The article discusses the evaluation of privacy risks in image classification models, focusing on reconstruction attacks. The study reveals that hand-crafted metrics used to assess the privacy risk of these models may not accurately reflect human perception of privacy information from the reconstructed images. In response to this, the authors propose a learning-based measure called SemSim to evaluate the Semantic Similarity between the original and reconstructed images. SemSim showed a higher correlation with human judgment compared to existing metrics, demonstrating its potential in assessing privacy leakage on the semantic level.

 

Publication date: 22 Sep 2023
Project Page: https://sites.google.com/view/semsim
Paper: https://arxiv.org/pdf/2309.13038