Publications-Theses
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 應用圖像加密技術於隱私保護機器學習之研究
A Study on Privacy-Preserving Machine Learning Using Image Encryption Technology作者 林怡婷
Lin, Yi-Ting貢獻者 左瑞麟
Tso, Ray-Lin
林怡婷
Lin, Yi-Ting關鍵詞 AI資安
機器學習
圖像加密
隱私保護
影像處理
隱私保護機器學習
AI Security
Machine Learning
Image Encryption
Privacy Protection
Image Processing
Privacy-Preserving Machine Learning日期 2025 上傳時間 1-Jul-2025 15:06:57 (UTC+8) 摘要 在圖像識別技術的快速發展下,圖像隱私保護已成為一項重要議題。隨著機器學習的不斷演進,越來越多的圖像被應用於模型開發,同時也帶來潛在的隱私風險。如何在確保圖像隱私與安全性的同時,維持模型的準確性與效能,已成為一大挑戰。 傳統的圖像加密技術大多使用相同的鑰匙進行加密,不僅需要和其他用戶端共享鑰匙,還必須透過安全通道進行傳輸,這不僅增加鑰匙洩漏的風險,對鑰匙的存儲與管理上擁有更高的要求。此外,雖然傳統的加密技術能有效保護圖像隱私,卻往往大幅影響圖像識別的準確率,進而降低機器學習模型的表現。 因此,如何在兼顧隱私保護與模型效能的前提下,開發更安全的圖像加密技術,已成為當前研究的重要方向。因此,本論文旨在探討圖像識別領域中隱私保護的問題,並提出相應的解決方案,透過本論文提出的加密方案,產生人類無法識別的圖像,但模型卻可以從加密圖像中識別圖像的特徵,解決了圖像隱私保護和識別準確率存在的兩難問題,並降低圖像在機器學習的隱私風險,而該方案可以運用於不同大小的圖像,使機器學習在圖像隱私保護運用上能擁有更多的彈性。 透過這項研究,希望能夠提升機器學習隱私保護的水平,兼顧圖像識別準確率和安全性,並增加大眾對於圖像隱私和AI資安議題的關注。
With the rapid development of image recognition technology, image privacy protection has become a critical issue. As machine learning continues to advance, an increasing number of images are being utilized for model development, which also raises potential privacy risks. The key challenge lies in ensuring image privacy and security while maintaining model accuracy and performance. Traditional image encryption techniques mostly use the same key for encryption, requiring key sharing with other clients and secure transmission channels. This not only increases the risk of key leakage but also imposes higher demands on key storage and management. Moreover, although these encryption methods can protect image privacy, they often significantly degrade recognition accuracy, ultimately affecting the performance of machine learning models. Therefore, developing a more secure and efficient image encryption technique that balances privacy protection and model performance has become a crucial research direction. This paper proposes a novel encryption scheme to address privacy protection in image recognition. The proposed method generates encrypted images that are unrecognizable to humans but can still be accurately recognized by models. This approach effectively resolves the trade-off between image privacy protection and recognition accuracy while reducing privacy risks in machine learning. Moreover, the proposed method supports images of various sizes, offering greater flexibility for privacy-preserving machine learning applications. Through this research, we aim to enhance the level of privacy protection in image recognition, maintain model accuracy and security, and raise public awareness of image privacy and AI security.參考文獻 [1] LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. nature, 521(7553), 436-444. [2] Guo, Y., Zhang, L., Hu, Y., He, X., & Gao, J. (2016). Ms-celeb-1m: Challenge of recognizing one million celebrities in the real world. Electronic imaging, 28, 1-6. [3] R. S. Siva Kumar et al., "Adversarial Machine Learning-Industry Perspectives," 2020 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 2020, pp. 69-75 [4] W. Sirichotedumrong, T. Chuman, S. Imaizumi and H. Kiya, "Grayscale-Based Block Scrambling Image Encryption for Social Networking Services," 2018 IEEE International Conference on Multimedia and Expo (ICME), San Diego, CA, USA, 2018, pp. 1-6 [5] K. Iida and H. Kiya, "Image Identification of Grayscale-Based JPEG Images for Privacy-Preserving Photo Sharing Services," 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), Lanzhou, China, 2019, pp. 1750-1755 [6] T. Chuman, W. Sirichotedumrong and H. Kiya, "Encryption-then-compression systems using grayscale-based image encryption for jpeg images", IEEE Trans. on Information Forensics and Security, vol. 14, no. 6, pp. 1515-1525, 2019. [7] Q. N. Natsheh, B. Li, and A. G. Gale, ‘‘Security of multi-frame DICOM images using XOR encryption approach,’’ Proc. Comput. Sci., vol. 90, pp. 175–181, Jan. 2016. [8] M. Barni, G. Droandi and R. Lazzeretti, "Privacy Protection in Biometric-Based Recognition Systems: A marriage between cryptography and signal processing," in IEEE Signal Processing Magazine, vol. 32, no. 5, pp. 66-76, Sept. 2015 [9] R. L. Lagendijk, Z. Erkin and M. Barni, "Encrypted signal processing for privacy protection: Conveying the utility of homomorphic encryption and multiparty computation," in IEEE Signal Processing Magazine, vol. 30, no. 1, pp. 82-105, Jan. 2013 [10] Fabian Boemer, Yixing Lao, Rosario Cammarota, and Casimir Wierzynski. ngraph-he: a graph compiler for deep learning on homomorphically encrypted data. Proceedings of the 16th ACM International Conference on Computing Frontiers, pages 3–13, 2019. [11] Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., & Wernsing, J. (2016, June). Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International conference on machine learning (pp. 201-210). PMLR. [12] Maekawa, A. Kawamura, Y. Kinoshita and H. Kiya, "Privacy-preserving svm computing in the encrypted domain", Proceedings of APSIPA Annual Summit and Conference, pp. 897-902, 2018. [13] Masayuki Tanaka. Learnable image encryption. 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pages 1–2, 2018. [14] Koki Madono, Masayuki Tanaka, Masaki Onishi, and Tetsuji Ogawa. Block-wise scrambled image recognition using adaptation network. In AAAI WS, 2020. [15] Sirichotedumrong, W., Kinoshita, Y., & Kiya, H. (2019). Pixel-based image encryption without key management for privacy-preserving deep neural networks. Ieee Access, 7, 177844-177855. [16] W. Sirichotedumrong, T. Maekawa, Y. Kinoshita, and H. Kiya, ‘‘Privacypreserving deep neural networks with pixel-based image encryption considering data augmentation in the encrypted domain,’’ in Proc. IEEE Int. Conf. Image Process. (ICIP), Sep. 2019, pp. 674–678. [17] W. Sirichotedumrong, Y. Kinoshita, and H. Kiya, ‘‘On the security of pixelbased image encryption for privacy-preserving deep neural networks,’’ in Proc. IEEE 8th Global Conf. Consum. Electron. (GCCE), Oct. 2019, pp.121–124 [18] W. Sirichotedumrong and H. Kiya, ‘‘Visual security evaluation of learnable image encryption methods against ciphertext-only attacks,’’ in Proc. Asia–Pacific Signal Inf. Process. Assoc. Annu. Summit Conf. (APSIPA ASC) Dec.2020, pp. 1304–1309. [19] Chang, A. H., & Case, B. M. (2020). Attacks on image encryption schemes for privacy-preserving deep neural networks. arXiv preprint arXiv:2004.13263. [20] Huang, Q. X., Yap, W. L., Chiu, M. Y., & Sun, H. M. (2022). Privacy-preserving deep learning with learnable image encryption on medical images. IEEE Access, 10, 66345-66355. [21] Krizhevsky, A., & Hinton, G. (2009). Learning multiple layers of features from tiny images. [22] 戴宏碩. (2006). 使用在彩色影像上的三邊雜訊濾波器之硬體架構設計. 臺灣師範大學應用電子科技研究所學位論文, 2006, 1-67. [23] Bromiley, P. (2003). Products and convolutions of Gaussian probability density functions. Tina-Vision Memo, 3(4), 1. [24] 繆紹綱. (2024). 數位影像處理, 全華圖書. [25] Schmidhuber, J. (2015). Deep learning in neural networks: An overview. Neural networks, 61, 85-117. [26] O'Shea, K. (2015). An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458. [27] K. He, X. Zhang, S. Ren and J. Sun, "Deep Residual Learning for Image Recognition," 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 770-778, doi:10.1109/CVPR.2016.90. [28] Tan, M., & Le, Q. (2019, May). Efficientnet: Rethinking model scaling for convolutional neural networks. In International conference on machine learning (pp. 6105-6114). PMLR. [29] Pishchik, E. (2023). Trainable Activations for Image Classification. Preprints. https://doi.org/10.20944/preprints202301.0463.v1 [30] Choi, Y., Uh, Y., Yoo, J., & Ha, J. W. (2020). Stargan v2: Diverse image synthesis for multiple domains. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 8188-8197). [31] Deng, J., Dong, W., Socher, R., Li, L. J., Li, K., & Fei-Fei, L. (2009, June). Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition (pp. 248-255). Ieee. 描述 碩士
國立政治大學
資訊科學系
112971003資料來源 http://thesis.lib.nccu.edu.tw/record/#G0112971003 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 林怡婷 zh_TW dc.contributor.author (Authors) Lin, Yi-Ting en_US dc.creator (作者) 林怡婷 zh_TW dc.creator (作者) Lin, Yi-Ting en_US dc.date (日期) 2025 en_US dc.date.accessioned 1-Jul-2025 15:06:57 (UTC+8) - dc.date.available 1-Jul-2025 15:06:57 (UTC+8) - dc.date.issued (上傳時間) 1-Jul-2025 15:06:57 (UTC+8) - dc.identifier (Other Identifiers) G0112971003 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/157814 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系 zh_TW dc.description (描述) 112971003 zh_TW dc.description.abstract (摘要) 在圖像識別技術的快速發展下,圖像隱私保護已成為一項重要議題。隨著機器學習的不斷演進,越來越多的圖像被應用於模型開發,同時也帶來潛在的隱私風險。如何在確保圖像隱私與安全性的同時,維持模型的準確性與效能,已成為一大挑戰。 傳統的圖像加密技術大多使用相同的鑰匙進行加密,不僅需要和其他用戶端共享鑰匙,還必須透過安全通道進行傳輸,這不僅增加鑰匙洩漏的風險,對鑰匙的存儲與管理上擁有更高的要求。此外,雖然傳統的加密技術能有效保護圖像隱私,卻往往大幅影響圖像識別的準確率,進而降低機器學習模型的表現。 因此,如何在兼顧隱私保護與模型效能的前提下,開發更安全的圖像加密技術,已成為當前研究的重要方向。因此,本論文旨在探討圖像識別領域中隱私保護的問題,並提出相應的解決方案,透過本論文提出的加密方案,產生人類無法識別的圖像,但模型卻可以從加密圖像中識別圖像的特徵,解決了圖像隱私保護和識別準確率存在的兩難問題,並降低圖像在機器學習的隱私風險,而該方案可以運用於不同大小的圖像,使機器學習在圖像隱私保護運用上能擁有更多的彈性。 透過這項研究,希望能夠提升機器學習隱私保護的水平,兼顧圖像識別準確率和安全性,並增加大眾對於圖像隱私和AI資安議題的關注。 zh_TW dc.description.abstract (摘要) With the rapid development of image recognition technology, image privacy protection has become a critical issue. As machine learning continues to advance, an increasing number of images are being utilized for model development, which also raises potential privacy risks. The key challenge lies in ensuring image privacy and security while maintaining model accuracy and performance. Traditional image encryption techniques mostly use the same key for encryption, requiring key sharing with other clients and secure transmission channels. This not only increases the risk of key leakage but also imposes higher demands on key storage and management. Moreover, although these encryption methods can protect image privacy, they often significantly degrade recognition accuracy, ultimately affecting the performance of machine learning models. Therefore, developing a more secure and efficient image encryption technique that balances privacy protection and model performance has become a crucial research direction. This paper proposes a novel encryption scheme to address privacy protection in image recognition. The proposed method generates encrypted images that are unrecognizable to humans but can still be accurately recognized by models. This approach effectively resolves the trade-off between image privacy protection and recognition accuracy while reducing privacy risks in machine learning. Moreover, the proposed method supports images of various sizes, offering greater flexibility for privacy-preserving machine learning applications. Through this research, we aim to enhance the level of privacy protection in image recognition, maintain model accuracy and security, and raise public awareness of image privacy and AI security. en_US dc.description.tableofcontents 第一章 緒論 1 1.1 研究背景與動機 1 1.2 研究目的與貢獻 3 1.3 論文架構 4 第二章 技術背景 5 2.1 圖像基礎 5 2.2 統計濾波器 7 2.2.1 SKK改良方案[20]濾波器 8 2.2.2 高斯濾波器 9 2.3 深度學習模型 13 2.3.1 CNN 13 2.3.2 Resnet 14 2.3.3 EfficientNet 15 第三章 相關研究 16 3.1 Tanaka加密方法[13] 16 3.2 SKK加密方法[15] 16 3.3 SKK加密方法[15]攻擊 18 3.3.1 Leading bit Attack 18 3.3.2 Minimum difference Attack 19 3.4 SKK改良方案[20] 20 第四章 研究方法 22 4.1 SKK改良方案[20]攻擊 22 4.2 SKK優化方案 23 4.3 實驗設計與實作 26 4.3.1 實驗設計 27 4.3.2 CIFAR-10[21]資料集實作 28 4.3.3 AFHQ[30]資料集實作 34 4.3.4 實驗成果分析 39 第五章 安全性分析 41 5.1 唯密文攻擊 41 5.2 暴力攻擊 43 第六章 結論 45 6.1 研究結論 45 6.2 未來研究方向 46 參考文獻 47 zh_TW dc.format.extent 4532590 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0112971003 en_US dc.subject (關鍵詞) AI資安 zh_TW dc.subject (關鍵詞) 機器學習 zh_TW dc.subject (關鍵詞) 圖像加密 zh_TW dc.subject (關鍵詞) 隱私保護 zh_TW dc.subject (關鍵詞) 影像處理 zh_TW dc.subject (關鍵詞) 隱私保護機器學習 zh_TW dc.subject (關鍵詞) AI Security en_US dc.subject (關鍵詞) Machine Learning en_US dc.subject (關鍵詞) Image Encryption en_US dc.subject (關鍵詞) Privacy Protection en_US dc.subject (關鍵詞) Image Processing en_US dc.subject (關鍵詞) Privacy-Preserving Machine Learning en_US dc.title (題名) 應用圖像加密技術於隱私保護機器學習之研究 zh_TW dc.title (題名) A Study on Privacy-Preserving Machine Learning Using Image Encryption Technology en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. nature, 521(7553), 436-444. [2] Guo, Y., Zhang, L., Hu, Y., He, X., & Gao, J. (2016). Ms-celeb-1m: Challenge of recognizing one million celebrities in the real world. Electronic imaging, 28, 1-6. [3] R. S. Siva Kumar et al., "Adversarial Machine Learning-Industry Perspectives," 2020 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 2020, pp. 69-75 [4] W. Sirichotedumrong, T. Chuman, S. Imaizumi and H. Kiya, "Grayscale-Based Block Scrambling Image Encryption for Social Networking Services," 2018 IEEE International Conference on Multimedia and Expo (ICME), San Diego, CA, USA, 2018, pp. 1-6 [5] K. Iida and H. Kiya, "Image Identification of Grayscale-Based JPEG Images for Privacy-Preserving Photo Sharing Services," 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), Lanzhou, China, 2019, pp. 1750-1755 [6] T. Chuman, W. Sirichotedumrong and H. Kiya, "Encryption-then-compression systems using grayscale-based image encryption for jpeg images", IEEE Trans. on Information Forensics and Security, vol. 14, no. 6, pp. 1515-1525, 2019. [7] Q. N. Natsheh, B. Li, and A. G. Gale, ‘‘Security of multi-frame DICOM images using XOR encryption approach,’’ Proc. Comput. Sci., vol. 90, pp. 175–181, Jan. 2016. [8] M. Barni, G. Droandi and R. Lazzeretti, "Privacy Protection in Biometric-Based Recognition Systems: A marriage between cryptography and signal processing," in IEEE Signal Processing Magazine, vol. 32, no. 5, pp. 66-76, Sept. 2015 [9] R. L. Lagendijk, Z. Erkin and M. Barni, "Encrypted signal processing for privacy protection: Conveying the utility of homomorphic encryption and multiparty computation," in IEEE Signal Processing Magazine, vol. 30, no. 1, pp. 82-105, Jan. 2013 [10] Fabian Boemer, Yixing Lao, Rosario Cammarota, and Casimir Wierzynski. ngraph-he: a graph compiler for deep learning on homomorphically encrypted data. Proceedings of the 16th ACM International Conference on Computing Frontiers, pages 3–13, 2019. [11] Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., & Wernsing, J. (2016, June). Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International conference on machine learning (pp. 201-210). PMLR. [12] Maekawa, A. Kawamura, Y. Kinoshita and H. Kiya, "Privacy-preserving svm computing in the encrypted domain", Proceedings of APSIPA Annual Summit and Conference, pp. 897-902, 2018. [13] Masayuki Tanaka. Learnable image encryption. 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pages 1–2, 2018. [14] Koki Madono, Masayuki Tanaka, Masaki Onishi, and Tetsuji Ogawa. Block-wise scrambled image recognition using adaptation network. In AAAI WS, 2020. [15] Sirichotedumrong, W., Kinoshita, Y., & Kiya, H. (2019). Pixel-based image encryption without key management for privacy-preserving deep neural networks. Ieee Access, 7, 177844-177855. [16] W. Sirichotedumrong, T. Maekawa, Y. Kinoshita, and H. Kiya, ‘‘Privacypreserving deep neural networks with pixel-based image encryption considering data augmentation in the encrypted domain,’’ in Proc. IEEE Int. Conf. Image Process. (ICIP), Sep. 2019, pp. 674–678. [17] W. Sirichotedumrong, Y. Kinoshita, and H. Kiya, ‘‘On the security of pixelbased image encryption for privacy-preserving deep neural networks,’’ in Proc. IEEE 8th Global Conf. Consum. Electron. (GCCE), Oct. 2019, pp.121–124 [18] W. Sirichotedumrong and H. Kiya, ‘‘Visual security evaluation of learnable image encryption methods against ciphertext-only attacks,’’ in Proc. Asia–Pacific Signal Inf. Process. Assoc. Annu. Summit Conf. (APSIPA ASC) Dec.2020, pp. 1304–1309. [19] Chang, A. H., & Case, B. M. (2020). Attacks on image encryption schemes for privacy-preserving deep neural networks. arXiv preprint arXiv:2004.13263. [20] Huang, Q. X., Yap, W. L., Chiu, M. Y., & Sun, H. M. (2022). Privacy-preserving deep learning with learnable image encryption on medical images. IEEE Access, 10, 66345-66355. [21] Krizhevsky, A., & Hinton, G. (2009). Learning multiple layers of features from tiny images. [22] 戴宏碩. (2006). 使用在彩色影像上的三邊雜訊濾波器之硬體架構設計. 臺灣師範大學應用電子科技研究所學位論文, 2006, 1-67. [23] Bromiley, P. (2003). Products and convolutions of Gaussian probability density functions. Tina-Vision Memo, 3(4), 1. [24] 繆紹綱. (2024). 數位影像處理, 全華圖書. [25] Schmidhuber, J. (2015). Deep learning in neural networks: An overview. Neural networks, 61, 85-117. [26] O'Shea, K. (2015). An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458. [27] K. He, X. Zhang, S. Ren and J. Sun, "Deep Residual Learning for Image Recognition," 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 770-778, doi:10.1109/CVPR.2016.90. [28] Tan, M., & Le, Q. (2019, May). Efficientnet: Rethinking model scaling for convolutional neural networks. In International conference on machine learning (pp. 6105-6114). PMLR. [29] Pishchik, E. (2023). Trainable Activations for Image Classification. Preprints. https://doi.org/10.20944/preprints202301.0463.v1 [30] Choi, Y., Uh, Y., Yoo, J., & Ha, J. W. (2020). Stargan v2: Diverse image synthesis for multiple domains. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition (pp. 8188-8197). [31] Deng, J., Dong, W., Socher, R., Li, L. J., Li, K., & Fei-Fei, L. (2009, June). Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition (pp. 248-255). Ieee. zh_TW
