hh.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
HYDRO: Towards Non-Reversible Face De-Identification Using a High-Fidelity Hybrid Diffusion and Target-Oriented Approach
Halmstad University, School of Information Technology. Engage Studios, Gothenburg, Sweden.ORCID iD: 0000-0001-7192-9026
University of Ljubljana, Ljubljana, Slovenia.
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-1043-8773
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-1400-346X
Show others and affiliations
(English)In: Article in journal (Refereed) Submitted
Abstract [en]

Target-oriented face de-identification models aim to anonymize facial identities by transforming original faces to resemble specific targets. Such models commonly lever- age generative encoder-decoder architectures to manip- ulate facial appearances, enabling them to produce re- alistic high-fidelity de-identification results, while ensur- ing considerable attribute-retention capabilities. However, target-oriented models also carry the risk of inadvertently preserving subtle identity cues, making them (potentially) reversible and susceptible to reconstruction attacks. To address this problem, we introduce a novel robust face de-identification approach, called HYDRO, that combines target-oriented models with a dedicated diffusion process specifically designed to destroy any imperceptible informa- tion that may allow learning to reverse the de-identification procedure. HYDRO first de-identifies the given face im- age, injects noise into the de-identification result to im- pede reconstruction, and then applies a diffusion-based re- covery step to improve fidelity and minimize the impact of the noising process on the data characteristics. To further improve image fidelity and better retain gaze directions, a novel Eye Similarity Discriminator (ESD) is also intro- duced and incorporated it into the training of HYDRO. Ex- tensive quantitative and qualitative experiments on three diverse datasets demonstrate that HYDRO exhibits state- of-the-art (SOTA) fidelity and attribute-retention capabili- ties, while being the only target-oriented method resilient against reconstruction attacks. In comparison to multiple SOTA competitors, HYDRO reduces the success of recon- struction attacks by 85.7% on average. The code is avail- able at: https://github.com/anonymousiccv2025/HYDRO.
National Category
Computer graphics and computer vision
Identifiers
URN: urn:nbn:se:hh:diva-55649OAI: oai:DiVA.org:hh-55649DiVA, id: diva2:1945358
Conference
International Conference on Computer Vision, ICCV 2025, Honolulu, Hawaii, Oct 19 – 23th, 2025
Available from: 2025-03-18 Created: 2025-03-18 Last updated: 2025-03-18Bibliographically approved
In thesis
1. Non-Reversible and Attribute Preserving Face De-Identification
Open this publication in new window or tab >>Non-Reversible and Attribute Preserving Face De-Identification
2025 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

De-identification, also known as anonymization, is a broad term that refers to the process of redacting or obscuring personal data, or data that identifies an individual. In the context of video and image data de-identification, the most tangible personal information is the face. Faces are considered biometric data, thus change little compared to other aspects of an individual, such as clothing and hairstyle. Humans possess a strong innate ability to recognize faces. Computers are also adept at recognizing faces, and face recognition models are exceptionally powerful at identifying and comparing faces. Consequently, it is widely recognized as crucial to obscure the faces in video and images to ensure the integrity of de-identified data. Conventionally, this has been achieved through blurring or masking techniques. However, these methods are destructive of data characteristics and thus compromise critical attribute information such as eye gaze, pose, expression and the fact that it is a face. This is a particular problem because our society is data-driven in many ways. This information is useful for a plethora of functions such as traffic safety. One obvious such aspect is autonomous driving and driver monitoring, where necessary algorithms such as object detectors rely on deep learning to function. Due to the data hunger of deep learning, combined with society's demand for privacy and integrity through regulations such as the General Data Protection Regulation (GDPR), face de-identification, which preserves useful information, becomes significantly important.

This Thesis investigates the potential and possible limitations of de-identifying faces, while preserving the aforementioned useful attribute information. The Thesis is especially focused on the sustainability perspective of de-identification, where the perseverance of both integrity and utility of data is important. The baseline method to achieve this is through methods introduced from the face swapping and face manipulation literature, where the current research focuses on changing the face (or identity) with generative models while keeping the original attribute information as intact as possible. All while being integrated and consistent in an image and/or video. Specifically, this Thesis will demonstrate how generative target-oriented and subject-agnostic face manipulation models, which aim to anonymize facial identities by transforming original faces to resemble specific targets, can be used for realistic de-identification that preserves attributes.

While this Thesis will demonstrate and introduce novel de-identification capabilities, it also addresses and highlight potential vulnerabilities and security issues that arise from naively applying generative target-oriented de-identification models. First, since state-of-the-art face representation models are typically restricting the face representation embeddings to a hyper-sphere, maximizing the privacy may lead to trivial identity retrieval matching. Second, transferable adversarial attacks, where adversarial perturbations generated by surrogate identity encoders cause identity leakage in the victim de-identification system. Third, reconstruction attacks, where bad actor models are able to learn and extract enough information from subtle cues left by the de-identification model to consistently reconstruct the original identity.

Through this, this Thesis points out several approaches that are: 1) Controllable, meaning that the proposed models do not naively change the identity. This means that the type and magnitude of identity change is adjustable, and thus tunable to ensure anonymization. 2) Subject agnostic, meaning that the models can handle any identity or face. 3) Fast, meaning that the models are able to run efficiently. Thus having the potential of running in real-time. 4) Non-reversible, this Thesis introduces a novel diffusion-based method to make generative target-oriented models robust against reconstruction attacks. The end product consists of a hybrid generative target-oriented and diffusion de-identification pipeline that achieves state-of-the-art performance on privacy protection as measured by identity retrieval, pose retention, expression retention, gaze retention, and visual fidelity while being robust against reconstruction attacks.
Place, publisher, year, edition, pages
Halmstad: Halmstad University Press, 2025. p. 79
Series
Halmstad University Dissertations ; 130
Keywords
Anonymization, Data Privacy, Generative AI, Reconstruction Attacks, Deep Fakes, Facial Recognition, Identity Tracking, Biometrics
National Category
Signal Processing
Identifiers
urn:nbn:se:hh:diva-55652 (URN)978-91-89587-77-9 (ISBN)978-91-89587-76-2 (ISBN)
Public defence
2025-04-17, S3030, Kristian IV:s väg 3, Halmstad, 10:00 (English)
Opponent
Supervisors
Available from: 2025-03-19 Created: 2025-03-18 Last updated: 2025-03-19Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Englund, CristoferAlonso-Fernandez, FernandoAksoy, Eren

Search in DiVA

By author/editor
Rosberg, FelixEnglund, CristoferAlonso-Fernandez, FernandoAksoy, Eren
By organisation
School of Information Technology
Computer graphics and computer vision

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 336 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Halmstad University Library
|
Info for students
|
Info for researchers
|
Log in