Growing leakage and misuse of visual information raise security and privacy concerns, which promotes the development of information protection. Existing adversarial perturbations-based methods mainly focus on the de-identification against deep learning models. However, the inherent visual information of the data has not been well protected. In this work, inspired by the Type-I adversarial attack, we propose an adversarial visual information hiding method to protect the visual privacy of data. Specifically, the method generates obfuscating adversarial perturbations to obscure the visual information of the data. Meanwhile, it maintains the hidden objectives to be correctly predicted by models. In addition, our method does not modify the parameters of the applied model, which makes it flexible for different scenarios. Experimental results on the recognition and classification tasks demonstrate that the proposed method can effectively hide visual information and hardly affect the performances of models. The code is available in the supplementary material.

翻译：日益增长的视觉信息泄露和滥用问题引发了安全与隐私方面的担忧，这推动了信息保护技术的发展。现有基于对抗扰动的方法主要侧重于针对深度学习模型的去识别化，但数据中固有的视觉信息尚未得到有效保护。受一类对抗攻击的启发，本文提出了一种对抗性视觉信息隐藏方法以保护数据的视觉隐私。具体而言，该方法生成混淆性对抗扰动来遮蔽数据的视觉信息，同时保持隐藏目标能被模型正确预测。此外，我们的方法无需修改所使用模型的参数，使其在不同场景下具有灵活性。在识别与分类任务上的实验结果表明，所提方法能有效隐藏视觉信息，且几乎不影响模型的性能。相关代码见补充材料。