Deep neural networks are extensively applied to real-world tasks, such as face recognition and medical image classification, where privacy and data protection are critical. Image data, if not protected, can be exploited to infer personal or contextual information. Existing privacy preservation methods, like encryption, generate perturbed images that are unrecognizable to even humans. Adversarial attack approaches prohibit automated inference even for authorized stakeholders, limiting practical incentives for commercial and widespread adaptation. This pioneering study tackles an unexplored practical privacy preservation use case by generating human-perceivable images that maintain accurate inference by an authorized model while evading other unauthorized black-box models of similar or dissimilar objectives, and addresses the previous research gaps. The datasets employed are ImageNet, for image classification, Celeba-HQ dataset, for identity classification, and AffectNet, for emotion classification. Our results show that the generated images can successfully maintain the accuracy of a protected model and degrade the average accuracy of the unauthorized black-box models to 11.97%, 6.63%, and 55.51% on ImageNet, Celeba-HQ, and AffectNet datasets, respectively.

翻译：深度神经网络广泛应用于现实世界任务，如人脸识别和医学图像分类，其中隐私和数据保护至关重要。未受保护的图像数据可能被利用以推断个人或上下文信息。现有的隐私保护方法（如加密）会生成甚至人类也无法识别的扰动图像。对抗攻击方法则禁止自动化推理（即使对授权利益相关者也是如此），限制了商业化和广泛采用的实用激励。这项开创性研究解决了一个尚未探索的实际隐私保护用例：通过生成人类可感知的图像，在授权模型保持准确推理的同时，规避其他具有相似或不同目标的未授权黑盒模型，从而填补了先前的研究空白。所使用的数据集包括用于图像分类的ImageNet、用于身份分类的Celeba-HQ数据集以及用于情感分类的AffectNet。结果表明，生成的图像能够成功维持受保护模型的准确率，并在ImageNet、Celeba-HQ和AffectNet数据集上分别将未授权黑盒模型的平均准确率降至11.97%、6.63%和55.51%。