2020-07-07 22:28:54 +05:30
|
|
|
Fawkes
|
|
|
|
------
|
2021-03-07 12:09:19 +05:30
|
|
|
:warning: Check out our MacOS/Windows Software on our official [webpage](https://sandlab.cs.uchicago.edu/fawkes/#code).
|
2021-01-27 04:41:14 +05:30
|
|
|
|
2021-03-07 12:09:19 +05:30
|
|
|
Fawkes is a privacy protection system developed by researchers at [SANDLab](https://sandlab.cs.uchicago.edu/),
|
|
|
|
University of Chicago. For more information about the project, please refer to our
|
|
|
|
project [webpage](https://sandlab.cs.uchicago.edu/fawkes/). Contact us at fawkes-team@googlegroups.com.
|
2020-07-27 05:50:24 +05:30
|
|
|
|
2021-03-07 12:09:19 +05:30
|
|
|
We published an academic paper to summarize our
|
|
|
|
work "[Fawkes: Protecting Personal Privacy against Unauthorized Deep Learning Models](https://www.shawnshan.com/files/publication/fawkes.pdf)"
|
|
|
|
at *USENIX Security 2020*.
|
2020-07-07 22:28:54 +05:30
|
|
|
|
|
|
|
|
2020-07-15 06:04:51 +05:30
|
|
|
Copyright
|
|
|
|
---------
|
2021-03-07 12:09:19 +05:30
|
|
|
This code is intended only for personal privacy protection or academic research.
|
2020-07-15 06:04:51 +05:30
|
|
|
|
2020-07-07 22:28:54 +05:30
|
|
|
Usage
|
|
|
|
-----
|
|
|
|
|
|
|
|
`$ fawkes`
|
|
|
|
|
|
|
|
Options:
|
|
|
|
|
2021-03-07 12:09:19 +05:30
|
|
|
* `-m`, `--mode` : the tradeoff between privacy and perturbation size. Select from `low`, `mid`, `high`. The
|
|
|
|
higher the mode is, the more perturbation will add to the image and provide stronger protection.
|
2020-07-30 09:32:34 +05:30
|
|
|
* `-d`, `--directory` : the directory with images to run protection.
|
|
|
|
* `-g`, `--gpu` : the GPU id when using GPU for optimization.
|
2021-03-07 12:09:19 +05:30
|
|
|
* `--batch-size` : number of images to run optimization together. Change to >1 only if you have extremely powerful
|
|
|
|
compute power.
|
|
|
|
* `--format` : format of the output image (png or jpg).
|
2020-06-29 06:52:27 +05:30
|
|
|
|
2020-07-08 04:29:31 +05:30
|
|
|
### Example
|
2020-06-29 06:52:27 +05:30
|
|
|
|
2020-07-30 09:31:36 +05:30
|
|
|
`fawkes -d ./imgs --mode min`
|
2020-07-07 21:51:30 +05:30
|
|
|
|
2020-07-07 22:28:54 +05:30
|
|
|
### Tips
|
2021-03-07 12:09:19 +05:30
|
|
|
|
|
|
|
- The perturbation generation takes ~60 seconds per image on a CPU machine, and it would be much faster on a GPU
|
|
|
|
machine. Use `batch-size=1` on CPU and `batch-size>1` on GPUs.
|
|
|
|
- Run on GPU. The current Fawkes package and binary does not support GPU. To use GPU, you need to clone this repo, install
|
|
|
|
the required packages in `setup.py`, and replace tensorflow with tensorflow-gpu. Then you can run Fawkes
|
|
|
|
by `python3 fawkes/protection.py [args]`.
|
2020-07-14 05:36:33 +05:30
|
|
|
|
2020-08-01 22:47:10 +05:30
|
|
|
![](http://sandlab.cs.uchicago.edu/fawkes/files/obama.png)
|
2020-08-01 22:44:27 +05:30
|
|
|
|
2021-03-07 12:09:19 +05:30
|
|
|
### How do I know my images are secure?
|
|
|
|
|
|
|
|
We are actively working on this. Python scripts that can test the protection effectiveness will be ready shortly.
|
2020-07-07 22:28:54 +05:30
|
|
|
|
|
|
|
Quick Installation
|
|
|
|
------------------
|
|
|
|
|
2020-07-27 01:17:03 +05:30
|
|
|
Install from [PyPI](https://pypi.org/project/fawkes/):
|
2020-07-07 22:28:54 +05:30
|
|
|
|
|
|
|
```
|
|
|
|
pip install fawkes
|
|
|
|
```
|
|
|
|
|
|
|
|
If you don't have root privilege, please try to install on user namespace: `pip install --user fawkes`.
|
2020-07-07 21:51:30 +05:30
|
|
|
|
2020-09-30 08:31:54 +05:30
|
|
|
|
|
|
|
Academic Research Usage
|
|
|
|
-----------------------
|
2021-03-07 12:09:19 +05:30
|
|
|
For academic researchers, whether seeking to improve fawkes or to explore potential vunerability, please refer to the
|
|
|
|
following guide to test Fawkes.
|
2020-07-14 05:36:05 +05:30
|
|
|
|
2021-03-07 12:09:19 +05:30
|
|
|
To protect a class in a dataset, first move the label's image to a seperate location and run Fawkes. Please
|
|
|
|
use `--debug` option and set `batch-size` to a reasonable number (i.e 16, 32). If the images are already cropped and
|
|
|
|
aligned, then also use the `no-align` option.
|
2020-07-14 05:36:05 +05:30
|
|
|
|
2020-06-29 06:52:27 +05:30
|
|
|
### Citation
|
2021-03-07 12:09:19 +05:30
|
|
|
|
2020-06-29 06:52:27 +05:30
|
|
|
```
|
|
|
|
@inproceedings{shan2020fawkes,
|
|
|
|
title={Fawkes: Protecting Personal Privacy against Unauthorized Deep Learning Models},
|
|
|
|
author={Shan, Shawn and Wenger, Emily and Zhang, Jiayun and Li, Huiying and Zheng, Haitao and Zhao, Ben Y},
|
2021-01-31 13:58:02 +05:30
|
|
|
booktitle={Proc. of {USENIX} Security},
|
2020-06-29 06:52:27 +05:30
|
|
|
year={2020}
|
|
|
|
}
|
2020-07-07 22:28:54 +05:30
|
|
|
```
|