{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T23:06:58Z","timestamp":1769728018505,"version":"3.49.0"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030299583","type":"print"},{"value":"9783030299590","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-29959-0_4","type":"book-chapter","created":{"date-parts":[[2019,9,14]],"date-time":"2019-09-14T23:04:10Z","timestamp":1568502250000},"page":"66-83","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":47,"title":["BDPL: A Boundary Differentially Private Layer Against Machine Learning Model Extraction Attacks"],"prefix":"10.1007","author":[{"given":"Huadi","family":"Zheng","sequence":"first","affiliation":[]},{"given":"Qingqing","family":"Ye","sequence":"additional","affiliation":[]},{"given":"Haibo","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Chengfang","family":"Fang","sequence":"additional","affiliation":[]},{"given":"Jie","family":"Shi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,15]]},"reference":[{"key":"4_CR1","unstructured":"Abadi, M., Agarwal, A., Barham, P., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). https:\/\/www.tensorflow.org\/, software available from tensorflow.org"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, pp. 308\u2013318 (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"4_CR3","first-page":"319","volume":"2","author":"D Angluin","year":"1987","unstructured":"Angluin, D.: Queries and concept learning. Mach. Learn. 2, 319\u2013342 (1987)","journal-title":"Mach. Learn."},{"key":"4_CR4","unstructured":"Dua, D., Graff, C.: UCI machine learning repository (2017). http:\/\/archive.ics.uci.edu\/ml"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Duchi, J.C., Jordan, M.I., Wainwright, M.J.: Local privacy and statistical minimax rates. In: IEEE Symposium on Foundations of Computer Science, pp. 429\u2013438 (2013)","DOI":"10.1109\/FOCS.2013.53"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11787006_1","volume-title":"Automata, Languages and Programming","author":"C Dwork","year":"2006","unstructured":"Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1\u201312. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11787006_1"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, pp. 1322\u20131333 (2015)","DOI":"10.1145\/2810103.2813677"},{"key":"4_CR8","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/B978-012370497-9\/50007-X","volume-title":"Digital Design and Computer Architecture","author":"David Money Harris","year":"2007","unstructured":"Harris, D.M., Harris, S.L.: Digital design and computer architecture (2007)"},{"key":"4_CR9","doi-asserted-by":"crossref","unstructured":"Juuti, M., Szyller, S., Dmitrenko, A., Marchal, S., Asokan, N.: Prada: Protecting against DNN model stealing attacks. CoRR abs\/1805.02628 (2018)","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Kesarwani, M., Mukhoty, B., Arya, V., Mehta, S.: Model extraction warning in MLAAS paradigm. In: Annual Computer Security Applications Conference (2018)","DOI":"10.1145\/3274694.3274740"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Lee, J., Kifer, D.: Concentrated differentially private gradient descent with adaptive per-iteration privacy budget. In: ACM SIGKDD Conference on Knowledge Discovery and Data Mining (2018)","DOI":"10.1145\/3219819.3220076"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Lee, T., Edwards, B., Molloy, I., Su, D.: Defending against model stealing attacks using deceptive perturbations. CoRR abs\/1806.00054 (2018)","DOI":"10.1109\/SPW.2019.00020"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Lowd, D., Meek, C.: Adversarial learning. In: Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining. KDD 2005, pp. 641\u2013647. ACM (2005)","DOI":"10.1145\/1081870.1081950"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Oh, S.J., Augustin, M., Schiele, B., Fritz, M.: Towards reverse-engineering black-box neural networks. In: International Conference on Learning Representations (2018)","DOI":"10.1007\/978-3-030-28954-6_7"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Orekondy, T., Schiele, B., Fritz, M.: Knockoff nets: stealing functionality of black-box models. CoRR abs\/1812.02766 (2018)","DOI":"10.1109\/CVPR.2019.00509"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506\u2013519 (2017)","DOI":"10.1145\/3052973.3053009"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Quiring, E., Arp, D., Rieck, K.: Forgotten siblings: Unifying attacks on machine learning and digital watermarking. In: IEEE European Symposium on Security and Privacy (EuroS&P), pp. 488\u2013502 (2018)","DOI":"10.1109\/EuroSP.2018.00041"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Shmatikov, V.: Membership inference attacks against machine learning models. In: IEEE Symposium on Security and Privacy, pp. 3\u201318 (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"4_CR19","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIS. In: Proceedings of the 25th USENIX Conference on Security Symposium, pp. 601\u2013618 (2016)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Valiant, L.G.: A theory of the learnable. In: ACM Symposium on Theory of Computing (1984)","DOI":"10.1145\/800057.808710"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Wang, B., Gong, N.Z.: Stealing hyperparameters in machine learning. In: IEEE Symposium on Security and Privacy, pp. 36\u201352 (2018)","DOI":"10.1109\/SP.2018.00038"},{"issue":"309","key":"4_CR22","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1080\/01621459.1965.10480775","volume":"60","author":"SL Warner","year":"1965","unstructured":"Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63\u201369 (1965)","journal-title":"J. Am. Stat. Assoc."},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers: a case study on PDF malware classifiers. In: Annual Network and Distributed System Security Symposium (2016)","DOI":"10.14722\/ndss.2016.23115"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-29959-0_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:02:49Z","timestamp":1726358569000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-29959-0_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030299583","9783030299590"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-29959-0_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"15 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conf.laas.fr\/esorics\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"344","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"67","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}