学术文献库

Various visual information protection methods have been proposed for privacy-preserving deep neural networks (DNNs). In contrast, attack methods on such protection methods have been studied simultaneously. In this paper, we evaluate state-of-the-art visual protection methods for privacy-preserving DNNs in terms of visual security against ciphertext-only attacks (COAs). We focus on brute-force attack, feature reconstruction attack (FR-Attack), inverse transformation attack (ITN-Attack), and GAN-based attack (GAN-Attack), which have been proposed to reconstruct visual information on plain images from the visually-protected images. The detail of various attack is first summarized, and then visual security of the protection methods is evaluated. Experimental results demonstrate that most of protection methods, including pixel-wise encryption, have not enough robustness against GAN-Attack, while a few protection methods are robust enough against GAN-Attack.