{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T01:15:08Z","timestamp":1770081308107,"version":"3.49.0"},"publisher-location":"Cham","reference-count":54,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032151193","type":"print"},{"value":"9783032151209","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-15120-9_14","type":"book-chapter","created":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T12:43:25Z","timestamp":1770036205000},"page":"306-324","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Conformal Prediction for\u00a0Offensive Security"],"prefix":"10.1007","author":[{"given":"Giovanni","family":"Cherubin","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,3]]},"reference":[{"key":"14_CR1","unstructured":"The new textsecure: Privacy beyond SMS. https:\/\/signal.org\/blog\/the-new-textsecure\/"},{"key":"14_CR2","unstructured":"Angelopoulos, A.N., Bates, S.: A gentle introduction to conformal prediction and distribution-free uncertainty quantification. arXiv preprint arXiv:2107.07511 (2021)"},{"key":"14_CR3","doi-asserted-by":"crossref","unstructured":"Angelopoulos, A.N., Bates, S., Zrnic, T., Jordan, M.I.: Private prediction sets. Harvard Data Sci. Rev. 4(2) (2022)","DOI":"10.1162\/99608f92.16c71dad"},{"key":"14_CR4","unstructured":"Balinsky, A.D., Krzeminski, D., Balinsky, A.: Conformal prediction for privacy-preserving machine learning. arXiv preprint arXiv:2507.09678 (2025)"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Balle, B., Cherubin, G., Hayes, J.: Reconstructing training data with informed adversaries. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1138\u20131156. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833677"},{"key":"14_CR6","unstructured":"Bao, J., Dang, C., Luo, R., Zhang, H., Zhou, Z.: Enhancing adversarial robustness with conformal prediction: a framework for guaranteed model reliability. arXiv preprint arXiv:2506.07804 (2025)"},{"key":"14_CR7","doi-asserted-by":"publisher","unstructured":"Becker, B., Kohavi, R.: Adult. UCI Machine Learning Repository (1996). https:\/\/doi.org\/10.24432\/C5XW20","DOI":"10.24432\/C5XW20"},{"issue":"2","key":"14_CR8","first-page":"95","volume":"23","author":"L Block","year":"2024","unstructured":"Block, L.: The long history of OSINT. J. Intell. Hist. 23(2), 95\u2013109 (2024)","journal-title":"J. Intell. Hist."},{"key":"14_CR9","doi-asserted-by":"crossref","unstructured":"Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 605\u2013616 (2012)","DOI":"10.1145\/2382196.2382260"},{"key":"14_CR10","doi-asserted-by":"crossref","unstructured":"Carlini, N., Chien, S., Nasr, M., Song, S., Terzis, A., Tramer, F.: Membership inference attacks from first principles. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1897\u20131914. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833649"},{"key":"14_CR11","unstructured":"Carlini, N., et\u00a0al.: Extracting training data from large language models. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 2633\u20132650 (2021)"},{"key":"14_CR12","doi-asserted-by":"crossref","unstructured":"Cherubin, G.: Bayes, not N\u00e4ive: security bounds on website fingerprinting defenses. arXiv preprint arXiv:1702.07707 (2017)","DOI":"10.1515\/popets-2017-0046"},{"key":"14_CR13","unstructured":"Cherubin, G.: Black-box security: measuring black-box information leakage via machine learning. Ph.D. thesis, Royal Holloway, University of London (2019)"},{"key":"14_CR14","unstructured":"Cherubin, G., Baldwin, A., Griffin, J.: Exchangeability martingales for selecting features in anomaly detection. In: Conformal and Probabilistic Prediction and Applications, pp. 157\u2013170. PMLR (2018)"},{"key":"14_CR15","doi-asserted-by":"crossref","unstructured":"Cherubin, G., Chatzikokolakis, K., Palamidessi, C.: F-BLEAU: fast black-box leakage estimation. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 835\u2013852. IEEE (2019)","DOI":"10.1109\/SP.2019.00073"},{"key":"14_CR16","unstructured":"Cherubin, G., Jansen, R., Troncoso, C.: Online website fingerprinting: evaluating website fingerprinting attacks on tor in the real world. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 753\u2013770 (2022)"},{"key":"14_CR17","doi-asserted-by":"crossref","unstructured":"Cherubin, G., Nouretdinov, I.: Hidden Markov models with confidence. In: Symposium on Conformal and Probabilistic Prediction with Applications, pp. 128\u2013144. Springer (2016)","DOI":"10.1007\/978-3-319-33395-3_10"},{"key":"14_CR18","doi-asserted-by":"crossref","unstructured":"Cherubin, G., et al.: Conformal clustering and its application to botnet traffic. In: International Symposium on Statistical Learning and Data Sciences, pp. 313\u2013322. Springer (2015)","DOI":"10.1007\/978-3-319-17091-6_26"},{"key":"14_CR19","unstructured":"Cordier, T., Blot, V., Lacombe, L., Morzadec, T., Capitaine, A., Brunel, N.: Flexible and systematic uncertainty estimation with conformal prediction via the MAPIE library. In: Conformal and Probabilistic Prediction with Applications (2023)"},{"key":"14_CR20","doi-asserted-by":"crossref","unstructured":"Dang, Q.V., Pham, T.H.: Kernel methods for conformal prediction to detect botnets. In: International Conference on Artificial Intelligence on Textile and Apparel, pp. 29\u201341. Springer (2023)","DOI":"10.1007\/978-981-99-8476-3_3"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Deng, X., Li, Q., Xu, K.: Robust and reliable early-stage website fingerprinting attacks via spatial-temporal distribution analysis. In: Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (2024)","DOI":"10.1145\/3658644.3670272"},{"key":"14_CR22","doi-asserted-by":"crossref","unstructured":"Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: 13th USENIX Security Symposium (USENIX Security 04). USENIX Association, San Diego, CA, August 2004. https:\/\/www.usenix.org\/conference\/13th-usenix-security-symposium\/tor-second-generation-onion-router","DOI":"10.21236\/ADA465464"},{"key":"14_CR23","doi-asserted-by":"crossref","unstructured":"Dwork, C.: Differential privacy. In: International Colloquium on Automata, Languages, and Programming, pp. 1\u201312. Springer (2006)","DOI":"10.1007\/11787006_1"},{"key":"14_CR24","doi-asserted-by":"crossref","unstructured":"Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, I still see you: why efficient traffic analysis countermeasures fail. In: 2012 IEEE Symposium on Security and Privacy, pp. 332\u2013346. IEEE (2012)","DOI":"10.1109\/SP.2012.28"},{"key":"14_CR25","unstructured":"Ennadir, S., Alkhatib, A., Bostrom, H., Vazirgiannis, M.: Conformalized adversarial attack detection for graph neural networks. In: Conformal and Probabilistic Prediction with Applications, pp. 311\u2013323. PMLR (2023)"},{"key":"14_CR26","unstructured":"Fedorova, V., Gammerman, A., Nouretdinov, I., Vovk, V.: Plug-in martingales for testing exchangeability on-line. arXiv preprint arXiv:1204.3251 (2012)"},{"key":"14_CR27","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322\u20131333 (2015)","DOI":"10.1145\/2810103.2813677"},{"key":"14_CR28","unstructured":"Gendler, A., Weng, T.W., Daniel, L., Romano, Y.: Adversarially robust conformal prediction. In: International Conference on Learning Representations (2021)"},{"key":"14_CR29","unstructured":"Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 1187\u20131203 (2016)"},{"issue":"2","key":"14_CR30","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/s13389-019-00212-8","volume":"10","author":"B Hettwer","year":"2020","unstructured":"Hettwer, B., Gehrer, S., G\u00fcneysu, T.: Applications of machine learning techniques in side-channel attacks: a survey. J. Cryptogr. Eng. 10(2), 135\u2013162 (2020)","journal-title":"J. Cryptogr. Eng."},{"key":"14_CR31","doi-asserted-by":"crossref","unstructured":"Hilprecht, B., H\u00e4rterich, M., Bernau, D.: Monte Carlo and reconstruction membership inference attacks against generative models. In: Proceedings on Privacy Enhancing Technologies (2019)","DOI":"10.2478\/popets-2019-0067"},{"key":"14_CR32","unstructured":"Holohan, N., Braghin, S., Mac\u00a0Aonghusa, P., Levacher, K.: Diffprivlib: the IBM differential privacy library. ArXiv e-prints 1907.02444 [cs.CR], July 2019"},{"key":"14_CR33","doi-asserted-by":"crossref","unstructured":"Johnson, A., Wacek, C., Jansen, R., Sherr, M., Syverson, P.: Users get routed: traffic correlation on tor by realistic adversaries. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 337\u2013348 (2013)","DOI":"10.1145\/2508859.2516651"},{"key":"14_CR34","unstructured":"Jordaney, R., et al.: Transcend: detecting concept drift in malware classification models. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 625\u2013642 (2017)"},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 263\u2013274 (2014)","DOI":"10.1145\/2660267.2660368"},{"key":"14_CR36","unstructured":"Kang, M., G\u00fcrel, N.M., Li, L., Li, B.: COLEP: certifiably robust learning-reasoning conformal prediction via probabilistic circuits. arXiv preprint arXiv:2403.11348 (2024)"},{"key":"14_CR37","unstructured":"Ke, G., et al.: LightGBM: a highly efficient gradient boosting decision tree. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"14_CR38","unstructured":"Luo, R., Bao, J., Zhou, Z., Dang, C.: Game-theoretic defenses for robust conformal prediction against adversarial attacks in medical imaging. arXiv preprint arXiv:2411.04376 (2024)"},{"key":"14_CR39","doi-asserted-by":"crossref","unstructured":"Messoudi, S., Rousseau, S., Destercke, S.: Deep conformal prediction for robust models. In: International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, pp. 528\u2013540. Springer (2020)","DOI":"10.1007\/978-3-030-50146-4_39"},{"key":"14_CR40","unstructured":"Narayanan, A., Shmatikov, V.: How to break anonymity of the Netflix prize dataset. arXiv preprint cs\/0610105 (2006)"},{"key":"14_CR41","doi-asserted-by":"crossref","unstructured":"Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS, vol.\u00a01, p. 23477 (2016)","DOI":"10.14722\/ndss.2016.23477"},{"key":"14_CR42","doi-asserted-by":"crossref","unstructured":"Papadopoulos, H.: Inductive Conformal Prediction: Theory and Application to Neural Networks. INTECH Open Access Publisher Rijeka (2008)","DOI":"10.5772\/6078"},{"key":"14_CR43","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/3-540-36755-1_29","volume-title":"Machine Learning: ECML 2002","author":"H Papadopoulos","year":"2002","unstructured":"Papadopoulos, H., Proedrou, K., Vovk, V., Gammerman, A.: Inductive confidence machines for regression. In: Elomaa, T., Mannila, H., Toivonen, H. (eds.) ECML 2002. LNCS (LNAI), vol. 2430, pp. 345\u2013356. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-36755-1_29"},{"key":"14_CR44","unstructured":"Romano, Y., Patterson, E., Candes, E.: Conformalized quantile regression. In: Advances in Neural Information Processing Systems, vol. 32 (2019)"},{"key":"14_CR45","doi-asserted-by":"crossref","unstructured":"Salem, A., et al.: SoK: let the privacy games begin! a unified treatment of data inference privacy in machine learning. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 327\u2013345. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179281"},{"key":"14_CR46","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 3\u201318. IEEE (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"14_CR47","doi-asserted-by":"crossref","unstructured":"Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928\u20131943 (2018)","DOI":"10.1145\/3243734.3243768"},{"key":"14_CR48","doi-asserted-by":"crossref","unstructured":"Sirinam, P., Mathews, N., Rahman, M.S., Wright, M.: Triplet fingerprinting: more practical and portable website fingerprinting with N-shot learning. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1131\u20131148 (2019)","DOI":"10.1145\/3319535.3354217"},{"key":"14_CR49","unstructured":"Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: 10th USENIX Security Symposium (USENIX Security 01) (2001)"},{"key":"14_CR50","unstructured":"Vovk, V.: Conditional validity of inductive conformal predictors. In: Asian Conference on Machine Learning, pp. 475\u2013490. PMLR (2012)"},{"key":"14_CR51","unstructured":"Vovk, V., Gammerman, A., Shafer, G.: Algorithmic Learning in a Random World. Springer (2005)"},{"key":"14_CR52","unstructured":"Vovk, V., Nouretdinov, I., Gammerman, A.: Testing exchangeability on-line. In: Proceedings of the 20th International Conference on Machine Learning (ICML-03), pp. 768\u2013775 (2003)"},{"issue":"4","key":"14_CR53","first-page":"195","volume":"7","author":"H Wechsler","year":"2015","unstructured":"Wechsler, H.: Cyberspace security using adversarial learning and conformal prediction. Intell. Inf. Manag. 7(4), 195\u2013222 (2015)","journal-title":"Intell. Inf. Manag."},{"key":"14_CR54","unstructured":"Weiss, R., Ayzenshteyn, D., Mirsky, Y.: What was your prompt? A remote keylogging attack on AI assistants. In: 33rd USENIX Security Symposium (USENIX Security 24), pp. 3367\u20133384 (2024)"}],"container-title":["Lecture Notes in Computer Science","The Importance of Being Learnable"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-15120-9_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T12:43:33Z","timestamp":1770036213000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-15120-9_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032151193","9783032151209"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-15120-9_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"3 February 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}