Transferable Stealthy Adversarial Example Generation via Dual-Latent Adaptive Diffusion for Facial Privacy Protection

IF 8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

IEEE Transactions on Information Forensics and Security Pub Date : 2025-09-08 DOI:10.1109/TIFS.2025.3607244

Yuanbo Li;Cong Hu;Xiao-Jun Wu

{"title":"Transferable Stealthy Adversarial Example Generation via Dual-Latent Adaptive Diffusion for Facial Privacy Protection","authors":"Yuanbo Li;Cong Hu;Xiao-Jun Wu","doi":"10.1109/TIFS.2025.3607244","DOIUrl":null,"url":null,"abstract":"The widespread application of deep learning-based face recognition (FR) systems poses significant challenges to the privacy of facial images on social media, as unauthorized FR systems can exploit these images to mine user data. Recent studies have utilized adversarial attack techniques to protect facial privacy against malicious FR systems by generating adversarial examples. However, existing noise-based and makeup-based methods produce adversarial examples with noticeable noise or undesired makeup attributes, and suffers from low transferability issues. In this paper, we propose a novel stealthy-based approach, named Dual-latent Adaptive Diffusion Protection (DADP), which generates transferable stealthy adversarial examples consistent with the source images by the diffusion model to protect facial privacy. DADP effectively harnesses adversarial information within both the semantic and diffusion latent spaces to explore adversarial latent representations. Unlike traditional methods that rely on bounded constraints and sign gradient optimization, DADP employs adaptive optimization to maximize the utilization of adversarial gradient information and introduces latent regularization to constrain the adaptive optimization process, ensuring that the protected faces maintain high privacy and natural appearance. Extensive qualitative and quantitative experiments on the public CelebA-HQ and LADN datasets demonstrate the proposed method crafts more natural-looking stealthy adversarial examples with superior black-box transferability compared to the state-of-the-art methods. The code is released at <uri>https://github.com/LiYuanBoJNU/DADP</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9427-9440"},"PeriodicalIF":8.0000,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11153602/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

The widespread application of deep learning-based face recognition (FR) systems poses significant challenges to the privacy of facial images on social media, as unauthorized FR systems can exploit these images to mine user data. Recent studies have utilized adversarial attack techniques to protect facial privacy against malicious FR systems by generating adversarial examples. However, existing noise-based and makeup-based methods produce adversarial examples with noticeable noise or undesired makeup attributes, and suffers from low transferability issues. In this paper, we propose a novel stealthy-based approach, named Dual-latent Adaptive Diffusion Protection (DADP), which generates transferable stealthy adversarial examples consistent with the source images by the diffusion model to protect facial privacy. DADP effectively harnesses adversarial information within both the semantic and diffusion latent spaces to explore adversarial latent representations. Unlike traditional methods that rely on bounded constraints and sign gradient optimization, DADP employs adaptive optimization to maximize the utilization of adversarial gradient information and introduces latent regularization to constrain the adaptive optimization process, ensuring that the protected faces maintain high privacy and natural appearance. Extensive qualitative and quantitative experiments on the public CelebA-HQ and LADN datasets demonstrate the proposed method crafts more natural-looking stealthy adversarial examples with superior black-box transferability compared to the state-of-the-art methods. The code is released at https://github.com/LiYuanBoJNU/DADP

查看原文本刊更多论文

基于双潜自适应扩散的面部隐私保护可转移隐形对抗示例生成

基于深度学习的人脸识别（FR）系统的广泛应用对社交媒体上人脸图像的隐私构成了重大挑战，因为未经授权的FR系统可以利用这些图像来挖掘用户数据。最近的研究利用对抗性攻击技术，通过生成对抗性示例来保护面部隐私免受恶意FR系统的攻击。然而，现有的基于噪声和基于化妆的方法产生的对抗性示例具有明显的噪声或不希望的化妆属性，并且存在低可转移性问题。本文提出了一种新的基于隐身的方法——双潜自适应扩散保护（Dual-latent Adaptive Diffusion Protection， DADP），该方法通过扩散模型生成与源图像一致的可转移隐身对抗样例，以保护面部隐私。DADP有效地利用语义和扩散潜在空间中的对抗性信息来探索对抗性潜在表征。与传统方法依赖有界约束和符号梯度优化不同，DADP采用自适应优化来最大限度地利用对抗性梯度信息，并引入潜在正则化来约束自适应优化过程，确保被保护的人脸保持高度的隐私性和自然外观。在公共CelebA-HQ和LADN数据集上进行的大量定性和定量实验表明，与最先进的方法相比，所提出的方法制作了更自然的隐形对抗示例，具有优越的黑箱可转移性。该代码发布在https://github.com/LiYuanBoJNU/DADP

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Information Forensics and Security 工程技术-工程：电子与电气

CiteScore

14.40

自引率

7.40%

发文量

234

审稿时长

6.5 months

期刊介绍： The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features