Turning backdoors for efficient privacy protection against image retrieval violations

Amato, 2020, Large-scale instance-level image retrieval, Information Processing & Management, 57, 10.1016/j.ipm.2019.102100 Buades, 2011, Non-local means denoising, Image Processing on Line, 1, 208, 10.5201/ipol.2011.bcm_nlm Buffardi, 2008, Narcissism and social networking web sites, Personality and Social Psychology Bulletin, 34, 1303, 10.1177/0146167208320061 Chen, 2017 Chen, R., Reznichenko, A., Francis, P., & Gehrke, J. (2012). Towards statistical queries over distributed private user data. In Proc. of the USENIX symposium on networked systems design and implementation (pp. 169–182). Chen, X., Salem, A., Chen, D., Backes, M., Ma, S., Shen, Q., et al. (2021). Badnl: Backdoor attacks against nlp models with semantic-preserving improvements. In Proc. of the annual computer security applications conference (pp. 554–569). Cheng, S., Liu, Y., Ma, S., & Zhang, X. (2021). Deep feature space trojan attack of neural networks by controlled detoxification. In Proc. of the AAAI conference on artificial intelligence, vol. 35, no. 2 (pp. 1148–1156). Dong, 2020, Watermarking-based secure plaintext image protocols for storage, show, deletion and retrieval in the cloud, IEEE Transactions on Services Computing, 15, 1678, 10.1109/TSC.2020.3008957 Estévez, 2009, Normalized mutual information feature selection, IEEE Transactions on Neural Networks, 20, 189, 10.1109/TNN.2008.2005601 Gao, Y., Xu, C., Wang, D., Chen, S., Ranasinghe, D. C., & Nepal, S. (2019). Strip: A defence against trojan attacks on deep neural networks. In Proc. of the annual computer security applications conference (pp. 113–125). Gu, 2019, Badnets: Evaluating backdooring attacks on deep neural networks, IEEE Access, 7, 47230, 10.1109/ACCESS.2019.2909068 Guo, C., Goldstein, T., Hannun, A., & Van Der Maaten, L. (2020). Certified data removal from machine learning models. In Proc. of the international conference on machine learning (pp. 3832–3842). Han, Y., & Shen, Y. (2016). Accurate spear phishing campaign attribution and early detection. In Proc. of the annual ACM symposium on applied computing (pp. 2079–2086). He, K., Zhang, X., Ren, S., & Sun, J. (2016). Deep residual learning for image recognition. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 770–778). Hore, 2010, Image quality metrics: PSNR vs. SSIM, 2366 Hu, J., Lu, J., & Tan, Y. P. (2014). Discriminative deep metric learning for face verification in the wild. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 1875–1882). Huynh-Thu, 2008, Scope of validity of PSNR in image/video quality assessment, Electronics Letters, 44, 800, 10.1049/el:20080522 Jiang, J. Y., Wu, T., Roumpos, G., Cheng, H. T., Yi, X., Chi, E., et al. (2020). End-to-end deep attentive personalized item retrieval for online content-sharing platforms. In Proc. of the web conference (pp. 2870–2877). Krause, J., Stark, M., Deng, J., & Fei-Fei, L. (2013). 3d object representations for fine-grained categorization. In Proc. of the IEEE international conference on computer vision (pp. 554–561). Li, 2022, Backdoor learning: A survey, IEEE Transactions on Neural Networks and Learning Systems, 1 Li, Y., Li, Y., Wu, B., Li, L., He, R., & Lyu, S. (2021). Invisible backdoor attack with sample-specific triggers. In Proc. of the IEEE international conference on computer vision (pp. 16463–16472). Liu, 2018, Fine-pruning: Defending against backdooring attacks on deep neural networks, 273 Liu, Y., Lee, W. C., Tao, G., Ma, S., Aafer, Y., & Zhang, X. (2019). Abs: Scanning neural networks for back-doors by artificial brain stimulation. In Proc. of ACM SIGSAC conference on computer and communications security (pp. 1265–1282). Liu, Z., Luo, P., Qiu, S., Wang, X., & Tang, X. (2016). Deepfashion: Powering robust clothes recognition and retrieval with rich annotations. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 1096–1104). Liu, 2020, Reflection backdoor: A natural backdoor attack on deep neural networks, 182 Liu, Q., Zhou, T., Cai, Z., & Tang, Y. (2022). Opportunistic Backdoor Attacks: Exploring Human-imperceptible Vulnerabilities on Speech Recognition Systems. In Proc. of the ACM international conference on multimedia (pp. 2390–2398). Luo, Y., Zhou, T., Liu, F., & Cai, Z. (2023). IRWArt: Levering Watermarking Performance for Protecting High-quality Artwork Images. In Proc. of the ACM web conference (pp. 2340–2348). Ma, 2023, Adaptive multi-feature fusion via cross-entropy normalization for effective image retrieval, Information Processing & Management, 60, 10.1016/j.ipm.2022.103119 Nguyen, T. A., & Tran, A. T. (2021). WaNet-Imperceptible Warping-based Backdoor Attack. In Proc. of the international conference on learning representations (pp. 1–16). Oh Song, H., Xiang, Y., Jegelka, S., & Savarese, S. (2016). Deep metric learning via lifted structured feature embedding. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 4004–4012). Pandey, 2016, A semantics and image retrieval system for hierarchical image databases, Information Processing & Management, 52, 571, 10.1016/j.ipm.2015.12.005 Politou, 2018, Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions, Journal of Cybersecurity, 4, tyy001, 10.1093/cybsec/tyy001 Qin, 2020, A privacy-preserving image retrieval method based on deep learning and adaptive weighted fusion, Journal of Real-Time Image Processing, 17, 161, 10.1007/s11554-019-00909-3 Reznichenko, A., & Francis, P. (2014). Private-by-design advertising meets the real world. In Proc. of the ACM SIGSAC conference on computer and communications security (pp. 116–128). Roth, 2020, Revisiting training strategies and generalization performance in deep metric learning, 8242 Schroff, F., Kalenichenko, D., & Philbin, J. (2015). Facenet: A unified embedding for face recognition and clustering. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 815–823). Shen, 2023, Data release for machine learning via correlated differential privacy, Information Processing & Management, 60, 10.1016/j.ipm.2023.103349 Stawicka, 2020, Emerging wireless technologies based on IoT in healthcare systems in Poland, 261 Sucharow, 2021 Szegedy, C., Ioffe, S., Vanhoucke, V., & Alemi, A. A. (2017). Inception-v4, inception-resnet and the impact of residual connections on learning. In Proc. of the AAAI conference on artificial intelligence, vol. 31, no. 1 (pp. 1–7). Tancik, M., Mildenhall, B., & Ng, R. (2020). Stegastamp: Invisible hyperlinks in physical photographs. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 2117–2126). Tran, C., Fioretto, F., Van Hentenryck, P., & Yao, Z. (2021). Decision Making with Differential Privacy under a Fairness Lens. In Proc. of international joint conference on artificial intelligence (pp. 560–566). Wah, 2011 Wang, J., Chen, B., Liao, D., Zeng, Z., Li, G., Xia, S. T., et al. (2022). Hybrid Contrastive Quantization for Efficient Cross-View Video Retrieval. In Proc. of the web conference (pp. 3020–3030). Wang, T., & Kerschbaum, F. (2021). Riga: Covert and robust white-box watermarking of deep neural networks. In Proc. of the web conference (pp. 993–1004). Wang, J., Song, Y., Leung, T., Rosenberg, C., Wang, J., Philbin, J., et al. (2014). Learning fine-grained image similarity with deep ranking. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 1386–1393). Wang, 2019, Neural cleanse: Identifying and mitigating backdoor attacks in neural networks, 707 Wu, C. Y., Manmatha, R., Smola, A. J., & Krahenbuhl, P. (2017). Sampling matters in deep embedding learning. In Proc. of the IEEE international conference on computer vision (pp. 2840–2848). Xia, 2016, A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing, IEEE Transactions on Information Forensics and Security, 11, 2594, 10.1109/TIFS.2016.2590944 Xiao, Y., Wang, C., & Gao, X. (2020). Evade deep image retrieval by stashing private images in the hash space. In Proc. of the IEEE conference on computer vision and pattern recognition (pp. 9651–9660). Zeng, 2022, Never too late: Tracing and mitigating backdoor attacks in federated learning, 69 Zhang, P. F., Huang, Z., & Xu, X. S. (2021). Privacy-preserving Learning for Retrieval. In Proc. of the AAAI conference on artificial intelligence (pp. 3369–3376).