The excessive use of images in social networks, government databases, and industrial applications has posed great privacy risks and raised serious concerns from the public. Even though differential privacy (DP) is a widely accepted criterion that can provide a provable privacy guarantee, the application of DP on unstructured data such as images is not trivial due to the lack of a clear qualification on the meaningful difference between any two images. In this paper, for the first time, we introduce a novel notion of image-aware differential privacy, referred to as DP-image, that can protect user's personal information in images, from both human and AI adversaries. The DP-Image definition is formulated as an extended version of traditional differential privacy, considering the distance measurements between feature space vectors of images. Then we propose a mechanism to achieve DP-Image by adding noise to an image feature vector. Finally, we conduct experiments with a case study on face image privacy. Our results show that the proposed DP-Image method provides excellent DP protection on images, with a controllable distortion to faces.

翻译：社交网络、政府数据库及工业应用中对图像的过度使用已带来重大隐私风险，并引发公众严重关切。尽管差分隐私（DP）作为被广泛接受的标准能提供可证明的隐私保障，但由于图像这类非结构化数据缺乏对任意两张图像间有意义的差异的清晰界定，DP在此类数据上的应用并非易事。本文首次提出一种名为DP-Image的新型图像感知差分隐私概念，该概念能够保护图像中用户个人信息免受人类及AI对手的侵害。DP-Image定义被表述为传统差分隐私的扩展版本，其考虑了图像特征空间向量间的距离度量。随后，我们提出一种通过向图像特征向量添加噪声来实现DP-Image的机制。最后，我们以人脸图像隐私为案例开展实验。结果表明，所提出的DP-Image方法在实现对人脸可控失真前提下，能为图像提供卓越的差分隐私保护。