{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T22:53:12Z","timestamp":1742943192796,"version":"3.40.3"},"publisher-location":"Cham","reference-count":18,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030816445"},{"type":"electronic","value":"9783030816452"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81645-2_6","type":"book-chapter","created":{"date-parts":[[2021,7,21]],"date-time":"2021-07-21T21:02:52Z","timestamp":1626901372000},"page":"78-95","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Model Evasion Attacks Against Partially Encrypted Deep Neural Networks in Isolated Execution Environment"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1293-6415","authenticated-orcid":false,"given":"Kota","family":"Yoshida","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9441-3137","authenticated-orcid":false,"given":"Takeshi","family":"Fujino","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,22]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Bhagoji, A.N., He, W., Li, B., Song, D.: Practical black-box attacks on deep neural networks using efficient query mechanisms. In: Proceedings of the European Conference on Computer Vision (ECCV), September 2018","DOI":"10.1007\/978-3-030-01258-8_10"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database, pp. 248\u2013255. Institute of Electrical and Electronics Engineers (IEEE), March 2010","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Dong, Y., et al.: Boosting adversarial attacks with momentum. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 9185\u20139193, October 2017","DOI":"10.1109\/CVPR.2018.00957"},{"key":"6_CR4","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations, ICLR, December 2015"},{"key":"6_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-37682-5_1","volume-title":"Information Security and Cryptology \u2013 ICISC 2012","author":"T Graepel","year":"2013","unstructured":"Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1\u201321. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-37682-5_1"},{"key":"6_CR6","unstructured":"Hanzlik, L., et al.: MLCapsule: guarded offline deployment of machine learning as a service, August 2018"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Huang, Q., Katsman, I., He, H., Gu, Z., Belongie, S., Lim, S.N.: Enhancing adversarial example transferability with an intermediate level attack. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 4732\u20134741, July 2019","DOI":"10.1109\/ICCV.2019.00483"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Inkawhich, N., Wen, W., Li, H.H., Chen, Y.: Feature space perturbations yield more transferable adversarial examples. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, vol. 2019-June, pp. 7059\u20137067. IEEE Computer Society, June 2019","DOI":"10.1109\/CVPR.2019.00723"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: Proceedings - IEEE Symposium on Security and Privacy, pp. 19\u201338. Institute of Electrical and Electronics Engineers Inc., June 2017","DOI":"10.1109\/SP.2017.12"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Narodytska, N., Kasiviswanathan, S.: Simple black-box adversarial attacks on deep neural networks. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, vol. 2017-July, pp. 1310\u20131318, August 2017","DOI":"10.1109\/CVPRW.2017.172"},{"key":"6_CR11","unstructured":"Paszke, A., et al.: PyTorch: An Imperative Style, High-Performance Deep Learning Library. arXiv, December 2019"},{"key":"6_CR12","unstructured":"Sabour, S., Cao, Y., Faghri, F., Fleet, D.J.: Adversarial manipulation of deep representations. In: 4th International Conference on Learning Representations, ICLR 2016 - Conference Track Proceedings, November 2015"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Schl\u00f6gl, A., B\u00f6hme, R.: eNNclave: offline inference with model confidentiality. In: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security. ACM, New York (2020)","DOI":"10.1145\/3411508.3421376"},{"issue":"2","key":"6_CR14","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1587\/transinf.2019INP0002","volume":"103","author":"Y Senzaki","year":"2020","unstructured":"Senzaki, Y., Ohata, S., Matsuura, K.: Simple black-box adversarial examples generation with very few queries. IEICE Trans. Inf. Syst. 103(2), 212\u2013221 (2020)","journal-title":"IEICE Trans. Inf. Syst."},{"key":"6_CR15","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. In: 3rd International Conference on Learning Representations, ICLR 2015 - Conference Track Proceedings, September 2015"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Stallkamp, J., Schlipsing, M., Salmen, J., Igel, C.: Man vs. computer: benchmarking machine learning algorithms for traffic sign recognition. Neural Netw. 32, 323\u2013332 (2012)","DOI":"10.1016\/j.neunet.2012.02.016"},{"key":"6_CR17","unstructured":"Wang, B., et al.: With great training comes great vulnerability: practical attacks against transfer learning. In: USENIX, pp. 1281\u20131297 (2018)"},{"key":"6_CR18","unstructured":"Xie, P., Bilenko, M., Finley, T., Gilad-Bachrach, R., Lauter, K., Naehrig, M.: Crypto-Nets: Neural Networks over Encrypted Data, December 2014"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81645-2_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,7,21]],"date-time":"2021-07-21T21:04:02Z","timestamp":1626901442000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81645-2_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030816445","9783030816452"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81645-2_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"22 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kamakura","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 June 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 June 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"186","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"37","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.89","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7.81","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the COVID-19 pandemic the conference took place virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}