Currently, Deep Neural Networks (DNNs) have made major breakthroughs in many fields, and are widely taken to automatically analyze and classify multimedia data. However, DNNs can also be used for certain malicious detection, especially for pictures from various social platforms, posing a serious threat to user privacy. The attack characteristics of adversarial examples can fool such artificial intelligence systems to achieve privacy protection and other purposes. The reversible adversarial example achieves the reversible cyber attacks on the artificial intelligence system, which not only disable the system's automatic classification and analysis functions, but also restores the original image error-free. Nevertheless, in the existing work of reversible adversarial examples, there are problems such as the difficulty of fully embedding the adversarial-perturbations information, resulting in the failure of the original image restoration, and the inability of the attack effect caused by the perturbation constraint to meet the privacy protection requirements. In this paper, we take advantage of Reversible Image Transformation (RIT) to realize direct conversion between the original image and its reversible adversarial example. Experimental results show that proposed scheme can not only successfully restore the original image without distortion, but also is not limited by the perturbation amplitude, can bring a higher attack success rate to reach desired privacy protection goal, while ensuring that the image distortion is imperceptible to the human eyes.

翻译：目前,深神经网络(DNN)在许多领域取得了重大突破,并被广泛认为自动分析和分类多媒体数据。然而,DNN也可以用于某些恶意检测,特别是各种社会平台的图片,对用户隐私构成严重威胁。对抗性实例的攻击性特征可以愚弄这些人工智能系统,实现隐私保护和其他目的。可逆对抗性实例可以实现对人工智能系统的可逆网络攻击,这不仅使系统自动分类和分析功能无法运行,而且恢复了原始图像的无误。然而,在现有的可逆对抗性实例中,DNNN也可以用于某些恶意检测,特别是各种社会平台的图片,对用户隐私构成严重威胁。对抗性实例的攻击性特征可以愚弄这些人工智能系统,从而达到隐私保护要求。在本文件中,我们利用可逆性图像转换(RIT)实现原始图像与其可逆性对立示例之间的直接转换。实验结果表明,在完全嵌入对抗性对立性干扰性信息,导致原始图像恢复失败,同时使预期的图像恢复率达到更高的目标,同时使原始图像成功恢复速度。我们利用可逆性图像转换,只能成功地恢复原始图像保护。