RDP: Ranked Differential Privacy for Facial Feature Protection in Multiscale Sparsified Subspace

Lu Ou,Shaolin Liao,Shihui Gao,Guandong Huang,Zheng Qi
2024-08-01
Abstract:With the widespread sharing of personal face images in applications' public databases, face recognition systems faces real threat of being breached by potential adversaries who are able to access users' face images and use them to intrude the face recognition systems. In this paper, we propose a novel privacy protection method in the multiscale sparsified feature subspaces to protect sensitive facial features, by taking care of the influence or weight ranked feature coefficients on the privacy budget, named "Ranked Differential Privacy (RDP)". After the multiscale feature decomposition, the lightweight Laplacian noise is added to the dimension-reduced sparsified feature coefficients according to the geometric superposition method. Then, we rigorously prove that the RDP satisfies Differential Privacy. After that, the nonlinear Lagrange Multiplier (LM) method is formulated for the constraint optimization problem of maximizing the utility of the visualization quality protected face images with sanitizing noise, under a given facial features privacy budget. Then, two methods are proposed to solve the nonlinear LM problem and obtain the optimal noise scale parameters: 1) the analytical Normalization Approximation (NA) method with identical average noise scale parameter for real-time online applications; and 2) the LM optimization Gradient Descent (LMGD) numerical method to obtain the nonlinear solution through iterative updating for more accurate offline applications. Experimental results on two real-world datasets show that our proposed RDP outperforms other state-of-the-art methods: at a privacy budget of 0.2, the PSNR (Peak Signal-to-Noise Ratio) of the RDP is about ~10 dB higher than (10 times as high as) the highest PSNR of all compared methods.
Computer Vision and Pattern Recognition,Information Retrieval
What problem does this paper attempt to address?
The paper attempts to address the problem of maintaining high-quality visualization of facial images while protecting facial feature privacy. Specifically, the paper focuses on how to protect facial features by adding an appropriate amount of noise under a given privacy budget, thereby preventing potential attackers from using facial images in public databases to infiltrate facial recognition systems, while minimizing the impact on image visual quality. ### Background of the Paper With the widespread sharing of personal facial images in public databases, facial recognition systems face the risk of being infiltrated by potential attackers. These attackers can access users' facial images and use them to infiltrate facial recognition systems. Although many methods have been proposed to protect facial feature privacy, providing accurate and lightweight protection without degrading image visualization quality and data utility remains a challenge. ### Objectives of the Paper The paper proposes a new privacy protection method—"Ranked Differential Privacy (RDP)"—aimed at protecting sensitive facial features in multi-scale sparse subspaces. This method evaluates the impact of each sparse feature coefficient on the privacy budget and adds appropriately scaled Laplace noise based on these impacts, thereby maximizing the visual quality of the image while protecting privacy. ### Main Contributions 1. **Optimization of Laplace Noise Parameters**: By sorting the sparse feature coefficients after dimensionality reduction and evaluating the impact of each coefficient on the total privacy budget, the Lagrange Multiplier (LM) method is used to optimize the Laplace noise parameters of all significantly impactful feature coefficients, maximizing the visual quality of privacy-protected facial images under a given privacy budget. 2. **Two Solution Methods**: Two methods for solving the nonlinear LM optimization problem are proposed: - **Normalization Approximation (NA)**: Suitable for real-time online applications, it simplifies computation by normalizing all weighted Laplace noise scale parameters to an average noise scale parameter. - **LM Optimization Gradient Descent (LMGD)**: Suitable for offline applications requiring more precise results, it iteratively updates to gradually solve the nonlinear problem. 3. **Experimental Validation**: Experiments were conducted on two real-world datasets, and the results show that the proposed RDP method achieves a PSNR (Peak Signal-to-Noise Ratio) approximately 10dB (i.e., 10 times) higher than other state-of-the-art methods when the privacy budget is ε0=0.2. ### Conclusion The proposed method effectively maintains high-quality visualization of facial images while protecting facial feature privacy, providing a new solution for the privacy protection of public facial images.