings of the nineteenth annual ACM symposium on Theory of computing, pages 210–217, 1987.
  68. Ian Fischer. The conditional entropy bottleneck. arXiv preprint arXiv:2002.05379, 2020.
  69. On the vulnerability of face verification systems to hill-climbing attacks. Pattern Recognition, 43(3):1027–1038, 2010.
  70. The information bottleneck problem and its applications in machine learning. IEEE Journal on Selected Areas in Information Theory, 2020.
  71. Oded Goldreich. Secure multi-party computation. Manuscript. Preliminary version, 78(110), 1998.
  72. Definitions and properties of zero-knowledge proof systems. Journal of Cryptology, 7(1):1–32, 1994.
  73. Jointly de-biasing face recognition and demographic attribute estimation. In Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XXIX 16, pages 330–347. Springer, 2020.
  74. Digital footprints: Predicting personality from temporal patterns of technology use. In Proceedings of the 2017 acm international joint conference on pervasive and ubiquitous computing and proceedings of the 2017 acm international symposium on wearable computers, pages 41–44, 2017.
  75. Erico Marui Guizzo. The essential message: Claude Shannon and the making of information theory. PhD thesis, Massachusetts Institute of Technology, 2003.
  76. Simple black-box adversarial attacks. In International Conference on Machine Learning, pages 2484–2493. PMLR, 2019.
  77. Practical poisoning attacks on neural networks. In Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XXVII 16, pages 142–158. Springer, 2020.
  78. Information bottleneck and its applications in deep learning. Algorithms, 3(4):5, 2019.
  79. Sample complexity of classification with compressed input. Neurocomputing, 2020.
  80. Biometric template protection for neural-network-based face recognition systems: A survey of methods and evaluation techniques. IEEE Transactions on Information Forensics and Security, 18:639–666, 2022.
  81. Jihun Hamm. Enhancing utility and privacy with noisy minimax filters. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 6389–6393. IEEE, 2017.
  82. Deep residual learning for image recognition. In IEEE CVPR, 2016. doi:10.1109/CVPR.2016.90.
  83. Martin Hellman. New directions in cryptography. IEEE transactions on Information Theory, 22(6):644–654, 1976.
  84. Martin Hellman. An extension of the shannon theory approach to cryptography. IEEE Transactions on Information Theory, 23(3):289–294, 1977.
  85. Re-identification attacks—a systematic literature review. International Journal of Information Management, 36(6):1184–1192, 2016.
  86. Mobilenets: Efficient convolutional neural networks for mobile vision applications. arXiv preprint arXiv:1704.04861, 2017.
  87. Information-theoretic privacy watchdogs. In IEEE International Symposium on Information Theory (ISIT). IEEE, 2019.
  88. Obfuscation via information density estimation. In International Conference on Artificial Intelligence and Statistics (AISTATS), pages 906–917. PMLR, 2020.
  89. A survey on statistical, information, and estimation—theoretic views on privacy. IEEE BITS the Information Theory Magazine, 1(1):45–56, 2021.
  90. Information competing process for learning diversified representations. In Advances in Neural Information Processing Systems, pages 2175–2186, 2019.
  91. M 44{}^{4}start_FLOATSUPERSCRIPT 4 end_FLOATSUPERSCRIPT i: Multi-modal models membership inference. Advances in Neural Information Processing Systems, 35:1867–1882, 2022.
  92. Context-aware generative adversarial privacy. Entropy, 19(12):656, 2017.
  93. Generative adversarial privacy. arXiv preprint arXiv:1807.05306, 2018.
  94. Labeled faces in the wild: A database forstudying face recognition in unconstrained environments. In Workshop on faces in’Real-Life’Images: detection, alignment, and recognition, 2008.
  95. An efficient difference-of-convex solver for privacy funnel. arXiv preprint arXiv:2403.04778, 2024.
  96. Black-box adversarial attacks with limited queries and information. In International conference on machine learning, pages 2137–2146. PMLR, 2018.
  97. ISO/IEC 24745:2022(E). ISO/IEC 24745: 2022(E) Information technologyy, cybersecurity and privacy protection – Biometric Information Protection, Feb 2022. URL https://www.iso.org/standard/75302.html.
  98. An operational approach to information leakage. IEEE Transactions on Information Theory, 66(3):1625–1657, 2019.
  99. An introduction to statistical learning, volume 112. Springer, 2013.
  100. Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11):2245–2255, 2004.
  101. Ranking-based locality sensitive hashing-enabled cancelable biometrics: Index-of-max hashing. IEEE Transactions on Information Forensics and Security, 13(2):393–407, 2017.
  102. A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2):237–257, 2006.
  103. A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security, pages 28–36, 1999.
  104. {{\{{GAZELLE}}\}}: A low latency framework for secure neural network inference. In 27th USENIX Security Symposium (USENIX Security 18), pages 1651–1669, 2018.
  105. Advances and open problems in federated learning. Foundations and Trends® in Machine Learning, 14(1–2):1–210, 2021.
  106. Secure, privacy-preserving and federated machine learning in medical imaging. Nature Machine Intelligence, 2(6):305–311, 2020.
  107. On information-theoretic privacy with general distortion cost functions. In IEEE International Symposium on Information Theory (ISIT), pages 2865–2869. IEEE, 2017.
  108. Temporal privacy in wireless sensor networks: Theory and practice. ACM Transactions on Sensor Networks (TOSN), 5(4):1–24, 2009.
  109. Leonid Kantorovich. On the transfer of masses (in russian). In Doklady Akademii Nauk, volume 37, pages 227––229, 1942.
  110. Fairface: Face attribute dataset for balanced race, gender, and age for bias measurement and mitigation. In IEEE/CVF Winter Conference on Applications of Computer Vision, 2021.
  111. Marcel Keller. Mp-spdz: A versatile framework for multi-party computation. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, pages 1575–1590, 2020.
  112. A rigorous and customizable framework for privacy. In 31st ACM SIGMOD-SIGACT-SIGAI symposium on Principles of Database Systems, pages 77–88. ACM, 2012.
  113. Joe Kilian. A note on efficient zero-knowledge proofs and arguments. In Proceedings of the twenty-fourth annual ACM symposium on Theory of computing, pages 723–732, 1992.
  114. Adaface: Quality adaptive margin for face recognition. In IEEE/CVF CVPR, 2022.
  115. Auto-encoding variational bayes. In International Conference on Learning Representations (ICLR), 2014.
  116. Unpacking information bottlenecks: Unifying information-theoretic objectives in deep learning. arXiv preprint arXiv:2003.12537, 2020.
  117. Countering adversarial attacks on autonomous vehicles using denoising techniques: A review. IEEE Open Journal of Intelligent Transportation Systems, 3:61–80, 2022.
  118. Crypten: Secure multi-party computation meets machine learning. Advances in Neural Information Processing Systems, 34:4961–4973, 2021.
  119. Caveats for information bottleneck in deterministic scenarios. In International Conference on Learning Representations (ICLR), 2019.
  120. An operational approach to information leakage via generalized gain functions. IEEE Transactions on Information Theory, 2023.
  121. Fader networks: Manipulating images by sliding attributes. In Advances in Neural Information Processing Systems, pages 5963–5972, 2017.
  122. Person re-identification by attributes. In Bmvc, volume 2, page 8, 2012.
  123. Privacy-preserving facial recognition based on temporal features. Applied Soft Computing, 96:106662, 2020.
  124. t-closeness: Privacy beyond k-anonymity and l-diversity. In IEEE 23rd International Conference on Data Engineering (ICDE), pages 106–115. IEEE, 2007.
  125. Prism: Real-time privacy protection against temporal network traffic analyzers. IEEE Transactions on Information Forensics and Security, 2023.
  126. Discover and mitigate unknown biases with debiasing alternate networks. In European Conference on Computer Vision, pages 270–288. Springer, 2022.
  127. Privacy under hard distortion constraints. In IEEE Information Theory Workshop (ITW), pages 1–5. IEEE, 2018.
  128. Tunable measures for information leakage and applications to privacy-utility tradeoffs. IEEE Transactions on Information Theory, 65(12):8043–8066, 2019.
  129. Face anti-spoofing via adversarial cross-modality translation. IEEE Transactions on Information Forensics and Security, 16:2759–2772, 2021.
  130. Sphereface: Deep hypersphere embedding for face recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 212–220, 2017.
  131. Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770, 2016.
  132. David G Lowe. Object recognition from local scale-invariant features. In 7th IEEE international conference on computer vision, volume 2, pages 1150–1157. IEEE, 1999.
  133. Denoising and copy attacks resilient watermarking by exploiting prior knowledge at detector. IEEE Transactions on Image Processing, 11(3):280–292, 2002.
  134. Laurens van der Maaten and Geoffrey Hinton. Visualizing data using t-sne. Journal of machine learning research, 9(Nov):2579–2605, 2008.
  135. l-diversity: Privacy beyond k-anonymity. In Data Engineering, 2006. ICDE’06. Proceedings of the 22nd International Conference on, pages 24–24. IEEE, 2006.
  136. Privacy: Theory meets practice on the map. In 2008 IEEE 24th international conference on data engineering, pages 277–286. IEEE, 2008.
  137. Secureface: Face template protection. IEEE Transactions on Information Forensics and security, 16:262–277, 2020.
  138. Analyzing the security mechanisms to prevent unauthorized access in cloud and network security. Journal of Computational and Theoretical Nanoscience, 15(6-7):2059–2063, 2018.
  139. Privacy-utility tradeoff under statistical uncertainty. In 51st Annual Allerton Conference on Communication, Control, and Computing, pages 1627–1634. IEEE, 2013.
  140. From the information bottleneck to the privacy funnel. In IEEE Information Theory Workshop (ITW), pages 501–505. IEEE, 2014.
  141. Handbook of Biometric Anti-Spoofing: Presentation Attack Detection and Vulnerability Assessment. Springer, 2023.
  142. Iarpa janus benchmark - c: Face dataset and protocol. In International Conference on Biometrics (ICB), pages 158–165, 2018. doi:10.1109/ICB2018.2018.00033.
  143. Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics, pages 1273–1282. PMLR, 2017.
  144. Multi-ive: Privacy enhancement of multiple soft-biometrics in face embeddings. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, pages 323–331, 2023.
  145. Privacy-preserving data mining: methods, metrics, and applications. IEEE Access, 5:10562–10582, 2017.
  146. Secure computation. Springer, 1992.
  147. Information sensitivity typology: Mapping the degree and type of risk consumers perceive in personal data sharing. Journal of Consumer Affairs, 51(1):133–161, 2017.
  148. Ilya Mironov. Rényi differential privacy. In 2017 IEEE 30th computer security foundations symposium (CSF), pages 263–275. IEEE, 2017.
  149. Sok: machine learning with confidential computing. arXiv preprint arXiv:2208.10134, 2022.
  150. Ishaq Azhar Mohammed. Analysis of identity and access management alternatives for a multinational information-sharing environment. INTERNATIONAL JOURNAL OF ADVANCED AND INNOVATIVE RESEARCH, 1(8):1–7, 2012.
  151. Aby3: A mixed protocol framework for machine learning. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pages 35–52, 2018.
  152. Gaspar Monge. Mémoire sur la théorie des déblais et des remblais. Histoire de l’Académie Royale des Sciences de Paris, avec les Mémoires de Mathématique et de Physique pour la même année, pages 666–704, 1781.
  153. Sensitivenets: Learning agnostic representations with application to face images. IEEE Transactions on Pattern Analysis and Machine Intelligence, 43(6):2158–2164, 2020.
  154. Know your enemy: the risk of unauthorized access in smartphones by insiders. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services, pages 271–280, 2013.
  155. Biometric template protection: Bridging the performance gap between theory and practice. IEEE Signal Processing Magazine, 32(5):88–100, 2015.
  156. Robust de-anonymization of large sparse datasets. In 2008 IEEE Symposium on Security and Privacy (sp 2008), pages 111–125. IEEE, 2008.
  157. Descent-to-delete: Gradient-based methods for machine unlearning. In Algorithmic Learning Theory, pages 931–962. PMLR, 2021.
  158. Estimating divergence functionals and the likelihood ratio by convex risk minimization. IEEE Transactions on Information Theory, 56(11):5847–5861, 2010.
  159. Towards a visual privacy advisor: Understanding and predicting privacy risks in images. In Proceedings of the IEEE international conference on computer vision, pages 3686–3695, 2017.
  160. Security and privacy for artificial intelligence: Opportunities and challenges. arXiv preprint arXiv:2102.04661, 2021.
  161. Deep private-feature extraction. IEEE Transactions on Knowledge and Data Engineering, 32(1):54–66, 2018.
  162. Is social media bad for mental health and wellbeing? exploring the perspectives of adolescents. Clinical child psychology and psychiatry, 23(4):601–613, 2018.
  163. Flavio P. Calmon. Information-theoretic metrics for security and privacy. PhD thesis, Massachusetts Institute of Technology, Department of Electrical Engineering …, 2015.
  164. Privacy against statistical inference. In 50th Annual Allerton Conference on Communication, Control, and Computing, pages 1401–1408. IEEE, 2012.
  165. Bounds on inference. In 51st Annual Allerton Conference on Communication, Control, and Computing, pages 567–574. IEEE, 2013.
  166. Fundamental limits of perfect privacy. In IEEE International Symposium on Information Theory (ISIT), pages 1796–1800. IEEE, 2015.
  167. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security, pages 506–519, 2017.
  168. Learning disentangled representation for fair facial attribute classification via fairness-aware information alignment. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 35, pages 2403–2411, 2021.
  169. Computational optimal transport: With applications to data science. Foundations and Trends® in Machine Learning, 11(5-6):355–607, 2019.
  170. Lecture notes on information theory. Lecture Notes for ECE563 (UIUC) and, 6, 2014.
  171. Channel coding rate in the finite blocklength regime. IEEE Transactions on Information Theory, 56(5):2307–2359, 2010.
  172. Survey on white-box attacks and solutions. Asian Journal of Computer Science and Technology, 7(3):28–32, 2018.
  173. Robert Price. E.“claude e. shannon: An interview conducted by robert price”. IEEE History Center, Interview, 423:28, 1982. URL https://ethw.org/Oral-History:Claude_E._Shannon.
  174. A method to detect internet of things botnets. In 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pages 105–108. IEEE, 2018.
  175. Privacy-aware data fusion and prediction with spatial-temporal context for smart city industrial environment. IEEE Transactions on Industrial Informatics, 17(6):4159–4167, 2020.
  176. Geoda: a geometric framework for black-box adversarial attacks. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 8446–8455, 2020.
  177. Poisoning attacks and defenses on artificial intelligence: A survey. arXiv preprint arXiv:2202.10276, 2022.
  178. On perfect privacy. In IEEE International Symposium on Information Theory (ISIT), pages 2551–2555. IEEE, 2018.
  179. Optimal utility-privacy trade-off with total variation distance as a privacy measure. IEEE Transactions on Information Forensics and Security, 15:594–603, 2019.
  180. Latent feature disclosure under perfect sample privacy. In IEEE International Workshop on Information Forensics and Security (WIFS), pages 1–7. IEEE, 2018.
  181. Data disclosure under perfect sample privacy. IEEE Transactions on Information Forensics and Security, 2019.
  182. Deep face fuzzy vault: Implementation and performance. Computers & Security, 113:102539, 2022.
  183. Behrooz Razeghi. Bottlenecks CLUB: Unifying information-theoretic trade-offs among complexity, leakage, and utility. PhD thesis, University of Geneva, Department of Computer Science, 2023. DOI: 10.13097/archive-ouverte/unige:174561.
  184. Privacy preserving identification using sparse approximation with ambiguization. In IEEE International Workshop on Information Forensics and Security (WIFS), pages 1–6, Rennes, France, December 2017.
  185. Privacy-preserving identification via layered sparse code design: Distributed servers and multiple access authorization. In 26th European Signal Processing Conference (EUSIPCO), pages 2578–2582. IEEE, 2018.
  186. On perfect obfuscation: Local information geometry analysis. In IEEE International Workshop on Information Forensics and Security (WIFS), pages 1–6, 2020.
  187. Bottlenecks club: Unifying information-theoretic trade-offs among complexity, leakage, and utility. IEEE Transactions on Information Forensics and Security, 18:2060–2075, 2023.
  188. Deep variational privacy funnel: General modeling with applications in face recognition. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2024. URL https://arxiv.org/pdf/2401.14792.
  189. From t-closeness-like privacy to postrandomization via information theory. IEEE Transactions on Knowledge and Data Engineering, 22(11):1623–1636, 2009.
  190. Irving S Reed. Information theory and privacy in data banks. In National Computer Conference and Exposition, pages 581–587. ACM, 1973.
  191. Alfréd Rényi. On measures of dependence. Acta mathematica hungarica, 10(3-4):441–451, 1959.
  192. Alfréd Rényi. On measures of entropy and information. In Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Contributions to the Theory of Statistics, volume 4, pages 547–562. University of California Press, 1961.
  193. Reconstruction of privacy-sensitive data from protected templates. In IEEE International Conference on Image Processing (ICIP), Taipei, Taiwan, September 2019.
  194. K. Ricanek and T. Tesafaye. Morph: a longitudinal image database of normal adult age-progression. In International Conference on Automatic Face and Gesture Recognition, 2006. doi:10.1109/FGR.2006.78.
  195. White-box vs black-box: Bayes optimal strategies for membership inference. In International Conference on Machine Learning, pages 5558–5567. PMLR, 2019.
  196. Trusted execution environment: what it is, and what it is not. In 2015 IEEE Trustcom/BigDataSE/Ispa, volume 1, pages 57–64. IEEE, 2015.
  197. Quantifying membership privacy via information leakage. IEEE Transactions on Information Forensics and Security, 16:3096–3108, 2021.
  198. Pointwise maximal leakage. IEEE Transactions on Information Theory, 2023.
  199. Managing your private and public data: Bringing down inference attacks against your privacy. IEEE Journal of Selected Topics in Signal Processing, 9(7):1240–1255, 2015.
  200. Biometric template protection: A systematic literature review of approaches and modalities. In Biometric Security and Privacy, pages 323–370. Springer, 2017.
  201. Utility-privacy tradeoffs in databases: An information-theoretic approach. IEEE Transactions on Information Forensics and Security (TIFS), 8(6):838–852, 2013.
  202. Facenet: A unified embedding for face recognition and clustering. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 815–823, 2015.
  203. Unbalanced optimal transport, from theory to numerics. Handbook of Numerical Analysis, 24:407–471, 2023.
  204. Face reconstruction from facial templates by learning latent space of a generator network. In Thirty-seventh Conference on Neural Information Processing Systems, 2023a.
  205. Comprehensive vulnerability evaluation of face recognition systems to template inversion attacks via 3d face reconstruction. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2023b.
  206. Hybrid protection of biometric templates by combining homomorphic encryption and cancelable biometrics. In 2022 IEEE International Joint Conference on Biometrics (IJCB), pages 1–10. IEEE, 2022.
  207. Mlp-hash: Protecting face templates via hashing of randomized multi-layer perceptron. In 2023 31st European Signal Processing Conference (EUSIPCO), pages 605–609. IEEE, 2023a.
  208. Measuring linkability of protected biometric templates using maximal leakage. IEEE Transactions on Information Forensics and Security, 2023b.
  209. Claude E Shannon. Communication theory of secrecy systems. The Bell system technical journal, 28(4):656–715, 1949.
  210. Fundamental bound on the reliability of quantum information transmission. Physical review letters, 110(8):080501, 2013.
  211. Multi-institutional pet/ct image segmentation using federated deep transformer learning. Computer Methods and Programs in Biomedicine, 240:107706, 2023.
  212. Primis: Privacy-preserving medical image sharing via deep sparsifying transform learning with obfuscation. Journal of biomedical informatics, 150:104583, 2024.
  213. Privacy-preserving deep learning. In 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1310–1321, 2015.
  214. Membership inference attacks against machine learning models. In 2017 IEEE symposium on security and privacy (SP), pages 3–18. IEEE, 2017.
  215. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, 2014.
  216. Unauthorized access: The crisis in online privacy and security. Taylor & Francis, 2017.
  217. Information privacy research: an interdisciplinary review. MIS quarterly, pages 989–1015, 2011.
  218. Daniel J Solove. Conceptualizing privacy. California law review, pages 1087–1155, 2002.
  219. Daniel J Solove. A taxonomy of privacy. U. Pa. l. Rev., 154:477, 2005.
  220. Daniel J Solove. Understanding privacy. Harvard university press, 2010.
  221. Daniel J Solove. Artificial intelligence and privacy. Available at SSRN, 2024.
  222. Privacy risks of securing machine learning models against adversarial examples. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 241–257, 2019.
  223. Optimal privacy-utility trade-off under a rate constraint. In IEEE International Symposium on Information Theory (ISIT), pages 2159–2163. IEEE, 2019.
  224. Defending against reconstruction attacks with r\\\backslash\’enyi differential privacy. arXiv preprint arXiv:2202.07623, 2022.
  225. DJ Strouse and David J Schwab. The deterministic information bottleneck. Neural computation, 29(6):1611–1630, 2017.
  226. De-anonymizing web browsing data with social networks. In Proceedings of the 26th international conference on world wide web, pages 1261–1269, 2017.
  227. Density-ratio matching under the Bregman divergence: A unified framework of density-ratio estimation. Annals of the Institute of Statistical Mathematics, 64(5):1009–1044, 2012.
  228. Face identity-aware disentanglement in stylegan. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, pages 5222–5231, 2024.
  229. Latanya Sweeney. Simple demographics often identify people uniquely. Health (San Francisco), 671:1–34, 2000.
  230. Latanya Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05):557–570, 2002.
  231. Deepface: Closing the gap to human-level performance in face verification. 2014 IEEE Conference on Computer Vision and Pattern Recognition, pages 1701–1708, 2014. URL https://api.semanticscholar.org/CorpusID:2814088.
  232. Diversity can be transferred: Output diversification for white-and black-box attacks. Advances in neural information processing systems, 33:4536–4548, 2020.
  233. A comprehensive survey on poisoning attacks and countermeasures in machine learning. ACM Computing Surveys, 55(8):1–35, 2022.
  234. Deep learning and the information bottleneck principle. In IEEE Information Theory Workshop (ITW), pages 1–5. IEEE, 2015.
  235. The information bottleneck method. In IEEE Allerton, 2000.
  236. Wasserstein auto-encoders. In International Conference on Learning Representations (ICLR), 2018.
  237. Stealing machine learning models via prediction {{\{{APIs}}\}}. In 25th USENIX security symposium (USENIX Security 16), pages 601–618, 2016.
  238. Disentangled representation learning gan for pose-invariant face recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 1415–1424, 2017.
  239. Privacy-preserving adversarial networks. In 57th Annual Allerton Conference on Communication, Control, and Computing, pages 495–505. IEEE, 2019.
  240. Biometric cryptosystems: issues and challenges. Proceedings of the IEEE, 92(6):948–960, 2004.
  241. Confidential computing within an {{\{{AI}}\}} accelerator. In 2023 USENIX Annual Technical Conference (USENIX ATC 23), pages 501–518, 2023.
  242. Collaborative information bottleneck. IEEE Transactions on Information Theory, 65(2):787–815, 2018.
  243. Cédric Villani. Optimal transport: old and new, volume 338. Springer Science & Business Media, 2008.
  244. Information bottleneck through variational glasses. In 4th Workshop on Bayesian Deep Learning (NeurIPS 2019), 2019.
  245. Attack modelling: towards a second generation watermarking benchmark. Signal processing, 81(6):1177–1214, 2001.
  246. Generalized watermarking attack based on watermark estimation and perceptual remodulation. In Security and Watermarking of Multimedia Contents II, volume 3971, pages 358–370. SPIE, 2000.
  247. Technical privacy metrics: a systematic survey. ACM Computing Surveys (CSUR), 51(3):1–38, 2018.
  248. Stealing hyperparameters in machine learning. In 2018 IEEE symposium on security and privacy (SP), pages 36–52. IEEE, 2018.
  249. Cosface: Large margin cosine loss for deep face recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 5265–5274, 2018.
  250. A longitudinal study of unauthorized access attempts on information systems: The role of opportunity contexts. MIS Quarterly, 43(2):601–622, 2019.
  251. Threats to training: A survey of poisoning attacks and defenses on machine learning systems. ACM Computing Surveys, 55(7):1–36, 2022.
  252. Federated learning with differential privacy: Algorithms and performance analysis. IEEE Transactions on Information Forensics and Security, 15:3454–3469, 2020.
  253. Peter A Winn. The guilty eye: Unauthorized access, trespass and privacy. The Business Lawyer, pages 1395–1437, 2007.
  254. Learnability for the information bottleneck. International Conference on Learning Representations (ICLR), 2019.
  255. Aaron D Wyner. The wire-tap channel. Bell system technical journal, 54(8):1355–1387, 1975.
  256. Maximal information leakage based privacy preserving data disclosure mechanisms. In 16th Canadian Workshop on Information Theory (CWIT), pages 1–6. IEEE, 2019.
  257. Yonghui Xiao and Li Xiong. Protecting locations with differential privacy under temporal correlations. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1298–1309, 2015.
  258. Hirosuke Yamamoto. A source coding problem for sources with additional outputs to keep secret from the receiver or wiretappers (corresp.). IEEE Transactions on Information Theory, 29(6):918–923, 1983.
  259. A comprehensive overview of backdoor attacks in large language models within communication networks. arXiv preprint arXiv:2308.14367, 2023.
  260. Andrew C Yao. Protocols for secure computations. In 23rd annual symposium on foundations of computer science (sfcs 1982), pages 160–164. IEEE, 1982.
  261. Deep learning for person re-identification: A survey and outlook. IEEE transactions on pattern analysis and machine intelligence, 44(6):2872–2893, 2021.
  262. Raymond W Yeung. A new outlook on shannon’s information measures. IEEE Transactions on Information Theory, 37(3):466–474, 1991.
  263. On the information bottleneck problems: Models, connections, applications and information theoretic views. Entropy, 22(2):151, 2020.
  264. On the privacy-utility trade-off with and without direct access to the private data. IEEE Transactions on Information Theory, 2023.
  265. On the lift, related privacy measures, and applications to privacy–utility trade-offs. Entropy, 25(4):679, 2023.
  266. Synteg: a framework for temporal structured electronic health data simulation. Journal of the American Medical Informatics Association, 28(3):596–604, 2021.
  267. Scalable person re-identification: A benchmark. In Proceedings of the IEEE international conference on computer vision, pages 1116–1124, 2015.
  268. Person re-identification: Past, present and future. arXiv preprint arXiv:1610.02984, 2016.
  269. Webface260m: A benchmark unveiling the power of million-scale deep face recognition. In IEEE/CVF CVPR, 2021.
Citations (4)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets