Lie to Me: Shield Your Emotions from Prying Software

Sensors (Basel). 2022 Jan 26;22(3):967. doi: 10.3390/s22030967.

Abstract

Deep learning approaches for facial Emotion Recognition (ER) obtain high accuracy on basic models, e.g., Ekman's models, in the specific domain of facial emotional expressions. Thus, facial tracking of users' emotions could be easily used against the right to privacy or for manipulative purposes. As recent studies have shown that deep learning models are susceptible to adversarial examples (images intentionally modified to fool a machine learning classifier) we propose to use them to preserve users' privacy against ER. In this paper, we present a technique for generating Emotion Adversarial Attacks (EAAs). EAAs are performed applying well-known image filters inspired from Instagram, and a multi-objective evolutionary algorithm is used to determine the per-image best filters attacking combination. Experimental results on the well-known AffectNet dataset of facial expressions show that our approach successfully attacks emotion classifiers to protect user privacy. On the other hand, the quality of the images from the human perception point of view is maintained. Several experiments with different sequences of filters are run and show that the Attack Success Rate is very high, above 90% for every test.

Keywords: adversarial machine learning; emotion recognition; evolutionary algorithm; privacy protection.

MeSH terms

  • Emotions
  • Facial Expression*
  • Facial Recognition*
  • Humans
  • Machine Learning
  • Software