We present a novel privacy-preserving scheme for deep neural networks (DNNs) that enables us not to only apply images without visual information to DNNs for both training and testing but to also consider data augmentation in the encrypted domain for the first time. In this paper, a novel pixel-based image encryption method is first proposed for privacy-preserving DNNs. In addition, a novel adaptation network is considered that reduces the influence of image encryption. In an experiment, the proposed method is applied to a well-known network, ResNet-18, for image classification. The experimental results demonstrate that conventional privacy-preserving machine learning methods including the state-of-the-arts cannot be applied to data augmentation in the encrypted domain and that the proposed method outperforms them in terms of classification accuracy.
We present a novel privacy-preserving scheme for deep neural networks (DNNs) that enables us not to only apply images without visual information to DNNs but to also consider the use of independent encryption keys for both training and testing images for the first time. In this paper, a novel pixel-based image encryption method that maintains important features of original images is proposed for privacy-preserving DNNs. For training, a DNN model is trained with images encrypted by using the proposed method with independent encryption keys. For testing, the model enables us to apply both encrypted images and plain images for image classification. Therefore, there is no need to manage keys. In addition, the proposed method allows us to perform data augmentation in the encrypted domain. In an experiment, the proposed method is applied to well-known networks, that is, deep residual networks and densely connected convolutional networks, for image classification. The experimental results demonstrate that the proposed method, under the use of independent encryption keys, can maintain a high classification performance, and it is robust against ciphertext-only attacks (COAs). Moreover, the results confirm that the proposed scheme is able to classify plain images as well as encrypted images, even when data augmentation is carried out in the encrypted domain. INDEX TERMS Deep learning, deep neural network, image encryption, privacy-preserving.
We propose a novel image transformation network for generating visually protected images for privacy-preserving deep neural networks (DNNs). The proposed transformation network is trained by using a plain image dataset so that plain images are converted into visually protected ones. Conventional perceptual encryption methods cause some accuracy degradation in image classification and are not robust enough against state-of-the-art attacks. In contrast, the proposed network not only enables us to maintain the image classification accuracy that using plain images achieves but is also strongly robust against attacks including DNN-based ones. Furthermore, there is no need to manage any security keys as the conventional methods require. In an image classification experiment, the proposed network is demonstrated to strongly protect the visual information of plain images while maintaining a high classification accuracy under the use of two typical classification networks: ResNet and VGG. In addition, it is shown that the visually protected images are robust enough against various attacks in an experiment in which we tried to restore the visual information of plain images.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.