Dual Protection for Image Privacy and Copyright via Traceable Adversarial Examples

In recent years, the uploading of massive personal images has increased the security risks, mainly including privacy breaches and copyright infringement. Adversarial examples provide a novel solution for protecting image privacy, as they can evade the detection by deep neural network (DNN)-based recognizers. However, the perturbations in the adversarial examples typically meaningless and therefore cannot be extracted as traceable information to support copyright protection. In this paper, we designed a dual protection scheme for image privacy and copyright via traceable adversarial examples. Specifically, a traceable adversarial model is proposed, which can be used to embed the invisible copyright information into images for copyright protection while fooling DNN-based recognizers for privacy protection. Inspired by the training method of generative adversarial networks (GANs), a new dynamic adversarial training strategy is designed, which allows our model for achieving stable multi-objective learning. Experimental results show that our scheme is exceptionally robust in the face of a variety of noise conditions and image processing methods, while exhibiting good model migration and defense robustness. © 1991-2012 IEEE.