Adaptive Hybrid Masking Strategy for Privacy-Preserving Face Recognition Against Model Inversion Attack

arXiv:2403.10558v1 Announce Type: cross
Abstract: The utilization of personal sensitive data in training face recognition (FR) models poses significant privacy concerns, as adversaries can employ model inversion attacks (MIA) to infer the original training data. Existing defense methods, such as data augmentation and differential privacy, have been employed to mitigate this issue. However, these methods often fail to strike an optimal balance between privacy and accuracy. To address this limitation, this paper introduces an adaptive hybrid masking algorithm against MIA. …

abstract arxiv attacks augmentation concerns cs.cr cs.cv cs.lg data defense differential differential privacy face face recognition hybrid masking privacy recognition strategy training training data type