INN-RAE: Reversible adversarial examples based on invertible neural networks for facial protection

IF 7.5 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Expert Systems with Applications Pub Date : 2025-10-09 DOI:10.1016/j.eswa.2025.129962

Zeyu Zhao, Ke Xu, Laijin Meng, Tanfeng Sun, Xinghao Jiang

{"title":"INN-RAE: Reversible adversarial examples based on invertible neural networks for facial protection","authors":"Zeyu Zhao, Ke Xu, Laijin Meng, Tanfeng Sun, Xinghao Jiang","doi":"10.1016/j.eswa.2025.129962","DOIUrl":null,"url":null,"abstract":"<div><div>Reversible adversarial examples can effectively prevent data from being accessed and recognized by unauthorized deep neural network models, but existing methods struggle to balance the visual quality and attack effectiveness of the generated adversarial examples. This paper proposes a method for generating reversible adversarial examples based on invertible neural networks (INN-RAE), achieving an effective unification of high attack success rate and high visual stealthiness. Specifically, during the forward propagation phase of the invertible neural network, both the clean sample and a noise matrix are input simultaneously, and adversarial examples are generated by fine-tuning the noise matrix. When restoring the adversarial examples, the same invertible neural network can be used to achieve high-quality restoration and remove the attack noise, thereby realizing end-to-end reversible adversarial example generation and restoration. Compared with existing reversible adversarial example generation algorithms, INN-RAE achieves state-of-the-art levels of attack success rate on multiple face datasets and face recognition models, while also achieving better visual stealthiness and restoration effects.</div></div>","PeriodicalId":50461,"journal":{"name":"Expert Systems with Applications","volume":"299 ","pages":"Article 129962"},"PeriodicalIF":7.5000,"publicationDate":"2025-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems with Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0957417425035778","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Reversible adversarial examples can effectively prevent data from being accessed and recognized by unauthorized deep neural network models, but existing methods struggle to balance the visual quality and attack effectiveness of the generated adversarial examples. This paper proposes a method for generating reversible adversarial examples based on invertible neural networks (INN-RAE), achieving an effective unification of high attack success rate and high visual stealthiness. Specifically, during the forward propagation phase of the invertible neural network, both the clean sample and a noise matrix are input simultaneously, and adversarial examples are generated by fine-tuning the noise matrix. When restoring the adversarial examples, the same invertible neural network can be used to achieve high-quality restoration and remove the attack noise, thereby realizing end-to-end reversible adversarial example generation and restoration. Compared with existing reversible adversarial example generation algorithms, INN-RAE achieves state-of-the-art levels of attack success rate on multiple face datasets and face recognition models, while also achieving better visual stealthiness and restoration effects.

查看原文本刊更多论文

基于可逆神经网络的面部保护可逆对抗实例

可逆对抗样例可以有效防止未经授权的深度神经网络模型访问和识别数据，但现有方法难以平衡生成的对抗样例的视觉质量和攻击有效性。提出了一种基于可逆神经网络（INN-RAE）的可逆对抗示例生成方法，实现了高攻击成功率和高视觉隐身性的有效统一。具体而言，在可逆神经网络的前向传播阶段，同时输入干净样本和噪声矩阵，并通过微调噪声矩阵生成对抗样本。在恢复对抗样例时，可以使用相同的可逆神经网络实现高质量的恢复并去除攻击噪声，从而实现端到端的可逆对抗样例生成和恢复。与现有的可逆对抗样例生成算法相比，INN-RAE在多个人脸数据集和人脸识别模型上实现了最先进的攻击成功率，同时也实现了更好的视觉隐身性和恢复效果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Expert Systems with Applications 工程技术-工程：电子与电气

CiteScore

13.80

自引率

10.60%

发文量

2045

审稿时长

8.7 months

期刊介绍： Expert Systems With Applications is an international journal dedicated to the exchange of information on expert and intelligent systems used globally in industry, government, and universities. The journal emphasizes original papers covering the design, development, testing, implementation, and management of these systems, offering practical guidelines. It spans various sectors such as finance, engineering, marketing, law, project management, information management, medicine, and more. The journal also welcomes papers on multi-agent systems, knowledge management, neural networks, knowledge discovery, data mining, and other related areas, excluding applications to military/defense systems.