基于注意力特征解耦的跨年龄身份成员推理

Cross-age Identity Membership Inference Based on Attention Feature Decomposition

生成对抗网络(GANs)模型可以生成高分辨率的“不存在”的物体真实图像,近期被广泛应用于各种人工合成数据,尤其是人脸图像生成领域。然而,由于基于该模型的人脸生成器通常需要根据不同身份高度敏感的面部图像进行训练,其中存在潜在数据泄露使得攻击者能够对身份成员关系进行推断的问题。为此,首先设计对查询身份所获取样本与其实际参与训练样本之间存在巨大差异时的身份成员推理攻击,这些差异会导致基于样本推理身份成员关系的性能急剧下降;其次,在此基础上设计基于各身份解耦表征的重建误差攻击方案,在最大化消除不同样本间背景姿势等因素影响的同时,消除巨大年龄跨度导致的表征差异,进一步提高了攻击性能;最后,基于3个代表性的人脸数据集在3个主流GAN架构上训练生成模型并进行攻击,实验结果表明,在各种攻击场景下,此攻击方案较对比方法AUCROC值平均提高0.2。

Generative adversarial networks(GANs)can generate high-resolution“non-existent”realistic images,so they are widely used in various artificial data synthesis scenarios,especially in the field of face image generation.However,the face generators based on these models typically require highly sensitive facial images of different identities for training,which may lead to potential data leakage enabling attackers to infer identity membership relationships.To address this issue,this study proposes an identity membership inference attack when significant difference exist between the obtained samples and the actual training samples for the queried identity,resulting in a drastic decline in the performance of identity membership inference based on samples.Subsequently,a reconstruction error attack scheme is designed based on attention feature decomposition to further enhance the attack performance.This scheme maximizes the elimination of influences from factors such as background poses between different samples,as well as mitigates the representation difference caused by a large age span.Extensive experiments are conducted on three representative face datasets,training generative models with three mainstream GAN architectures and performing the proposed attacks.Experimental results demonstrate that the proposed attack scheme achieves an average increase of 0.2 in AUCROC value compared to previous researches.