A New Approach to Image Classification Dataset Privacy-Preserving with Deep Neural Network

Deep learning technology has made great achievements in some fields such as computer vision, natural language understanding, speech processing, etc. However, a big challenge when using deep learning models is the require a large amount of data. Meanwhile, most of the data belong to organizations or personalities that cannot be public due to privacy. In this paper, we propose a new approach for data publishers to conceal the original dataset but still ensure the features for training deep learning models. Our framework has three advantages. First, we proposed a neural network as a encoder to hide a full-size color image within a noisy image of the same size. The noisy images make it impossible to guessable the contents of the original dataset inside. Second, that method is privacy-preserving as the encode method can’t be inverted without having an original dataset. Third, we demonstrate that our framework is accuracy-preserving because the encoded image still keeps features for the image classification task. All of our experiments based on a trade-off between two factors: the number of features retained (information loss), and the difficulty to invert the original dataset (privacy loss). Our code and pre-trained models are available at: https://github.com/sun-asterisk-research/privacy-dataset-research .