Face image features represent significant user privacy concerns. Face images cannot be privately transferred under existing privacy protection methods, and data across various social networks are unevenly distributed. This paper proposes a method for face image privacy protection based on federated learning and ensemble models. A federated learning model based on distributed data sets was established by means of federated learning. On the client side, a local facial recognition model was obtained by local face data training and used as the input of PcadvGAN to train PcadvGAN for several rounds. On the server side, a parameter aggregator based on a differential evolutionary algorithm was established as the discriminator of PcadvGAN server, and a client facial recognition model was ensembled simultaneously. The discriminator of the PcadvGAN server experienced mutation, crossover, and interaction with the ensemble model to reveal the optimal global weight of the PcadvGAN model. Finally, the global optimal aggregation parameter matrix of PcadvGAN was obtained by calculation. The server and the client shared the global optimal aggregation parameter matrix, enabling each client to generate private face images with high transferability and practicality. Targeted attack and non-targeted attack experiments demonstrated that the proposed method can generate high-quality, transferable, robust, private face images with only minor perturbations more effectively than other existing methods.

人脸图像特征代表了重要的用户隐私问题。在现有的隐私保护方法下，人脸图像无法私下传输，跨各种社交网络的数据分布不均。本文提出了一种基于联邦学习和集成模型的人脸图像隐私保护方法。通过联邦学习建立了基于分布式数据集的联邦学习模型。在客户端，通过局部人脸数据训练得到一个局部人脸识别模型，作为PcadvGAN的输入，对PcadvGAN进行多轮训练。在服务器端，建立了基于差分进化算法的参数聚合器作为PcadvGAN服务器的判别器，同时集成了客户端人脸识别模型。PcadvGAN 服务器的鉴别器经历了变异、交叉和与集成模型的交互，以揭示 PcadvGAN 模型的最佳全局权重。最后通过计算得到PcadvGAN的全局最优聚合参数矩阵。服务端和客户端共享全局最优聚合参数矩阵，使得每个客户端都可以生成具有高迁移性和实用性的私有人脸图像。针对性攻击和非针对性攻击实验表明，所提出的方法可以比其他现有方法更有效地生成高质量、可转移、鲁棒、隐私的人脸图像，并且只有很小的扰动。通过计算得到PcadvGAN的全局最优聚合参数矩阵。服务端和客户端共享全局最优聚合参数矩阵，使得每个客户端都可以生成具有高迁移性和实用性的私有人脸图像。针对性攻击和非针对性攻击实验表明，所提出的方法可以比其他现有方法更有效地生成高质量、可转移、鲁棒、隐私的人脸图像，并且只有很小的扰动。通过计算得到PcadvGAN的全局最优聚合参数矩阵。服务端和客户端共享全局最优聚合参数矩阵，使得每个客户端都可以生成具有高迁移性和实用性的私有人脸图像。有针对性的攻击和无针对性的攻击实验表明，所提出的方法可以比其他现有方法更有效地生成高质量、可转移、鲁棒、隐私的人脸图像，并且只有很小的扰动。