{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:13:17Z","timestamp":1742911997361,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":29,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819708000"},{"type":"electronic","value":"9789819708017"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-0801-7_23","type":"book-chapter","created":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T08:03:04Z","timestamp":1709193784000},"page":"394-410","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Label-Only Membership Inference Attack Against Federated Distillation"],"prefix":"10.1007","author":[{"given":"Xi","family":"Wang","sequence":"first","affiliation":[]},{"given":"Yanchao","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Jiale","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Bing","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,1]]},"reference":[{"key":"23_CR1","unstructured":"Boenisch, F., Dziedzic, A., Schuster, R., Shamsabadi, A.S., Shumailov, I., Papernot, N.: When the curious abandon honesty: federated learning is not private. arXiv preprint arXiv:2112.02918 (2021)"},{"key":"23_CR2","doi-asserted-by":"crossref","unstructured":"Chen, J., Zhang, J., Zhao, Y., Han, H., Zhu, K., Chen, B.: Beyond model-level membership privacy leakage: an adversarial approach in federated learning. In: Proceedings of ICCCN, pp. 1\u20139 (2020)","DOI":"10.1109\/ICCCN49398.2020.9209744"},{"key":"23_CR3","doi-asserted-by":"crossref","unstructured":"Chen, J., Jordan, M.I., Wainwright, M.J.: Hopskipjumpattack: a query-efficient decision-based attack. In: Proceedings of SP, pp. 1277\u20131294 (2020)","DOI":"10.1109\/SP40000.2020.00045"},{"key":"23_CR4","unstructured":"Geiping, J., Bauermeister, H., Dr\u00f6ge, H., Moeller, M.: Inverting gradients-how easy is it to break privacy in federated learning? In: Proceedings of NeurIPS, pp. 16937\u201316947 (2020)"},{"key":"23_CR5","unstructured":"Geyer, R.C., Klein, T., Nabi, M.: Differentially private federated learning: a client level perspective. arXiv preprint arXiv:1712.07557 (2017)"},{"issue":"11","key":"23_CR6","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/3422622","volume":"63","author":"I Goodfellow","year":"2020","unstructured":"Goodfellow, I., et al.: Generative adversarial networks. Commun. ACM 63(11), 139\u2013144 (2020)","journal-title":"Commun. ACM"},{"key":"23_CR7","doi-asserted-by":"publisher","first-page":"1789","DOI":"10.1007\/s11263-021-01453-z","volume":"129","author":"J Gou","year":"2021","unstructured":"Gou, J., Yu, B., Maybank, S.J., Tao, D.: Knowledge distillation: a survey. Int. J. Comput. Vision 129, 1789\u20131819 (2021)","journal-title":"Int. J. Comput. Vision"},{"key":"23_CR8","unstructured":"Hinton, G., Vinyals, O., Dean, J., et al.: Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)"},{"key":"23_CR9","doi-asserted-by":"crossref","unstructured":"Hitaj, B., Ateniese, G., Perez-Cruz, F.: Deep models under the gan: information leakage from collaborative deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 603\u2013618 (2017)","DOI":"10.1145\/3133956.3134012"},{"key":"23_CR10","unstructured":"Jeong, E., Oh, S., Kim, H., Park, J., Bennis, M., Kim, S.L.: Communication-efficient on-device machine learning: Federated distillation and augmentation under non-iid private data. arXiv preprint arXiv:1811.11479 (2018)"},{"key":"23_CR11","unstructured":"Li, D., Wang, J.: Fedmd: Heterogenous federated learning via model distillation. arXiv preprint arXiv:1910.03581 (2019)"},{"key":"23_CR12","doi-asserted-by":"crossref","unstructured":"Li, J., Li, N., Ribeiro, B.: Membership inference attacks and defenses in supervised learning via generalization gap. arXiv preprint arXiv:2002.12062 (2020)","DOI":"10.1145\/3422337.3447836"},{"key":"23_CR13","doi-asserted-by":"crossref","unstructured":"Li, Z., Zhang, Y.: Membership leakage in label-only exposures. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 880\u2013895 (2021)","DOI":"10.1145\/3460120.3484575"},{"key":"23_CR14","unstructured":"Melis, L., Song, C., De Cristofaro, E., Shmatikov, V.: Inference attacks against collaborative learning. arXiv preprint arXiv:1805.04049 (2018)"},{"key":"23_CR15","unstructured":"Mirza, M., Osindero, S.: Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014)"},{"key":"23_CR16","doi-asserted-by":"crossref","unstructured":"Nasr, M., Shokri, R., Houmansadr, A.: Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In: Proceedings of SP, pp. 739\u2013753 (2019)","DOI":"10.1109\/SP.2019.00065"},{"key":"23_CR17","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Membership privacy for machine learning models through knowledge transfer. In: Proceedings of AAAI, pp. 9549\u20139557 (2021)","DOI":"10.1609\/aaai.v35i11.17150"},{"key":"23_CR18","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: Proceedings of SP, pp. 3\u201318 (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"23_CR19","doi-asserted-by":"crossref","unstructured":"Song, L., Shokri, R., Mittal, P.: Privacy risks of securing machine learning models against adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 241\u2013257 (2019)","DOI":"10.1145\/3319535.3354211"},{"key":"23_CR20","doi-asserted-by":"crossref","unstructured":"Sun, J., Li, A., Wang, B., Yang, H., Li, H., Chen, Y.: Provable defense against privacy leakage in federated learning from representation perspective. arXiv preprint arXiv:2012.06043 (2020)","DOI":"10.1109\/CVPR46437.2021.00919"},{"key":"23_CR21","doi-asserted-by":"crossref","unstructured":"Wang, Z., Song, M., Zhang, Z., Song, Y., Wang, Q., Qi, H.: Beyond inferring class representatives: user-level privacy leakage from federated learning. In: Proceedings of INFOCOM, pp. 2512\u20132520 (2019)","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"23_CR22","unstructured":"Xu, W., Fan, H., Li, K., Yang, K.: Efficient batch homomorphic encryption for vertically federated xgboost. arXiv preprint arXiv:2112.04261 (2021)"},{"issue":"2","key":"23_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 10(2), 1\u201319 (2019)","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Yang, Z., Zhao, Y., Zhang, J.: Fd-leaks: Membership inference attacks against federated distillation learning. In: Proceedings of Web and Big Dat, pp. 364\u2013378 (2023)","DOI":"10.1007\/978-3-031-25201-3_28"},{"key":"23_CR25","doi-asserted-by":"crossref","unstructured":"Yeom, S., Giacomelli, I., Fredrikson, M., Jha, S.: Privacy risk in machine learning: Analyzing the connection to overfitting. In: Proceedings of CSF, pp. 268\u2013282 (2018)","DOI":"10.1109\/CSF.2018.00027"},{"key":"23_CR26","doi-asserted-by":"crossref","unstructured":"Yin, H., Mallya, A., Vahdat, A., Alvarez, J.M., Kautz, J., Molchanov, P.: See through gradients: Image batch recovery via gradinversion. In: Proceedings of CVPR, pp. 16337\u201316346 (2021)","DOI":"10.1109\/CVPR46437.2021.01607"},{"key":"23_CR27","unstructured":"Zhao, B., Mopuri, K.R., Bilen, H.: idlg: improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020)"},{"key":"23_CR28","unstructured":"Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., Chandra, V.: Federated learning with non-iid data. arXiv preprint arXiv:1806.00582 (2018)"},{"key":"23_CR29","unstructured":"Zhu, L., Liu, Z., Han, S.: Deep leakage from gradients. In: Proceedings of NeurIPS, pp. 14774\u201314784 (2019)"}],"container-title":["Lecture Notes in Computer Science","Algorithms and Architectures for Parallel Processing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-0801-7_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T08:14:12Z","timestamp":1709194452000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-0801-7_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819708000","9789819708017"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-0801-7_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"1 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICA3PP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Algorithms and Architectures for Parallel Processing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tianjin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 October 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 October 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ica3pp2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/tjutanklab.com\/ica3pp2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Online submission system","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"439","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"145","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}