Multifunctional adversarial examples: A novel mechanism for authenticatable privacy protection of images

With the rapid development of network technology, more and more images containing personal identity characteristics are being released by users on open network platforms. However, these images are easily collected by malicious users, leading to problems such as privacy leakage, infringement, and tampering, thus harming users’ legitimate interests. Recent studies have found that adversarial examples generated by adding tiny perturbations to an image can mislead image classifiers, causing incorrect classifications. Therefore significant privacy protection against deep neural networks is achieved while the visual quality remains indistinguishable to human eyes. However, these methods cannot protect the authenticity and integrity of the image simultaneously, failing to address infringement and tampering issues, which are also neglectable in the open network platforms. To solve this problem, we propose a novel authentication-enabled privacy protection method. The meaningful information used for authentication, instead of the meaningless perturbations, is embedded into the host image to generate adversarial examples, thereby achieving both authentication and privacy protection simultaneously. This scheme combines attention mechanisms with generative adversarial networks to adaptively select and weight features between different channels, achieving significant improvements in both aggressiveness and authentication capability. Experimental results show that our method outperforms recent similar methods in overall performance.