Deep neural networks are extensively applied to real-world tasks, such as
face recognition and medical image classification, where privacy and data
protection are critical. Image data, if not protected, can be exploited to
infer personal or contextual information. Existing privacy preservation
methods, like encryption, generate perturbed images that are unrecognizable to
even humans. Adversarial attack approaches prohibit automated inference even
for authorized stakeholders, limiting practical incentives for commercial and
widespread adaptation. This pioneering study tackles an unexplored practical
privacy preservation use case by generating human-perceivable images that
maintain accurate inference by an authorized model while evading other
unauthorized black-box models of similar or dissimilar objectives, and
addresses the previous research gaps. The datasets employed are ImageNet, for
image classification, Celeba-HQ dataset, for identity classification, and
AffectNet, for emotion classification. Our results show that the generated
images can successfully maintain the accuracy of a protected model and degrade
the average accuracy of the unauthorized black-box models to 11.97%, 6.63%, and
55.51% on ImageNet, Celeba-HQ, and AffectNet datasets, respectively.

通过生成可被人类感知的图像，本研究在保护模型准确推断的同时，回避其他类似或不同目标的非授权黑盒模型，以实现实际的隐私保护。