Ensuring data privacy and protection has become paramount in the era of deep learning. Unlearnable examples are proposed to mislead the deep learning models and prevent data from unauthorized exploration by adding small perturbations to data. However, such perturbations (e.g., noise, texture, color change) predominantly impact low-level features, making them vulnerable to common countermeasures. In contrast, semantic images with intricate shapes have a wealth of high-level features, making them more resilient to countermeasures and potential for producing robust unlearnable examples. In this paper, we propose a Deep Hiding (DH) scheme that adaptively hides semantic images enriched with high-level features. We employ an Invertible Neural Network (INN) to invisibly integrate predefined images, inherently hiding them with deceptive perturbations. To enhance data unlearnability, we introduce a Latent Feature Concentration module, designed to work with the INN, regularizing the intra-class variance of these perturbations. To further boost the robustness of unlearnable examples, we design a Semantic Images Generation module that produces hidden semantic images. By utilizing similar semantic information, this module generates similar semantic images for samples within the same classes, thereby enlarging the inter-class distance and narrowing the intra-class distance. Extensive experiments on CIFAR-10, CIFAR-100, and an ImageNet subset, against 18 countermeasures, reveal that our proposed method exhibits outstanding robustness for unlearnable examples, demonstrating its efficacy in preventing unauthorized data exploitation.

翻译：在深度学习时代，确保数据隐私与保护已变得至关重要。不可学习样本通过向数据添加微小扰动，旨在误导深度学习模型并防止数据遭受未授权探索。然而，此类扰动（如噪声、纹理、颜色变化）主要影响低级特征，使其易受常见对抗措施的影响。相比之下，具有复杂形状的语义图像富含高级特征，使其对对抗措施更具抵抗力，并具备生成鲁棒不可学习样本的潜力。本文提出一种深度隐藏方案，能够自适应地隐藏富含高级特征的语义图像。我们采用可逆神经网络来不可见地集成预定义图像，本质上通过欺骗性扰动将其隐藏。为增强数据的不可学习性，我们引入了一个潜在特征集中模块，该模块与可逆神经网络协同工作，以正则化这些扰动的类内方差。为进一步提升不可学习样本的鲁棒性，我们设计了一个语义图像生成模块，用于产生隐藏的语义图像。通过利用相似的语义信息，该模块为同一类别内的样本生成相似的语义图像，从而扩大类间距离并缩小类内距离。在CIFAR-10、CIFAR-100及一个ImageNet子集上，针对18种对抗措施进行的广泛实验表明，我们提出的方法在不可学习样本方面展现出卓越的鲁棒性，验证了其在防止未授权数据利用方面的有效性。