目的：人脸图像蕴含着丰富的个人敏感信息,直接发布可能会造成个人的隐私泄露。为了保护人脸图像中的隐私信息,提出三种基于矩阵分解与差分隐私技术相结合的人脸图像发布算法LRA(Low Rank-based private facial image release Algorithm)、SRA(SVD-based private facial image Release Algorithm)与ESRA(Enhanced SVD-based private facial image Release Algorithm)。方法：为了减少拉普拉斯机制带来的噪音误差,LRA、SRA与ESRA算法均将人脸图像作为实数域二维矩阵,充分利用矩阵低秩分解与奇异值分解技术压缩图像。在SRA与ESRA算法中,如何选择矩阵压缩参数r会直接制约由拉普拉斯机制引起的噪音误差,以及由矩阵压缩所导致的重构误差。SRA算法利用启发式设置参数r。然而r值越大导致过大噪音误差,r值越小导致过大的重构误差。为了有效均衡这两种误差,ESRA算法引入一种基于指数机制的挑选参数r的方法,该方法能够在不同的分解矩阵中挑选出合理的矩阵尺寸来压缩人脸图像,然后再利用拉普拉斯机制对所挑选出的矩阵添加相应的噪音,进而使整个处理过程满足ε-差分隐私。结果：基于六种真实人脸图像数据集,采用SVM分类技术与信息熵验证六种算法的正确性。从算法的准确率、召回率,以及F1-Score度量结果显示,所提出的LRA、SRA与ESRA算法均优于LAP、LRM以及MM算法,其中ESRA算法的可用性最好。结论：实验结果表明,本文算法能够实现满足ε-差分隐私的敏感人脸图像发布,并且具有较高的可用性与较好的鲁棒性
Private Facial Image Publication via Matrix Decomposition
XIAOJIAN,Fu Congcong,Meng Xiaofeng(School of Informatica,Renmin University of China)
Objective Facial image publication in a direct way may lead to privacy leakage, because facial images are inherently sensitive. To protect the private information in facial image, this paper proposes three efficient algorithms, called LRA (Low Rank-based private facial image release Algorithm), SRA (SVD-based private facial image Release Algorithm), and ESRA (Enhanced SVD-based private facial image Release Algorithm) respectively, which are based on Matrix decomposition combined with differential privacy. Method The three algorithms firstly employ the real-valued matrix to model facial image, in which each cell corresponds to each pixel point of image. After that, they rely on Low-Rank decomposition and Singular Value decomposition to compress facial images, and then use the Laplace mechanism to inject noise into each value to ensure differential privacy. Finally, the three algorithms use matrix algebraic operations to reconstruct the noisy facial image. However, in the SRA and ESRA algorithms, we encounter two sources of errors: 1) the Laplace error (LE) due to Laplace noise injected, and 2) the reconstruction error (RE) caused by lossy compression. How to set the compact parameter r will constrain LE and RE. SRA algorithm sets the parameter in a heuristic way. However, the choice of r in SRA algorithm is a serious dilemma: a large r leads to excessive LE, while a small r makes the AE too large. Furthermore, r cannot be directly set based on the real-valued matrix; otherwise, the choice of r itself violates differential privacy. To address this problem, ESRA algorithm firstly samples r elements in decomposition matrix via Exponential mechanism, and then injects the Laplace noise into the elements. Result On the basis of the SVM classification and information entropy technique, two group experiments were conducted over six real facial image datasets to evaluate the quality of the facial images generated from the LRA, SRA, ESRA, LAP, LRM, and MM algorithms using a variety of metrics, including precision, recall, F1 score, and entropy. Our experiments show that the proposed LRA, SRA, and ESRA algorithms outperform LAP, LRM and MM in terms of the abovementioned six metrics. Based on the six datasets, ESRA achieves better accuracy than LRA and SRA. For example, on the Faces94 dataset, we fix the matrix = 200 180 and vary the privacy budget ε (i.e., 0.1, 0.5, 0.9, and1.3) to study the utility of each algorithm. Figure 8 and Figure 9(6) show the results. The utility measures of all algorithms increase when ε increases. When ε varies from 0.1 to 1.3, ESRA still achieves a better precision, recall, F1 score, and entropy than the other algorithms. Conclusion We provide both in-depth theoretical analysis and extensive experiments to compare our algorithms with LAP, LRM, and MM algorithms. Results show that the proposed algorithms can achieve better utility, and outperform the existing solutions.