Akademik Veri Yönetim Sistemi
8th International Conference on Mobile Internet Security, MobiSec 2024, Sapporo, Japonya, 17 - 19 Aralık 2024, cilt.2597 CCIS, ss.251-270, (Tam Metin Bildiri)
The big data era has created a plethora of platforms providing access to large amounts of image data on the Internet, which may contain private information. Private images are a hot target for attackers, who train deep learning models to automatically predict which images among the sea of data on the Internet contain privacy-sensitive information. One effective method for dealing with these privacy prediction attacks is misleading the deep learning models through data poisoning at training time to cause the model to make mistakes during inference. In this paper, we propose a novel color-based data poisoning backdoor approach for misleading adversarial privacy prediction models, which causes insignificant visual difference to human sight. We have performed experiments with the publicly available Privacy Alert dataset with classic image classification models including AlexNet, VGG16, Resnet18, and GoogleNet to evaluate the effectiveness of the method. Experiment results show that our algorithm can preserve the functionality of the model on clean data and sets triggers into images successfully. By setting the labels of affected data items to the opposite one, the average privacy prediction accuracy drops from 75.9% to 64.2% when the affected data ratio reaches 0.3 on the test set, demonstrating the effectiveness of the proposed approach in misleading adversarial privacy prediction.