{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T01:53:25Z","timestamp":1743040405708,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031757563"},{"type":"electronic","value":"9783031757570"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75757-0_6","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"107-126","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Optimizing Label-Only Membership Inference Attacks by\u00a0Global Relative Decision Boundary Distances"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-8323-8255","authenticated-orcid":false,"given":"Jiacheng","family":"Xu","sequence":"first","affiliation":[]},{"given":"Jianpeng","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Chunqing","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Chengxiang","family":"Tan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Balle, B., Cherubin, G., Hayes, J.: Reconstructing training data with informed adversaries. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1138\u20131156. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833677"},{"issue":"1","key":"6_CR2","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1111\/1475-6765.12392","volume":"60","author":"J Beltran","year":"2021","unstructured":"Beltran, J., Gallego, A., Huidobro, A., Romero, E., Padr\u00f3, L.: Male and female politicians on twitter: a machine learning approach. Eur. J. Polit. Res. 60(1), 239\u2013251 (2021)","journal-title":"Eur. J. Polit. Res."},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Cardaioli, M., Kaliyar, P., Capuozzo, P., Conti, M., Sartori, G., Monaro, M.: Predicting twitter users\u2019 political orientation: an application to the Italian political scenario. In: 2020 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 159\u2013165. IEEE (2020)","DOI":"10.1109\/ASONAM49781.2020.9381470"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Carlini, N., Chien, S., Nasr, M., Song, S., Terzis, A., Tramer, F.: Membership inference attacks from first principles. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1897\u20131914. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833649"},{"key":"6_CR5","unstructured":"Chaudhari, H., Severi, G., Oprea, A., Ullman, J.: Chameleon: increasing label-only membership leakage with adaptive poisoning. arXiv preprint arXiv:2310.03838 (2023)"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Chen, J., Jordan, M.I., Wainwright, M.J.: Hopskipjumpattack: a query-efficient decision-based attack. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1277\u20131294. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00045"},{"key":"6_CR7","unstructured":"Choquette-Choo, C.A., Tramer, F., Carlini, N., Papernot, N.: Label-only membership inference attacks. In: International Conference on Machine Learning, pp. 1964\u20131974. PMLR (2021)"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Dealcala, D., Mancera, G., Morales, A., Fierrez, J., Tolosana, R., Ortega-Garcia, J.: A comprehensive analysis of factors impacting membership inference. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 3585\u20133593 (2024)","DOI":"10.1109\/CVPRW63382.2024.00362"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Del\u00a0Grosso, G., Jalalzai, H., Pichler, G., Palamidessi, C., Piantanida, P.: Leveraging adversarial examples to quantify membership information leakage. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 10399\u201310409 (2022)","DOI":"10.1109\/CVPR52688.2022.01015"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Dionysiou, A., Athanasopoulos, E.: SoK: membership inference is harder than previously thought. In: Proceedings on Privacy Enhancing Technologies (2023)","DOI":"10.56553\/popets-2023-0082"},{"key":"6_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11787006_1","volume-title":"Automata, Languages and Programming","author":"C Dwork","year":"2006","unstructured":"Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1\u201312. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11787006_1"},{"issue":"7","key":"6_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3464423","volume":"54","author":"T Fernando","year":"2021","unstructured":"Fernando, T., Gammulle, H., Denman, S., Sridharan, S., Fookes, C.: Deep learning for medical anomaly detection-a survey. ACM Comput. Surv. (CSUR) 54(7), 1\u201337 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"6_CR14","unstructured":"Hu, S., Yu, T., Guo, C., Chao, W.L., Weinberger, K.Q.: A new defense against adversarial images: turning a weakness into a strength. In: Advances in Neural Information Processing Systems, vol. 32 (2019)"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Jayaraman, B., Wang, L., Knipmeyer, K., Gu, Q., Evans, D.: Revisiting membership inference under realistic assumptions. In: Proceedings on Privacy Enhancing Technologies, vol. 2021, no. 2 (2021)","DOI":"10.2478\/popets-2021-0031"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Jia, J., Salem, A., Backes, M., Zhang, Y., Gong, N.Z.: Memguard: defending against black-box membership inference attacks via adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 259\u2013274 (2019)","DOI":"10.1145\/3319535.3363201"},{"key":"6_CR17","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images. In: Handbook of Systemic Autoimmune Diseases, vol. 1, no. 4 (2009)"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Li, H., Xu, X., Zhang, X., Yang, S., Li, B.: Qeba: query-efficient boundary-based blackbox attack. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 1221\u20131230 (2020)","DOI":"10.1109\/CVPR42600.2020.00130"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Li, Z., Zhang, Y.: Membership leakage in label-only exposures. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 880\u2013895 (2021)","DOI":"10.1145\/3460120.3484575"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Liu, Y., Zhao, Z., Backes, M., Zhang, Y.: Membership inference attacks by exploiting loss trajectory. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2085\u20132098 (2022)","DOI":"10.1145\/3548606.3560684"},{"key":"6_CR21","unstructured":"Mehnaz, S., et al.: Are your sensitive attributes private? Novel model inversion attribute inference attacks on classification models. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 4579\u20134596 (2022)"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Nasr, M., Shokri, R., Houmansadr, A.: Machine learning with membership privacy using adversarial regularization. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 634\u2013646 (2018)","DOI":"10.1145\/3243734.3243855"},{"key":"6_CR23","unstructured":"Niu, J., et al.: SoK: comparing different membership inference attacks with a comprehensive benchmark. arXiv preprint arXiv:2307.06123 (2023)"},{"key":"6_CR24","unstructured":"Noorbakhsh, S.L., Zhang, B., Hong, Y., Wang, B.: Inf2guard: an information-theoretic framework for learning privacy-preserving representations against inference attacks. In: USENIX Security (2024)"},{"key":"6_CR25","unstructured":"Peng, Y., Roh, J., Maji, S., Houmansadr, A.: Oslo: one-shot label-only membership inference attacks. arXiv preprint arXiv:2405.16978 (2024)"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Rezaei, S., Liu, X.: On the difficulty of membership inference attacks. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 7892\u20137900 (2021)","DOI":"10.1109\/CVPR46437.2021.00780"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Sagala, N.T.: Comparative analysis of grid-based decision tree and support vector machine for crime category prediction. In: 2021 International Seminar on Machine Learning, Optimization, and Data Science (ISMODE), pp. 184\u2013188. IEEE (2022)","DOI":"10.1109\/ISMODE53584.2022.9743082"},{"key":"6_CR28","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 3\u201318. IEEE (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"6_CR29","unstructured":"Song, C., Shmatikov, V.: Overlearning reveals sensitive attributes. In: 8th International Conference on Learning Representations, ICLR 2020 (2020)"},{"key":"6_CR30","unstructured":"Tanay, T., Griffin, L.: A boundary tilting persepective on the phenomenon of adversarial examples. arXiv preprint arXiv:1608.07690 (2016)"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Tian, S., Yang, G., Cai, Y.: Detecting adversarial examples through image transformation. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a032 (2018)","DOI":"10.1609\/aaai.v32i1.11828"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Tram\u00e8r, F., et al.: Truth serum: poisoning machine learning models to reveal their secrets. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2779\u20132792 (2022)","DOI":"10.1145\/3548606.3560554"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Vo, V.Q., Abbasnejad, E., Ranasinghe, D.C.: Ramboattack: a robust query efficient deep neural network decision exploit. arXiv preprint arXiv:2112.05282 (2021)","DOI":"10.14722\/ndss.2022.24200"},{"key":"6_CR34","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-031-20065-6_10","volume-title":"ECCV 2022","author":"X Wang","year":"2022","unstructured":"Wang, X., et al.: Triangle attack: a query-efficient decision-based adversarial attack. In: Avidan, S., Brostow, G., Ciss\u00e9, M., Farinella, G.M., Hassner, T. (eds.) ECCV 2022. LNCS, vol. 13665, pp. 156\u2013174. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-20065-6_10"},{"key":"6_CR35","unstructured":"Watson, L., Guo, C., Cormode, G., Sablayrolles, A.: On the Importance of Difficulty Calibration in Membership Inference Attacks (2021)"},{"issue":"1","key":"6_CR36","first-page":"56","volume":"26","author":"J Wexler","year":"2019","unstructured":"Wexler, J., Pushkarna, M., Bolukbasi, T., Wattenberg, M., Vi\u00e9gas, F., Wilson, J.: The what-if tool: interactive probing of machine learning models. IEEE Trans. Visual Comput. Graphics 26(1), 56\u201365 (2019)","journal-title":"IEEE Trans. Visual Comput. Graphics"},{"key":"6_CR37","unstructured":"WU, Y., Qiu, H., Guo, S., Li, J., Zhang, T.: You only query once: an efficient label-only membership inference attack. In: The Twelfth International Conference on Learning Representations (2023)"},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Ye, J., Maddi, A., Murakonda, S.K., Bindschaedler, V., Shokri, R.: Enhanced membership inference attacks against machine learning models. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 3093\u20133106 (2022)","DOI":"10.1145\/3548606.3560675"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Yeom, S., Giacomelli, I., Fredrikson, M., Jha, S.: Privacy risk in machine learning: analyzing the connection to overfitting. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 268\u2013282. IEEE (2018)","DOI":"10.1109\/CSF.2018.00027"},{"issue":"1","key":"6_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3477600","volume":"55","author":"C Yu","year":"2021","unstructured":"Yu, C., Liu, J., Nemati, S., Yin, G.: Reinforcement learning in healthcare: a survey. ACM Comput. Surv. (CSUR) 55(1), 1\u201336 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75757-0_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:04:05Z","timestamp":1729595045000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75757-0_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757563","9783031757570"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75757-0_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}