Least privilege learning for attribute obfuscation

Research output: Chapter in Book/Report/Conference proceedingConference contribution

32 Downloads (Pure)


As machine learning systems become ever more prevalent in everyday life, the need to secure such systems is becoming a critically important area in cybersecurity research. In this work, we address the “feature misuse” attack vector, where the features output by a model are abused to perform a function that they were not originally designed for, such as determining a person’s gender in a facial verification system. To mitigate this, we take the security concept of “least privilege”, where a system can only access resources it explicitly needs to complete its task, and apply it to training deep neural networks. This “least privilege learning” ensures features do not contain information regarding protected attributes that are superfluous to the primary task, reducing the potential attack surface for feature misuse and reducing undesired information leakage. In this paper, we present two main contributions. Firstly, a novel training paradigm that enables least privilege learning by obfuscating protected attributes in verification and re-identification scenarios. Secondly, a comprehensive evaluation framework for models trained with least privilege learning, encompassing multiple datasets and three application settings: verification, re-identification, and attribute prediction.
Original languageEnglish
Title of host publicationProceedings of the 6th Asian Conference on Pattern Recognition
Number of pages15
ISBN (Electronic)9783031024443
ISBN (Print)9783031024436
Publication statusPublished - 10 May 2022
EventAsian Conference on Pattern Recognition - Jeju Island, Korea, Democratic People's Republic of
Duration: 09 Nov 202112 Nov 2021
Conference number: 6

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


ConferenceAsian Conference on Pattern Recognition
Abbreviated titleACPR
Country/TerritoryKorea, Democratic People's Republic of
Internet address


Dive into the research topics of 'Least privilege learning for attribute obfuscation'. Together they form a unique fingerprint.

Cite this