CN112837202A

CN112837202A - Watermark image generation and attack tracing method and device based on privacy protection

Info

Publication number: CN112837202A
Application number: CN202110103130.8A
Authority: CN
Inventors: 曹佳炯; 丁菁汀
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2021-01-26
Filing date: 2021-01-26
Publication date: 2021-05-25
Anticipated expiration: 2041-01-26
Also published as: CN112837202B

Abstract

The embodiment of the specification provides a watermark image generation and attack tracing method and device based on privacy protection, wherein the watermark image generation method based on privacy protection comprises the following steps: acquiring an original image to be added with a watermark, wherein the original image comprises a human face; determining a target watermark adding model which is matched with the acquisition time of the original image in a plurality of watermark adding models obtained by model training in advance; each watermark adding model is used for adding a corresponding type of counterwatermark to the face in the original image; and carrying out watermarking processing on the original image according to the target watermarking model to obtain a target image containing the counter watermark of the type corresponding to the target watermarking model.

Description

Watermark image generation and attack tracing method and device based on privacy protection

Technical Field

The present document relates to the field of computer technologies, and in particular, to a method and an apparatus for generating a watermark image and tracing an attack based on privacy protection.

Background

With the continuous development of internet technology, face recognition is widely applied in numerous scenes, such as payment, entrance guard, travel and the like. Generally, in a face recognition process, a face recognition device needs to collect, process, transmit a face image of a user to a designated device for storage and the like. Since the attack cost of attacking the face recognition device and the designated device storing the face image is high, an attacker usually attacks the face recognition device in the process of transmitting the face image to the designated device, so that the face image of the user is obtained to perform illegal operation, and not only is the private information of the user leaked, but also property and other losses are easily caused to the user. Therefore, how to avoid privacy disclosure of users and effectively track attackers are problems which need to be solved urgently.

Disclosure of Invention

One or more embodiments of the present specification provide a method for generating a watermark image based on privacy protection. The method comprises the step of obtaining an original image to be added with a watermark. Wherein, the original image comprises a human face. And determining a target watermarking model which is matched with the acquisition time of the original image in a plurality of watermarking models obtained by model training in advance. Each watermark adding model is used for adding corresponding types of counterwatermarks to the human face. And performing watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model so as to prevent personal information from being leaked.

One or more embodiments of the present specification provide an attack tracing method based on privacy protection. The method comprises the step of obtaining an image to be detected. Wherein, the image to be detected comprises a human face. And if the image to be detected is determined to be the target image containing the counter watermark, identifying the counter watermark based on a watermark identification model obtained by model training in advance to obtain the watermark type of the counter watermark. When an original image to be added with a watermark is acquired, the target image is obtained by performing the addition processing of the counter watermark on the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the acquisition time of the original image. Each watermarking model is used for adding corresponding type of counterwatermarking to the human face in the original image so as to prevent personal information from being leaked. And carrying out attack tracing processing according to the watermark type.

One or more embodiments of the present specification provide a device for generating a watermark image based on privacy protection. The device comprises an acquisition module for acquiring the original image to be added with the watermark. Wherein, the original image comprises a human face. The device also comprises a determining module for determining a target watermarking model which is matched with the acquisition time of the original image in a plurality of watermarking models obtained by model training in advance. Each watermark adding model is used for adding corresponding types of counterwatermarks to the human face. The device also comprises an adding module which is used for carrying out watermarking processing on the original image according to the target watermarking model to obtain a target image containing the counter watermark of the type corresponding to the target watermarking model so as to prevent personal information from being leaked.

One or more embodiments of the present specification provide an attack tracing apparatus based on privacy protection. The device comprises an acquisition module for acquiring the image to be detected. Wherein, the image to be detected comprises a human face. The device further comprises an identification module, and if the image to be detected is determined to be the target image containing the counter watermark, the counter watermark is identified based on a watermark identification model obtained by model training in advance, and the watermark type of the counter watermark is obtained. When an original image to be added with a watermark is acquired, the target image is obtained by performing the addition processing of the counter watermark on the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the acquisition time of the original image. Each watermarking model is used for adding corresponding type of counterwatermarking to the human face in the original image so as to prevent personal information from being leaked. The device also comprises a tracing module for carrying out attack tracing processing according to the watermark type.

One or more embodiments of the present specification provide a watermark image generation device based on privacy protection. The apparatus includes a processor. The apparatus also comprises a memory arranged to store computer executable instructions. The computer executable instructions, when executed, cause the processor to obtain an original image to be watermarked. Wherein, the original image comprises a human face. And determining a target watermarking model which is matched with the acquisition time of the original image in a plurality of watermarking models obtained by model training in advance. Each watermark adding model is used for adding corresponding types of counterwatermarks to the human face. And performing watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model so as to prevent personal information from being leaked.

One or more embodiments of the present specification provide an attack tracing device based on privacy protection. The apparatus includes a processor. The apparatus also comprises a memory arranged to store computer executable instructions. The computer executable instructions, when executed, cause the processor to acquire an image to be detected. Wherein, the image to be detected comprises a human face. And if the image to be detected is determined to be the target image containing the counter watermark, identifying the counter watermark based on a watermark identification model obtained by model training in advance to obtain the watermark type of the counter watermark. When an original image to be added with a watermark is acquired, the target image is obtained by performing the addition processing of the counter watermark on the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the acquisition time of the original image. Each watermarking model is used for adding corresponding type of counterwatermarking to the human face in the original image so as to prevent personal information from being leaked. And carrying out attack tracing processing according to the watermark type.

One or more embodiments of the present specification provide a storage medium. The storage medium is used to store computer-executable instructions. The computer-executable instructions, when executed by a processor, obtain an original image to be watermarked. Wherein, the original image comprises a human face. And determining a target watermarking model which is matched with the acquisition time of the original image in a plurality of watermarking models obtained by model training in advance. Each watermark adding model is used for adding corresponding types of counterwatermarks to the human face. And performing watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model so as to prevent personal information from being leaked.

One or more embodiments of the present specification provide a storage medium. The storage medium is used to store computer-executable instructions. The computer executable instructions, when executed by the processor, acquire an image to be detected. Wherein, the image to be detected comprises a human face. And if the image to be detected is determined to be the target image containing the counter watermark, identifying the counter watermark based on a watermark identification model obtained by model training in advance to obtain the watermark type of the counter watermark. When an original image to be added with a watermark is acquired, the target image is obtained by performing the addition processing of the counter watermark on the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the acquisition time of the original image. Each watermarking model is used for adding corresponding type of counterwatermarking to the human face in the original image so as to prevent personal information from being leaked. And carrying out attack tracing processing according to the watermark type.

Drawings

In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and that other drawings can be obtained by those skilled in the art without inventive exercise.

Fig. 1 is a schematic view of a scene of a method for generating a watermark image based on privacy protection according to one or more embodiments of the present specification;

fig. 2 is a first flowchart of a method for generating a watermark image based on privacy protection according to one or more embodiments of the present disclosure;

fig. 3 is a second flowchart of a method for generating a watermark image based on privacy protection according to one or more embodiments of the present disclosure;

fig. 4 is a schematic flowchart of a method for generating a watermark image based on privacy protection according to one or more embodiments of the present specification;

fig. 5 is a fourth flowchart illustrating a method for generating a watermark image based on privacy protection according to one or more embodiments of the present disclosure;

fig. 6 is a first flowchart of an attack tracing method based on privacy protection according to one or more embodiments of the present disclosure;

fig. 7 is a second flowchart of an attack tracing method based on privacy protection according to one or more embodiments of the present disclosure;

fig. 8 is a third flowchart illustrating an attack tracing method based on privacy protection according to one or more embodiments of the present disclosure;

fig. 9 is a fourth flowchart illustrating an attack tracing method based on privacy protection according to one or more embodiments of the present disclosure;

fig. 10 is a schematic block diagram illustrating a generation apparatus of a watermark image based on privacy protection according to one or more embodiments of the present specification;

fig. 11 is a schematic block diagram illustrating an attack tracing apparatus based on privacy protection according to one or more embodiments of the present disclosure;

fig. 12 is a schematic structural diagram of a device for generating a watermark image based on privacy protection according to one or more embodiments of the present specification;

fig. 13 is a schematic structural diagram of an attack tracing apparatus based on privacy protection according to one or more embodiments of the present specification.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments described herein without making any inventive step shall fall within the scope of protection of this document.

Fig. 1 is a schematic view of an application scenario of a method for generating a watermark image based on privacy protection according to one or more embodiments of the present specification, as shown in fig. 1, the scenario includes: user's terminal equipment and watermark image's generating device. The terminal device may be a mobile phone, a tablet computer, a desktop computer, a portable notebook computer, or the like (only the mobile phone is shown in fig. 1). The watermark image generation device may be installed in the terminal device of the user, such as in a form of a separate Application (Application); or in the form of functional modules in other applications, such as in some payment application, social application, etc. The watermark image generation device may be separate from and independent of the user's terminal device.

The generation device of the watermark image is separated from the terminal equipment of the user and independently exists as an example for explanation, when the user needs to add the counter watermark to the original image, the terminal equipment is operated to send the original image to be added with the watermark to the generation device of the watermark image; when a watermark image generating device receives an original image to be added with a watermark, determining a target watermark adding model which is matched with the acquisition time of the original image in a plurality of watermark adding models obtained by model training in advance; and performing watermarking processing on the obtained original image according to the target watermarking model to obtain a target image containing the counter watermark of the type corresponding to the target watermarking model. Each watermark adding model is used for adding a corresponding type of counterwatermark to the face in the original image to be added with the watermark; the anti-watermark has the characteristics of not influencing the visual effect, not being influenced by image preprocessing and the like. Therefore, the target image is obtained by adding the counter watermark to the original image, and the protection of the user privacy data is realized on the basis of not influencing the visual effect of the target image; even if the target image is intercepted by an attacker, the attacker cannot acquire the face information in the target image, so that the leakage of personal information is effectively prevented. In addition, because the target watermark adding model is determined based on the acquisition time of the original image, when the intercepted target image issued by an attacker is acquired, attack tracing can be rapidly carried out through watermark identification and time matching. It should be noted that fig. 1 is only illustrative and not limiting, and in some scenarios, an image capture device or the like may also be included.

Fig. 2 is a flowchart of a method for generating a watermark image based on privacy protection according to one or more embodiments of the present specification, where the method in fig. 2 can be performed by a device for generating a watermark image in fig. 1, as shown in fig. 2, and the method includes the following steps:

step S102, obtaining an original image to be added with a watermark; wherein, the original image comprises a human face;

optionally, when a user needs to perform face recognition processing in a service handling process, the image acquisition device acquires a face image of the user to perform face recognition processing, and sends the acquired face image to the watermark image generation device after the face recognition is passed; the watermark image generation device receives a face image sent by image acquisition equipment and determines the face image as an original image to be added with a watermark; the watermark image generation device may be disposed in the image capture device, or may be separate from the image capture device and exist independently. Or when the user wants to publish the image on the social network, the user operates the terminal equipment to send the image to be published to the watermark image generation device, and the watermark image generation device determines the received image as the original image to be added with the watermark. The acquisition mode of the original image is not specifically limited in this specification, and may be set in an actual application as needed. It should be noted that the original image may include the upper body, the whole body, or only the face of the user.

Step S104, determining a target watermark adding model which is matched with the acquisition time of the original image in a plurality of watermark adding models obtained by model training in advance; each watermark adding model is used for adding a corresponding type of counterwatermark to the face in the original image;

in order to track an attacker based on an acquired target image issued by the attacker after a target image including a counter watermark is intercepted, in one or more embodiments of the present specification, a plurality of watermark adding models are trained in advance, where each watermark adding model corresponds to one type of counter watermark and corresponds to a time period, such as 1 hour. When the watermark image generation device acquires an original image to be watermarked, determining a target watermark adding model which is matched with the acquisition time of the original image in the plurality of pre-trained watermark adding models.

It should be noted that the countermeasure watermark in this specification is different from a conventional character or picture watermark, which is visible to the naked eye after being added to an image, and the image added with the conventional watermark is subjected to clipping, scaling, and the like, so that the recognition of the watermark is affected, that is, the conventional watermark is affected by image preprocessing. The countermeasure watermark in the specification has the invisibility of naked eyes, and the invisibility of the naked eyes is realized by the target constraint of a loss function in the training process of the watermark adding model; therefore, the visual effect of the target image is not affected after the counter watermark is added to the face in the original image to obtain the target image, namely the visual effect of the target image is the same as that of the original image, and an attacker cannot perceive the target image easily. Moreover, the counterwatermark is not influenced by image preprocessing, and even if preprocessing such as scaling is carried out on the target image, the accuracy of watermark identification is not influenced.

And step S106, performing watermarking processing on the acquired original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model so as to prevent personal information from being leaked.

In one or more embodiments of the present specification, when an original image to be watermarked is acquired, a matched target watermark adding model is determined based on acquisition time of the original image, and corresponding type of adding processing of a counter watermark is performed on the original image according to the target watermark adding model. Therefore, the target image is obtained by adding the counter watermark to the original image, and the protection of the user privacy data is realized on the basis of not influencing the visual effect of the target image; even if the target image is intercepted by an attacker, the face information in the target image cannot be acquired, and the leakage of personal information is effectively prevented. In addition, because the target watermark adding model is determined based on the acquisition time of the original image, when the intercepted target image issued by an attacker is acquired, attack tracing can be rapidly carried out through operations such as watermark identification and time matching.

In order to facilitate the generation device of the watermark image to quickly determine the target watermark adding model and ensure the accuracy of subsequent attack tracing processing, in one or more embodiments of the present specification, a corresponding relationship between the watermark type and the watermark adding model is established in advance, and the generation device of the watermark image determines the target watermark adding model based on the corresponding relationship. Specifically, as shown in fig. 3, the step S104 may include the following steps S104-2 to S104-8:

step S104-2, determining the acquisition time of the original image;

step S104-4, determining the watermark type of the counter watermark matched with the acquisition time of the original image;

specifically, determining a target time period to which the acquisition time of the original image belongs in a plurality of preset time periods; acquiring a corresponding watermark type from a corresponding relation between a preset time period and the watermark type according to the determined target time period; the acquired watermark type is determined as a watermark type of the counter watermark matching the acquisition time of the original image.

The specific duration of the time period can be set automatically according to the requirement in practical application. For example, with 1 hour as a period, 24 watermarking models, that is, 24 counter watermarks, may be trained in advance. For the convenience of distinguishing, the watermark types of the 24 counter watermarks are sequentially marked as a first type, a second type, a third type … and a twenty-fourth type; wherein the first type corresponds to a time period of 0 point to 0 point 59, the second type corresponds to a time period of 1 point to 1 point 59, the third type corresponds to a time period of 2 points to 2 points 59 …, the twenty-fourth type corresponds to a time period of 23 points to 23 points 59; when the acquisition time of the original image is determined to be 9 points and 10 minutes, the corresponding time interval is determined to be a target time interval from 9 points to 10 points, and the corresponding watermark type is determined to be the tenth type according to the target time interval.

Step S104-6, acquiring a corresponding watermark adding model from the corresponding relation between the preset watermark type and the watermark adding model according to the determined watermark type;

and step S104-8, determining the obtained watermark adding model as a target watermark adding model.

By presetting the corresponding relation between the time period and the watermark type and the corresponding relation between the watermark type and the watermark adding model, the target watermark adding model can be rapidly determined by the watermark image generating device conveniently, and the accuracy of subsequent attack tracing processing can be ensured.

Considering that the main purpose of an attacker to attack is to acquire face information of a user in an image, in order to increase the adding rate of the counter watermark, in one or more embodiments of the present specification, the counter watermark is added only to a face area in an original image. Specifically, as shown in fig. 4, step S106 may include the following steps S106-2 and S106-4:

s106-2, inputting the acquired original image into a target watermark adding model;

and S106-4, positioning the original image based on the target watermark adding model to obtain a face area, and adding a counter watermark to the obtained face area to obtain a target image.

The process of adding the counter watermark to the original image to obtain the target image realizes the protection of the user privacy data on the basis of not influencing the visual effect of the target image.

In order to implement adding of the anti-watermark and implement attack tracing, in one or more embodiments of the present specification, step S102 may further include:

step S100-2, acquiring a plurality of first sample images; wherein, the first sample image comprises a human face;

optionally, obtaining a plurality of first sample images from a network; alternatively, the plurality of first sample images are obtained from a designated image library, wherein the image library may be a database constructed based on user images provided by the user during the transaction.

And S100-4, performing training processing based on the first sample image according to a preset model training mode to obtain a plurality of watermark adding models.

Specifically, the structure of a preset training network is adjusted according to a preset adjusting mode respectively to obtain a current training network; wherein, the structures of different current training networks are different; and training the current training network based on the first sample image to obtain a watermark adding model of the corresponding type of the counter watermark. The preset adjusting mode is, for example, adjusting the number of layers, the number of channels, the size of a convolution kernel, and the like of the training network.

Specifically, a first sample image is divided into a training set and a verification set, and a preset training network is determined as a current training network; for convenience of description, corresponding pairs of water resistant watermarks are marked as a first type of counter watermark, a second type of counter watermark … and an nth type of counter watermark in sequence according to a training sequence, where N is an integer greater than 1. Inputting each first sample image in the training set into a current training network for training to obtain a first type of initial watermark adding model for resisting the watermark; verifying the initial watermark adding model based on a verification set, and if the verification result is that the initial watermark adding model passes, determining the initial watermark adding model as a final watermark adding model of the first type of counter watermark; and if the verification result is that the watermark is not passed, continuing to perform training processing based on the training set until a final watermark adding model of the first type of the counter watermark is obtained. After the final watermark adding model of the first type of anti-watermark is obtained, the structure of the training network is adjusted according to a preset adjusting mode, the adjusted training network is determined as the current training network, and the training of the watermark adding model of the second type of anti-watermark is carried out according to the mode based on the current training network, the training set and the verification set; and repeating the steps until N watermark adding models are obtained. It should be noted that, starting from training the third type of watermark adding model for resisting watermarks, the network structure may be adjusted on the basis of the original training network, or on the basis of the current training network; the predetermined training network is, for example, UNET network. Since the training process of the model is well known to those skilled in the art, the detailed process of the model training will not be described in detail in this specification.

Further, in order to ensure that a target image obtained by performing anti-watermarking processing on an original image based on a watermarking model has the same visual effect as the original image and that an attacker cannot recognize a face in the target image, in one or more embodiments of the present specification, the performing training processing on the current training network based on the first sample image to obtain a corresponding type of anti-watermarking model may include:

inputting the first sample image into a current training network to obtain a second sample image containing the corresponding type of counter watermark; performing feature extraction processing on the first sample image and the second sample image based on a pre-trained face recognition model to obtain corresponding first image features and second image features; and training to obtain the corresponding type of watermark adding model for resisting the watermark by taking the similarity between the first sample image and the second sample image as a target, wherein the similarity is greater than the first similarity, and the similarity between the first image characteristic and the second image characteristic is less than the second similarity. Namely, the loss function in the training process includes two parts, one part is that the similarity between the first sample image and the second sample image is greater than the first similarity, and the other part is that the similarity between the first image feature and the second image feature is less than the second similarity. Wherein the first similarity is a large value, such as 95%, so as to restrict the anti-watermark from being invisible, and make the original image and the target image have little difference in vision. The second similarity is a small value, such as 5%, so as to ensure that the human face in the target image has a large difference from the human face in the original image, and the original human face cannot be recognized based on the target image. The similarity may be determined by calculating a euclidean distance, a cosine distance, and the like, which is not specifically limited in this specification.

Therefore, in the training process, the loss function is used as the target for training, so that the invisibility of the anti-watermark corresponding to each watermark adding model is ensured, the target image added with the anti-watermark cannot identify the original face, the leakage of personal information is effectively prevented, and the protection of the privacy of the user is realized.

In consideration of the fact that some businesses have storage requirements for target images in the business handling process, business backtracking can be conducted on the basis of the stored target images or the stored target images can be used in other business handling links. Based on this, as shown in fig. 5, the following step S108 may be further included after step S106:

step S108, sending a storage request to a designated server according to the target image; the storage request is used for requesting the server to store the target image into a specified image library.

In one or more embodiments of the present specification, when an original image to be watermarked is acquired, a matched target watermark adding model is determined based on acquisition time of the original image, and corresponding type of adding processing of a counter watermark is performed on the original image according to the target watermark adding model. Therefore, the target image is obtained by adding the counter watermark to the original image, and the protection of the user privacy data is realized on the basis of not influencing the visual effect of the target image; even if the target image is intercepted by an attacker, the face information in the target image cannot be acquired, and the leakage of the personal information of the user is effectively prevented. In addition, because the target watermark adding model is determined based on the acquisition time of the original image, when the intercepted target image issued by an attacker is acquired, attack tracing can be rapidly carried out through watermark identification and time matching.

On the basis of the same technical concept, one or more embodiments of the present specification further provide an attack tracing method based on privacy protection, fig. 6 is a schematic flow diagram of the attack tracing method based on privacy protection provided by one or more embodiments of the present specification, and the method shown in fig. 6 may be executed by an attack tracing apparatus; as shown in fig. 6, the method comprises the steps of:

step S202, acquiring an image to be detected; wherein the image to be detected comprises a human face;

specifically, the attack tracing device scans images of a designated website, an application program and the like according to a preset frequency to obtain an image to be detected including a human face.

Step S204, if the image to be detected is determined to be the target image containing the counter watermark, identifying the counter watermark based on a watermark identification model obtained by model training in advance to obtain the watermark type of the counter watermark; when the target image is an original image to be added with the watermark, performing anti-watermark adding processing on the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the acquisition time of the original image; each watermark adding model is used for adding a corresponding type of counterwatermark to the face in the original image;

the generation process of the target image may refer to the foregoing related description, and repeated details are not repeated here.

And step S206, performing attack tracing processing according to the obtained watermark type.

In one or more embodiments of the present description, when an image to be detected including a human face is acquired, if it is determined that the image to be detected is a target image including a counter watermark, attack tracing processing is performed according to a determined watermark type; the target image is an image obtained by performing anti-watermark adding processing on an original image on the basis of a target watermark adding model which is determined to be matched with the acquisition time of the original image in advance. Therefore, because the counterwatermarks of different watermark types correspond to different time periods, the time period of the target image being attacked can be determined based on the watermark types, so that the scope of attack tracing processing is narrowed, the attack tracing is not blindly carried out in a large range, the accuracy of the attack tracing can be improved, and the efficiency of the attack tracing is favorably improved.

Considering that whether the image to be detected is a target image containing the counter watermark or not can not be identified by naked eyes due to the fact that the counter watermark is invisible to the naked eyes; and the spatial features of the face in the original image are different from those of the face after the counter watermark is added. Based on this, in one or more embodiments of the present specification, as shown in fig. 7, step S204 may include the following steps S204-2 to S204-10:

step S204-2, carrying out face extraction processing on an image to be detected to obtain a first face image;

step S204-4, preprocessing the first face image to obtain a second face image;

the preprocessing mode can be set in practical application according to needs, such as gaussian filtering, mean filtering and the like.

Step S204-6, performing feature extraction processing on the first face image and the second face image based on a pre-trained face recognition model to obtain a first face feature and a second face feature;

the training mode of the face recognition model is a technique well known to those skilled in the art, and reference may be made to the existing training mode, which is not described in detail in this specification.

And step S204-8, if the difference value between the first face feature and the second face feature is determined to be larger than a preset value, determining that the image to be detected is a target image containing the counterwatermark.

Specifically, the first face feature is recorded as F, the second face feature is recorded as F ', and the preset value is recorded as T, then | | | F-F' | > T is obtained.

And step S204-10, identifying the counter watermark based on the watermark identification model obtained by performing model training in advance to obtain the watermark type of the counter watermark.

Therefore, the preset face recognition model is used as an auxiliary face feature extraction device, whether the image to be detected is a target image containing the counter watermark or not is determined based on the face feature, and the accuracy of the determination result is improved.

Considering that the cost of attacking the server is high, the current attacker mainly performs an attack operation in the process that the watermark image generation device sends the generated target image to the server, that is, performs an attack in the process that the target image is transmitted to the server. Since the watermark image generation device usually sends the target image to the server immediately after generating the target image, the time difference between the attack time of the attacker and the target image generation time is small, and the attack time and the target image generation time are considered to be performed in the same time period, that is, in the time period corresponding to the counter watermark included in the target image. Based on this, in one or more embodiments of the present specification, as shown in fig. 8, step S206 may include the following steps S206-2 to S206-6:

step S206-2, determining the leakage time interval of the image to be detected according to the watermark type;

specifically, according to the obtained watermark type, a corresponding time period is obtained from the corresponding relation between the preset watermark type and the time period; and determining the acquired time period as the leakage time period of the image to be detected.

Step S206-4, obtaining target access flow data with access time in a determined leakage period from the recorded access flow data of the specified server; the server side stores a plurality of target images;

in order to ensure that the image to be detected is intercepted and copied by an attacker during transmission from the watermark image generation device to the server, so as to avoid performing invalid attack tracing processing, as shown in fig. 9, step S206-4 may include the following steps S206-42 to S206-46:

step S206-42, obtaining a first target image with the adding time of the counter watermark in the leakage time period from a plurality of target images stored by the appointed server;

the target image can be saved in a designated image library of the server, and the image name of the target image can include the adding time of the anti-watermark; correspondingly, the adding time in each image name of the attack tracing device is matched with the leakage time interval, the target adding time in the leakage time interval is obtained, and the target image corresponding to the target adding time is determined as the first target image.

Step S206-44, matching the image to be detected and the acquired first target image, and if the matching is successful, acquiring target access flow data of the access time in the leakage time period from the recorded access flow data of the specified server;

the access flow data may include device information and an access address of the access device; the device information includes, for example, a serial number, a MAC address, and the like of the device.

And step S206-6, performing attack tracing processing according to the target access flow data.

Specifically, the device information and the access address of the corresponding access device are obtained from the target access flow data; and carrying out attack tracing processing according to the equipment information and the access address.

The first target image is obtained by time matching, image matching processing is carried out based on the first target image, and image matching processing is not carried out based on the full amount of target images stored by the server, so that the image matching efficiency can be greatly improved, and the attack tracing efficiency is improved.

Further, in order to implement attack tracing, in one or more embodiments of the present specification, the step S202 may further include the following step S200-2 to step S200-6 before:

step S200-2, acquiring a plurality of third sample images; wherein the third sample image comprises a human face;

step S200-4, performing watermark adding processing on the third sample image based on each watermark adding model respectively to obtain a fourth sample image containing the corresponding type of counter watermark;

and S200-5, performing training processing based on the third sample image and the fourth sample image according to a preset model training mode to obtain a watermark recognition model.

Taking the example of 24 types of anti-watermarks as an example, if the number of the third sample images is denoted as N, 24 × N fourth sample images can be obtained, and the third sample images without anti-watermarks are added to the fourth sample images, which totals 25 types and 25 × N sample images. Dividing the 25 × N sample images into a training set and a verification set, and training the training set based on a preset training mode to obtain an initial watermark recognition model; verifying the initial watermark identification model based on a verification set, and determining the initial watermark identification model as a final watermark identification model if the verification is passed; and if the verification fails, continuing to perform training processing in the manner based on the training set until a final watermark recognition model is obtained. The preset training mode is, for example, training with ResNet50 as the training network and SoftmaxLoss as the loss function. Since the training process of the model is well known to those skilled in the art, the detailed process of the model training will not be described in detail in this specification.

In one or more embodiments of the present description, when an image to be detected including a human face is acquired, if it is determined that the image to be detected is a target image including a counterwatermark, determining a watermark type of the counterwatermark, and performing attack tracing processing based on the watermark type; the target image is an image obtained by performing anti-watermark adding processing on an original image on the basis of a target watermark adding model which is determined to be matched with the acquisition time of the original image in advance. Therefore, because the counterwatermarks of different watermark types correspond to different time periods, the time period of the target image being attacked can be determined based on the watermark types, so that the scope of attack tracing processing is narrowed, the attack tracing is not blindly carried out in a large range, the accuracy of the attack tracing can be improved, and the efficiency of the attack tracing is favorably improved.

On the basis of the same technical concept, corresponding to the above-described method for generating a watermark image based on privacy protection, one or more embodiments of the present specification further provide an apparatus for generating a watermark image based on privacy protection. Fig. 10 is a schematic block diagram illustrating a privacy-protection-based watermark image generation apparatus according to one or more embodiments of the present specification, where as shown in fig. 10, the apparatus includes:

an obtaining module 301, which obtains an original image to be added with a watermark; wherein the original image comprises a human face;

a determining module 302, configured to determine a target watermark adding model that matches the acquisition time of the original image in a plurality of watermark adding models obtained through model training in advance; each watermark adding model is used for adding a corresponding type of counterwatermark to the face;

the adding module 303 performs watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model, so as to prevent personal information from being leaked.

Optionally, the determining module 302 determines the acquisition time of the original image; and the number of the first and second groups,

determining the watermark type of the counter watermark matched with the acquisition time;

according to the watermark type, acquiring a corresponding watermark adding model from a corresponding relation between a preset watermark type and the watermark adding model;

and determining the obtained watermarking model as the target watermarking model.

Optionally, the adding module 303 is configured to input the original image to the target watermarking model; and the number of the first and second groups,

and positioning the original image based on the target watermark adding model to obtain a face area, and adding a counter watermark to the face area to obtain the target image.

Optionally, the apparatus further comprises: a training module;

the training module acquires a plurality of first sample images; wherein the first sample image comprises a human face; and the number of the first and second groups,

and training based on the first sample image according to a preset model training mode to obtain the watermark adding model.

Optionally, the training module adjusts the structure of a preset training network according to a preset adjustment mode, respectively, to obtain a current training network; wherein, the structures of different current training networks are different; and the number of the first and second groups,

and training the current training network based on the first sample image to obtain a watermark adding model of the corresponding type of the counter watermark.

In the watermark image generation device based on privacy protection provided in one or more embodiments of the present specification, when an original image to be watermarked is acquired, a matched target watermark adding model is determined based on acquisition time of the original image, and corresponding types of anti-watermark adding processing are performed on the original image according to the target watermark adding model. Therefore, the target image is obtained by adding the counter watermark to the original image, and the protection of the user privacy data is realized on the basis of not influencing the visual effect of the target image; even if the target image is intercepted by an attacker, the face information in the target image cannot be acquired, and the leakage of personal information is effectively prevented. In addition, because the target watermark adding model is determined based on the acquisition time of the original image, when the intercepted target image issued by an attacker is acquired, attack tracing can be rapidly carried out through operations such as watermark identification and time matching.

It should be noted that, the embodiment of the apparatus for generating a watermark image based on privacy protection in this specification and the embodiment of the method for generating a watermark image based on privacy protection in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the method for generating a watermark image based on privacy protection, and repeated details are not described here again.

Further, on the basis of the same technical concept, one or more embodiments of the present specification further provide an attack tracing apparatus based on privacy protection, corresponding to the attack tracing method based on privacy protection described above. Fig. 11 is a schematic block diagram illustrating an attack tracing apparatus based on privacy protection according to one or more embodiments of the present disclosure, where as shown in fig. 11, the apparatus includes:

an obtaining module 401, which obtains an image to be detected; wherein the image to be detected comprises a human face;

an identification module 402, configured to, if it is determined that the image to be detected is a target image containing a counter watermark, perform identification processing on the counter watermark based on a watermark identification model obtained by performing model training in advance, to obtain a watermark type of the counter watermark; when an original image to be added with a watermark is obtained, the target image is obtained by adding the anti-watermark to the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the obtaining time of the original image; each watermark adding model is used for adding corresponding types of counterwatermarks to the human faces in the original images so as to prevent personal information from being leaked;

and a tracing module 403, performing attack tracing processing according to the watermark type.

Optionally, the recognition module 402 performs face extraction processing on the image to be detected to obtain a first face image; and the number of the first and second groups,

preprocessing the first face image to obtain a second face image;

performing feature extraction processing on the first face image and the second face image based on a pre-trained face recognition model to obtain a first face feature and a second face feature;

and if the difference value between the first face feature and the second face feature is smaller than a preset value, determining that the image to be detected is a target image containing a counterwatermark.

Optionally, the tracing module 403 determines a leakage time period of the image to be detected according to the watermark type; and the number of the first and second groups,

acquiring target access flow data of access time in the leakage time period from recorded access flow data of a specified server; wherein, a plurality of target images are saved in the server;

and carrying out attack tracing processing according to the target access flow data.

Optionally, the apparatus further comprises: a training module;

the training module is used for acquiring a plurality of third sample images; wherein the third sample image comprises a human face; and the number of the first and second groups,

performing watermarking processing on the third sample image based on each watermarking model to obtain a fourth sample image containing a corresponding type of counter watermark;

and training based on the third sample image and the fourth sample image according to a preset model training mode to obtain the watermark recognition model.

When an image to be detected including a face is acquired, if it is determined that the image to be detected is a target image containing an anti-watermark, determining a watermark type of the anti-watermark, and performing attack tracing processing based on the watermark type; the target image is an image obtained by performing anti-watermark adding processing on an original image on the basis of a target watermark adding model which is determined to be matched with the acquisition time of the original image in advance. Therefore, because the counterwatermarks of different watermark types correspond to different time periods, the time period of the target image being attacked can be determined based on the watermark types, so that the scope of attack tracing processing is narrowed, the attack tracing is not blindly carried out in a large range, the accuracy of the attack tracing can be improved, and the efficiency of the attack tracing is favorably improved.

It should be noted that, the embodiment of the attack tracing apparatus based on privacy protection in this specification and the embodiment of the attack tracing method based on privacy protection in this specification are based on the same inventive concept, and therefore specific implementation of this embodiment may refer to implementation of the foregoing corresponding attack tracing method based on privacy protection, and repeated parts are not described again.

Further, corresponding to the above-described method for generating a watermark image based on privacy protection, based on the same technical concept, one or more embodiments of the present specification further provide a device for generating a watermark image based on privacy protection, where the device is configured to execute the above-described method for generating a watermark image based on privacy protection, and fig. 12 is a schematic structural diagram of the device for generating a watermark image based on privacy protection provided by one or more embodiments of the present specification.

As shown in fig. 12, a device for generating a watermark image based on privacy protection may have a relatively large difference due to different configurations or performances, and may include one or more processors 501 and a memory 502, where the memory 502 may store one or more stored applications or data. Memory 502 may be, among other things, transient or persistent storage. The application program stored in memory 502 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in a device for generating a privacy-preserving watermark image. Still further, the processor 501 may be configured to communicate with the memory 502, and execute a series of computer-executable instructions in the memory 502 on a privacy-preserving based watermark image generation device. The privacy-preserving-based watermark image generation apparatus may also include one or more power supplies 503, one or more wired or wireless network interfaces 504, one or more input-output interfaces 505, one or more keyboards 606, and the like.

In a particular embodiment, a privacy-preserving watermark image generation apparatus includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the privacy-preserving watermark image generation apparatus, and the one or more programs configured to be executed by one or more processors include computer-executable instructions for:

acquiring an original image to be added with a watermark; wherein the original image comprises a human face;

determining a target watermark adding model which is matched with the acquisition time of the original image in a plurality of watermark adding models obtained by model training in advance; each watermark adding model is used for adding a corresponding type of counterwatermark to the face;

and performing watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model so as to prevent personal information from being leaked.

Optionally, when executed, the determining a target watermarking model that matches the acquisition time of the original image in a plurality of watermarking models obtained by model training in advance includes:

determining the acquisition time of the original image;

Optionally, when executed, the computer-executable instructions perform watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model, and include:

inputting the original image to the target watermarking model;

Optionally, the computer executable instructions, when executed, further comprise:

acquiring a plurality of first sample images; wherein the first sample image comprises a human face;

Optionally, when executed, the computer-executable instructions perform training processing based on the first sample image according to a preset training mode to obtain the watermark adding model, where the training processing includes:

respectively adjusting the structure of a preset training network according to a preset adjusting mode to obtain a current training network; wherein, the structures of different current training networks are different;

It should be noted that, the embodiment of the generation device for the watermark image based on privacy protection in this specification and the embodiment of the generation method for the watermark image based on privacy protection in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the aforementioned corresponding generation method for the watermark image based on privacy protection, and repeated details are not described again.

Further, corresponding to the above-described attack tracing method based on privacy protection, based on the same technical concept, one or more embodiments of the present specification further provide an attack tracing device based on privacy protection, where the device is configured to execute the above-described attack tracing method based on privacy protection, and fig. 13 is a schematic structural diagram of the attack tracing device based on privacy protection provided by one or more embodiments of the present specification.

As shown in fig. 13, the attack tracing apparatus based on privacy protection may generate a relatively large difference due to different configurations or performances, and may include one or more processors 601 and a memory 602, where one or more storage applications or data may be stored in the memory 602. Wherein the memory 602 may be transient or persistent storage. The application stored in memory 602 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in an attack tracing apparatus based on privacy protection. Still further, the processor 601 may be configured to communicate with the memory 602 to execute a series of computer-executable instructions in the memory 602 on a privacy-based attack tracing device. The privacy protection based attack tracing apparatus may also include one or more power supplies 603, one or more wired or wireless network interfaces 604, one or more input-output interfaces 605, one or more keyboards 606, and the like.

In a particular embodiment, the privacy protection based attack tracing apparatus includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer executable instructions for the privacy protection based attack tracing apparatus, and the one or more programs configured to be executed by the one or more processors include computer executable instructions for:

acquiring an image to be detected; wherein the image to be detected comprises a human face;

if the image to be detected is determined to be the target image containing the counter watermark, identifying the counter watermark based on a watermark identification model obtained by model training in advance to obtain the watermark type of the counter watermark; when an original image to be added with a watermark is obtained, the target image is obtained by adding the anti-watermark to the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the obtaining time of the original image; each watermark adding model is used for adding corresponding types of counterwatermarks to the human faces in the original images so as to prevent personal information from being leaked;

and carrying out attack tracing processing according to the watermark type.

Optionally, the computer executable instructions, when executed, determine that the image to be detected is a target image containing a counter watermark, comprising:

carrying out face extraction processing on the image to be detected to obtain a first face image;

preprocessing the first face image to obtain a second face image;

and if the difference value between the first face feature and the second face feature is larger than a preset value, determining that the image to be detected is a target image containing a counterwatermark.

Optionally, when executed, the computer-executable instructions perform attack tracing processing according to the watermark type, including:

determining the leakage time period of the image to be detected according to the watermark type;

When an image to be detected including a face is obtained, if it is determined that the image to be detected is a target image containing an anti-watermark, determining a watermark type of the anti-watermark, and performing attack tracing processing based on the watermark type; the target image is an image obtained by performing anti-watermark adding processing on an original image on the basis of a target watermark adding model which is determined to be matched with the acquisition time of the original image in advance. Therefore, because the counterwatermarks of different watermark types correspond to different time periods, the time period of the target image being attacked can be determined based on the watermark types, so that the scope of attack tracing processing is narrowed, the attack tracing is not blindly carried out in a large range, the accuracy of the attack tracing can be improved, and the efficiency of the attack tracing is favorably improved.

It should be noted that, the embodiment of the attack tracing device based on privacy protection in this specification and the embodiment of the attack tracing method based on privacy protection in this specification are based on the same inventive concept, and therefore specific implementation of this embodiment may refer to implementation of the foregoing corresponding attack tracing method based on privacy protection, and repeated parts are not described again.

Further, in response to the above-described method for generating a watermark image based on privacy protection, based on the same technical concept, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instructions, where in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, and the like, and when being executed by a processor, the storage medium stores computer-executable instructions capable of implementing the following process:

Optionally, the storage medium stores computer-executable instructions, which when executed by a processor, determine a target watermarking model matching with the acquisition time of the original image from a plurality of watermarking models obtained by model training in advance, and include:

determining the acquisition time of the original image;

Optionally, when executed by a processor, the computer-executable instructions stored in the storage medium perform watermarking on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model, including:

inputting the original image to the target watermarking model;

Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, further comprise:

Optionally, when executed by a processor, the computer-executable instructions stored in the storage medium perform training processing based on the first sample image according to a preset training mode to obtain the watermark adding model, where the training processing includes:

When an original image to be watermarked is acquired, a matched target watermarking model is determined based on the acquisition time of the original image, and corresponding type anti-watermarking adding processing is performed on the original image according to the target watermarking model. Therefore, the target image is obtained by adding the counter watermark to the original image, and the protection of the user privacy data is realized on the basis of not influencing the visual effect of the target image; even if the target image is intercepted by an attacker, the face information in the target image cannot be acquired, and the leakage of personal information is effectively prevented. In addition, because the target watermark adding model is determined based on the acquisition time of the original image, when the intercepted target image issued by an attacker is acquired, attack tracing can be rapidly carried out through operations such as watermark identification and time matching.

Further, corresponding to the attack tracing method based on privacy protection described above, based on the same technical concept, one or more embodiments of the present specification further provide a storage medium for storing computer executable instructions, where in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, and the like, and when being executed by a processor, the storage medium stores the computer executable instructions, and can implement the following processes:

and carrying out attack tracing processing according to the watermark type.

Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, determine that the image to be detected is a target image containing a counter watermark, including:

preprocessing the first face image to obtain a second face image;

Optionally, when executed by a processor, the computer-executable instructions stored in the storage medium perform attack tracing according to the watermark type, including:

When a processor executes computer-executable instructions stored in a storage medium provided in one or more embodiments of the present specification, when an image to be detected including a human face is acquired, if it is determined that the image to be detected is a target image including an anti-watermark, determining a watermark type of the anti-watermark, and performing attack tracing processing based on the watermark type; the target image is an image obtained by performing anti-watermark adding processing on an original image on the basis of a target watermark adding model which is determined to be matched with the acquisition time of the original image in advance. Therefore, because the counterwatermarks of different watermark types correspond to different time periods, the time period of the target image being attacked can be determined based on the watermark types, so that the scope of attack tracing processing is narrowed, the attack tracing is not blindly carried out in a large range, the accuracy of the attack tracing can be improved, and the efficiency of the attack tracing is favorably improved.

It should be noted that, the embodiment of the storage medium in this specification and the embodiment of the attack tracing method based on privacy protection in this specification are based on the same inventive concept, and therefore specific implementation of this embodiment may refer to implementation of the foregoing corresponding attack tracing method based on privacy protection, and repeated parts are not described again.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the units may be implemented in the same software and/or hardware or in multiple software and/or hardware when implementing the embodiments of the present description.

One skilled in the art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is only an example of this document and is not intended to limit this document. Various modifications and changes may occur to those skilled in the art from this document. Any modifications, equivalents, improvements, etc. which come within the spirit and principle of the disclosure are intended to be included within the scope of the claims of this document.

Claims

1. A watermark image generation method based on privacy protection comprises the following steps:

2. The method of claim 1, wherein the determining a target watermarking model matching with the acquisition time of the original image in a plurality of watermarking models obtained by model training in advance comprises:

determining the acquisition time of the original image;

3. The method of claim 1, wherein the watermarking the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model comprises:

inputting the original image to the target watermarking model;

4. The method of claim 1, further comprising:

5. The method according to claim 4, wherein the obtaining the watermark adding model by performing training processing based on the first sample image according to a preset training mode includes:

6. The method of claim 5, wherein the training process based on the first sample image using the current training network to obtain the corresponding type of watermark-countering watermarking model comprises:

inputting the first sample image into the current training network to obtain a second sample image containing the corresponding type of counter watermark;

performing feature extraction processing on the first sample image and the second sample image based on a pre-trained face recognition model to obtain corresponding first image features and second image features;

and training to obtain the corresponding type of watermark adding model for resisting the watermark by taking the similarity between the first sample image and the second sample image as a target, wherein the similarity is greater than a first similarity, and the similarity between the first image characteristic and the second image characteristic is less than a second similarity.

7. The method of claim 1, after obtaining the target image having the counter watermark of the type corresponding to the target watermarking model, further comprising:

sending a storage request to a designated server according to the target image; the storage request is used for requesting the server to store the target image into a specified image library.

8. An attack tracing method based on privacy protection comprises the following steps:

and carrying out attack tracing processing according to the watermark type.

9. The method of claim 8, wherein the determining that the image to be detected is a target image containing a counter watermark comprises:

preprocessing the first face image to obtain a second face image;

10. The method of claim 8, wherein the performing attack tracing according to the watermark type comprises:

11. The method according to claim 10, wherein the obtaining target access traffic data with an access time within the leakage period from the recorded access traffic data of the specified server includes:

acquiring a first target image of the adding time of the counter watermark in the leakage period from a plurality of target images saved by the server;

matching the image to be detected with the acquired first target image;

and if the matching is successful, acquiring target access flow data of the access time in the leakage time period from the recorded access flow data of the server.

12. The method of claim 10, wherein performing attack tracing according to the target access traffic data comprises:

acquiring equipment information and an access address of corresponding access equipment from the target access flow data;

and carrying out attack tracing processing according to the equipment information and the access address.

13. The method of claim 8, further comprising:

acquiring a plurality of third sample images; wherein the third sample image comprises a human face;

14. An apparatus for generating a watermark image based on privacy protection, comprising:

the acquisition module acquires an original image to be added with a watermark; wherein the original image comprises a human face;

the determining module is used for determining a target watermark adding model which is matched with the acquisition time of the original image in a plurality of watermark adding models obtained by model training in advance; each watermark adding model is used for adding a corresponding type of counterwatermark to the face;

and the adding module is used for carrying out watermarking processing on the original image according to the target watermarking model to obtain a target image containing a counter watermark of a type corresponding to the target watermarking model so as to prevent personal information from being leaked.

15. The apparatus of claim 14, wherein the first and second electrodes are disposed on opposite sides of the substrate,

the determining module is used for determining the acquisition time of the original image; and the number of the first and second groups,

16. An attack tracing device based on privacy protection comprises:

the acquisition module acquires an image to be detected; wherein the image to be detected comprises a human face;

the identification module is used for identifying the anti-watermark based on a watermark identification model obtained by performing model training in advance to obtain the watermark type of the anti-watermark if the image to be detected is determined to be the target image containing the anti-watermark; when an original image to be added with a watermark is obtained, the target image is obtained by adding the anti-watermark to the original image based on a target watermark adding model which is determined from a plurality of watermark adding models and is matched with the obtaining time of the original image; each watermark adding model is used for adding corresponding types of counterwatermarks to the human faces in the original images so as to prevent personal information from being leaked;

and the source tracing module is used for carrying out attack source tracing processing according to the watermark type.

17. The apparatus of claim 16, wherein the first and second electrodes are disposed in a common plane,

the identification module is used for carrying out face extraction processing on the image to be detected to obtain a first face image; and the number of the first and second groups,

preprocessing the first face image to obtain a second face image;

18. The device of claim 16

The source tracing module is used for determining the leakage time period of the image to be detected according to the watermark type; and the number of the first and second groups,

19. A privacy protection-based watermark image generation device, comprising:

a processor; and the number of the first and second groups,

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

20. An attack tracing device based on privacy protection comprises:

a processor; and the number of the first and second groups,

and carrying out attack tracing processing according to the watermark type.

21. A storage medium storing computer-executable instructions that when executed by a processor implement the following:

22. A storage medium storing computer-executable instructions that when executed by a processor implement the following:

and carrying out attack tracing processing according to the watermark type.