Adversarial Attacks and Identity Leakage in De-Identification Systems: An Empirical Study

In this paper, we investigate the impact of adversarial attacks on identity encoders within a realistic de-identification framework. Our experiments show that the transferability of attacks transfers from an external surrogate model to the system model (e.g., CosFace to ArcFace) allows the adversary...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on biometrics, behavior, and identity science S. 1
Hauptverfasser: Rosberg, Felix, Englund, Cristofer, Aksoy, Eren Erdal, Alonso-Fernandez, Fernando
Format: Journal Article
Sprache:Englisch
Veröffentlicht: IEEE 2025
Schlagworte:
Adversarial Attacks
Adversarial Transferability
Biological system modeling
Data privacy
De-Identification
Evaluation models
Extraterrestrial measurements
Face recognition
Noise
Residual neural networks
Snow
Training
Transform coding
ISSN:2637-6407, 2637-6407
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we investigate the impact of adversarial attacks on identity encoders within a realistic de-identification framework. Our experiments show that the transferability of attacks transfers from an external surrogate model to the system model (e.g., CosFace to ArcFace) allows the adversary to cause identity information to leak in a sufficiently sensitive face recognition system. We present experimental evidence and propose strategies to mitigate this vulnerability. Specifically, we show how fine-tuning on adversarial examples helps to mitigate this effect for distortion-based attacks (i.e., snow, fog, etc.), while a simple low-pass filter can attenuate the effect of adversarial noise without affecting the de-identified images. Our mitigation results in a de-identification system that preserves its functionality while being significantly more robust to adversarial noise.
ISSN:2637-6407
2637-6407
DOI:10.1109/TBIOM.2025.3596069