Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors

Fahad Shamshad; Muzammal Naseer; Karthik Nandakumar

doi:10.1007/978-3-031-92089-9_15

Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors

Fahad Shamshad, Muzammal Naseer, Karthik Nandakumar

Computer Science

Mohamed Bin Zayed University of Artificial Intelligence

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Deep learning-based face recognition (FR) systems pose significant privacy risks by tracking users without their consent. While adversarial attacks can protect privacy, they often produce visible artifacts compromising user experience. To mitigate this issue, recent facial privacy protection approaches advocate embedding adversarial noise into the natural looking makeup styles. However, these methods require training on large-scale makeup datasets that are not always readily available. In addition, these approaches also suffer from dataset bias. For instance, training on makeup data that predominantly contains female faces could compromise protection efficacy for male faces. To handle these issues, we propose a test-time optimization approach that solely optimizes an untrained neural network to transfer makeup style from a reference to a source image in an adversarial manner. We introduce two key modules: a correspondence module that aligns regions between reference and source images in latent space, and a decoder with conditional makeup layers. The untrained decoder, optimized via carefully designed structural and makeup consistency losses, generates a protected image that resembles the source but incorporates adversarial makeup to deceive FR models. As our approach does not rely on training with makeup face datasets, it avoids potential male/female dataset biases while providing effective protection. We further extend the proposed approach to videos by leveraging on temporal correlations. Experiments on benchmark datasets demonstrate superior performance in face verification and identification tasks and effectiveness against commercial FR systems. Our code and models will be available at https://github.com/fahadshamshad/deep-facial-privacy-prior.

Original language	British English
Title of host publication	Computer Vision – ECCV 2024 Workshops, Proceedings
Editors	Alessio Del Bue, Cristian Canton, Jordi Pont-Tuset, Tatiana Tommasi
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	227-246
Number of pages	20
ISBN (Print)	9783031920882
DOIs	https://doi.org/10.1007/978-3-031-92089-9_15
State	Published - 2025
Event	Workshops that were held in conjunction with the 18th European Conference on Computer Vision, ECCV 2024 - Milan, Italy Duration: 29 Sep 2024 → 4 Oct 2024

Publication series

Name	Lecture Notes in Computer Science
Volume	15644 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Workshops that were held in conjunction with the 18th European Conference on Computer Vision, ECCV 2024
Country/Territory	Italy
City	Milan
Period	29/09/24 → 4/10/24

Keywords

adversarial makeup transfer
black-box attacks
face recognition
Facial privacy protection

Access to Document

10.1007/978-3-031-92089-9_15

Cite this

Shamshad, F., Naseer, M., & Nandakumar, K. (2025). Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors. In A. Del Bue, C. Canton, J. Pont-Tuset, & T. Tommasi (Eds.), Computer Vision – ECCV 2024 Workshops, Proceedings (pp. 227-246). (Lecture Notes in Computer Science; Vol. 15644 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-92089-9_15

Shamshad, Fahad ; Naseer, Muzammal ; Nandakumar, Karthik. / Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors. Computer Vision – ECCV 2024 Workshops, Proceedings. editor / Alessio Del Bue ; Cristian Canton ; Jordi Pont-Tuset ; Tatiana Tommasi. Springer Science and Business Media Deutschland GmbH, 2025. pp. 227-246 (Lecture Notes in Computer Science).

@inproceedings{7d93e9945d094d058c10145d300917d6,

title = "Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors",

abstract = "Deep learning-based face recognition (FR) systems pose significant privacy risks by tracking users without their consent. While adversarial attacks can protect privacy, they often produce visible artifacts compromising user experience. To mitigate this issue, recent facial privacy protection approaches advocate embedding adversarial noise into the natural looking makeup styles. However, these methods require training on large-scale makeup datasets that are not always readily available. In addition, these approaches also suffer from dataset bias. For instance, training on makeup data that predominantly contains female faces could compromise protection efficacy for male faces. To handle these issues, we propose a test-time optimization approach that solely optimizes an untrained neural network to transfer makeup style from a reference to a source image in an adversarial manner. We introduce two key modules: a correspondence module that aligns regions between reference and source images in latent space, and a decoder with conditional makeup layers. The untrained decoder, optimized via carefully designed structural and makeup consistency losses, generates a protected image that resembles the source but incorporates adversarial makeup to deceive FR models. As our approach does not rely on training with makeup face datasets, it avoids potential male/female dataset biases while providing effective protection. We further extend the proposed approach to videos by leveraging on temporal correlations. Experiments on benchmark datasets demonstrate superior performance in face verification and identification tasks and effectiveness against commercial FR systems. Our code and models will be available at https://github.com/fahadshamshad/deep-facial-privacy-prior.",

keywords = "adversarial makeup transfer, black-box attacks, face recognition, Facial privacy protection",

author = "Fahad Shamshad and Muzammal Naseer and Karthik Nandakumar",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; Workshops that were held in conjunction with the 18th European Conference on Computer Vision, ECCV 2024 ; Conference date: 29-09-2024 Through 04-10-2024",

year = "2025",

doi = "10.1007/978-3-031-92089-9\_15",

language = "British English",

isbn = "9783031920882",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "227--246",

editor = "\{Del Bue\}, Alessio and Cristian Canton and Jordi Pont-Tuset and Tatiana Tommasi",

booktitle = "Computer Vision – ECCV 2024 Workshops, Proceedings",

address = "Germany",

}

Shamshad, F, Naseer, M & Nandakumar, K 2025, Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors. in A Del Bue, C Canton, J Pont-Tuset & T Tommasi (eds), Computer Vision – ECCV 2024 Workshops, Proceedings. Lecture Notes in Computer Science, vol. 15644 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 227-246, Workshops that were held in conjunction with the 18th European Conference on Computer Vision, ECCV 2024, Milan, Italy, 29/09/24. https://doi.org/10.1007/978-3-031-92089-9_15

Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors. / Shamshad, Fahad; Naseer, Muzammal; Nandakumar, Karthik.
Computer Vision – ECCV 2024 Workshops, Proceedings. ed. / Alessio Del Bue; Cristian Canton; Jordi Pont-Tuset; Tatiana Tommasi. Springer Science and Business Media Deutschland GmbH, 2025. p. 227-246 (Lecture Notes in Computer Science; Vol. 15644 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Makeup-Guided Facial Privacy Protection via Untrained Neural Network Priors

AU - Shamshad, Fahad

AU - Naseer, Muzammal

AU - Nandakumar, Karthik

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - Deep learning-based face recognition (FR) systems pose significant privacy risks by tracking users without their consent. While adversarial attacks can protect privacy, they often produce visible artifacts compromising user experience. To mitigate this issue, recent facial privacy protection approaches advocate embedding adversarial noise into the natural looking makeup styles. However, these methods require training on large-scale makeup datasets that are not always readily available. In addition, these approaches also suffer from dataset bias. For instance, training on makeup data that predominantly contains female faces could compromise protection efficacy for male faces. To handle these issues, we propose a test-time optimization approach that solely optimizes an untrained neural network to transfer makeup style from a reference to a source image in an adversarial manner. We introduce two key modules: a correspondence module that aligns regions between reference and source images in latent space, and a decoder with conditional makeup layers. The untrained decoder, optimized via carefully designed structural and makeup consistency losses, generates a protected image that resembles the source but incorporates adversarial makeup to deceive FR models. As our approach does not rely on training with makeup face datasets, it avoids potential male/female dataset biases while providing effective protection. We further extend the proposed approach to videos by leveraging on temporal correlations. Experiments on benchmark datasets demonstrate superior performance in face verification and identification tasks and effectiveness against commercial FR systems. Our code and models will be available at https://github.com/fahadshamshad/deep-facial-privacy-prior.

AB - Deep learning-based face recognition (FR) systems pose significant privacy risks by tracking users without their consent. While adversarial attacks can protect privacy, they often produce visible artifacts compromising user experience. To mitigate this issue, recent facial privacy protection approaches advocate embedding adversarial noise into the natural looking makeup styles. However, these methods require training on large-scale makeup datasets that are not always readily available. In addition, these approaches also suffer from dataset bias. For instance, training on makeup data that predominantly contains female faces could compromise protection efficacy for male faces. To handle these issues, we propose a test-time optimization approach that solely optimizes an untrained neural network to transfer makeup style from a reference to a source image in an adversarial manner. We introduce two key modules: a correspondence module that aligns regions between reference and source images in latent space, and a decoder with conditional makeup layers. The untrained decoder, optimized via carefully designed structural and makeup consistency losses, generates a protected image that resembles the source but incorporates adversarial makeup to deceive FR models. As our approach does not rely on training with makeup face datasets, it avoids potential male/female dataset biases while providing effective protection. We further extend the proposed approach to videos by leveraging on temporal correlations. Experiments on benchmark datasets demonstrate superior performance in face verification and identification tasks and effectiveness against commercial FR systems. Our code and models will be available at https://github.com/fahadshamshad/deep-facial-privacy-prior.

KW - adversarial makeup transfer

KW - black-box attacks

KW - face recognition

KW - Facial privacy protection

UR - http://www.scopus.com/inward/record.url?scp=105006895753&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-92089-9_15

DO - 10.1007/978-3-031-92089-9_15

M3 - Conference contribution

AN - SCOPUS:105006895753

SN - 9783031920882

T3 - Lecture Notes in Computer Science

SP - 227

EP - 246

BT - Computer Vision – ECCV 2024 Workshops, Proceedings

A2 - Del Bue, Alessio

A2 - Canton, Cristian

A2 - Pont-Tuset, Jordi

A2 - Tommasi, Tatiana

PB - Springer Science and Business Media Deutschland GmbH

T2 - Workshops that were held in conjunction with the 18th European Conference on Computer Vision, ECCV 2024

Y2 - 29 September 2024 through 4 October 2024

ER -