{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T20:28:28Z","timestamp":1743107308967,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":37,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819997848"},{"type":"electronic","value":"9789819997855"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-99-9785-5_17","type":"book-chapter","created":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T18:02:05Z","timestamp":1706983325000},"page":"237-252","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Protecting Bilateral Privacy in\u00a0Machine Learning-as-a-Service: A Differential Privacy Based Defense"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4939-1642","authenticated-orcid":false,"given":"Le","family":"Wang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1784-6091","authenticated-orcid":false,"given":"Haonan","family":"Yan","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8916-6645","authenticated-orcid":false,"given":"Xiaodong","family":"Lin","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3460-6946","authenticated-orcid":false,"given":"Pulei","family":"Xiong","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,2,4]]},"reference":[{"key":"17_CR1","unstructured":"Reinsel, D., Gantz, J., Rydning, J.: Data Age 2025: the evolution of data to life-critical. https:\/\/www.seagate.com\/files\/www-content\/our-story\/trends\/files\/Seagate-WP-DataAge2025-March-2017.pdf. Accessed Aug 2023"},{"key":"17_CR2","unstructured":"mordor intelligence, machine learning as a service (MLaaS) market size & share analysis-growth trends & forecasts (2023\u20132028). https:\/\/www.mordorintelligence.com\/industry-reports\/global-machine-learning-as-a-service-mlaas-market"},{"key":"17_CR3","unstructured":"Amazon marketplace. https:\/\/aws.amazon.com\/marketplace. Accessed Aug 2023"},{"key":"17_CR4","unstructured":"Google cloud AI. https:\/\/cloud.google.com\/solutions\/ai. Accessed Aug 2023"},{"key":"17_CR5","unstructured":"Azure machine learning. https:\/\/azure.microsoft.com\/en-ca\/free\/machine-learning. Accessed Aug 2023"},{"key":"17_CR6","doi-asserted-by":"publisher","first-page":"167425","DOI":"10.1109\/ACCESS.2020.3023084","volume":"8","author":"HC Tanuwidjaja","year":"2020","unstructured":"Tanuwidjaja, H.C., Choi, R., Baek, S., et al.: Privacy-preserving deep learning on machine learning as a service-a comprehensive survey. IEEE Access 8, 167425\u2013167447 (2020)","journal-title":"IEEE Access"},{"issue":"4","key":"17_CR7","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1109\/MSEC.2021.3076443","volume":"19","author":"E De Cristofaro","year":"2021","unstructured":"De Cristofaro, E.: A critical overview of privacy in machine learning. IEEE Secur. Priv. 19(4), 19\u201327 (2021)","journal-title":"IEEE Secur. Priv."},{"key":"17_CR8","doi-asserted-by":"publisher","DOI":"10.3389\/fdata.2020.587139","volume":"3","author":"A Qayyum","year":"2020","unstructured":"Qayyum, A., Ijaz, A., Usama, M., et al.: Securing machine learning in the cloud: a systematic review of cloud machine learning security. Front. Big Data 3, 587139 (2020)","journal-title":"Front. Big Data"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Acar, G., Eubank, C., Englehardt, S., et al.: The web never forgets: persistent tracking mechanisms in the wild. In: Proceedings of the. ACM SIGSAC Conference on Computer and Communications Security, vol. 2014, pp. 674\u2013689 (2014)","DOI":"10.1145\/2660267.2660347"},{"key":"17_CR10","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., et al.: Stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 601\u2013618 (2016)"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Chen, Q., Chai, Z., Wang, Z., et al.: QP-LDP for better global model performance in federated learning. In: 2022 18th International Conference on Mobility, Sensing and Networking (MSN). IEEE, pp. 422\u2013426 (2022)","DOI":"10.1109\/MSN57253.2022.00074"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Chen, Q., Wang, H., Wang, Z., et al.: LLDP: a layer-wise local differential privacy in federated learning. In: 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, pp. 631\u2013637 (2022)","DOI":"10.1109\/TrustCom56396.2022.00091"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322\u20131333 (2015)","DOI":"10.1145\/2810103.2813677"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., et al.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, pp. 3\u201318 (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1310\u20131321 (2015)","DOI":"10.1145\/2810103.2813687"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, pp. 19\u201338 (2017)","DOI":"10.1109\/SP.2017.12"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Hesamifard, E., Takabi, H., Ghasemi, M., et al.: Privacy-preserving machine learning in cloud. In: Proceedings of the 2017 on Cloud Computing Security Workshop, pp. 39\u201343 (2017)","DOI":"10.1145\/3140649.3140655"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Zheng, W., Popa, R.A., Gonzalez, J.E., et al.: Helen: maliciously secure coopetitive learning for linear models. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE, pp. 724\u2013738 (2019)","DOI":"10.1109\/SP.2019.00045"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., et al.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199\u2013212 (2009)","DOI":"10.1145\/1653662.1653687"},{"issue":"05","key":"17_CR20","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1142\/S0218488502001648","volume":"10","author":"L Sweeney","year":"2002","unstructured":"Sweeney, L.: k-anonymity: a model for protecting privacy. Internat. J. Uncertain. Fuzziness Knowl. Based Syst. 10(05), 557\u2013570 (2002)","journal-title":"Internat. J. Uncertain. Fuzziness Knowl. Based Syst."},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Machanavajjhala, A., Kifer, D., Gehrke, J., et al.: L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. (TKDD), 1(1), 3-es (2007)","DOI":"10.1145\/1217299.1217302"},{"key":"17_CR22","doi-asserted-by":"crossref","unstructured":"Ribeiro, M., Grolinger, K., Capretz, M.A.M.: MLaaS: machine learning as a service. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE, pp. 896\u2013902 (2015)","DOI":"10.1109\/ICMLA.2015.152"},{"issue":"5","key":"17_CR23","doi-asserted-by":"publisher","first-page":"3149","DOI":"10.1109\/TDSC.2021.3085988","volume":"19","author":"J Weng","year":"2021","unstructured":"Weng, J., Weng, J., Cai, C., et al.: Golden grain: building a secure and decentralized model marketplace for MLaaS. IEEE Trans. Dependable Secure Comput. 19(5), 3149\u20133167 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"17_CR24","unstructured":"Jagielski, M., Carlini, N., Berthelot, D., et al.: High accuracy and high fidelity extraction of neural networks. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1345\u20131362 (2020)"},{"key":"17_CR25","unstructured":"Hardt, M., Ligett, K., McSherry, F.: A simple and practical algorithm for differentially private data release. In: Advances in Neural Information Processing Systems, vol. 25 (2012)"},{"key":"17_CR26","unstructured":"Gaboardi, M., Arias, E.J.G., Hsu, J., et al.: Dual query: practical private query release for high dimensional data. In: International Conference on Machine Learning. PMLR, pp. 1170\u20131178 (2014)"},{"key":"17_CR27","unstructured":"Vietri, G., Tian, G., Bun, M., et al.: New oracle-efficient algorithms for private synthetic data release. In: International Conference on Machine Learning. PMLR, pp. 9765\u20139774 (2020)"},{"key":"17_CR28","unstructured":"Zhang, Z., Wang, T., Li, N., et al.: PrivSyn: differentially private data synthesis. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 929\u2013946 (2021)"},{"issue":"12","key":"17_CR29","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/MCOM.001.2000196","volume":"58","author":"X Gong","year":"2020","unstructured":"Gong, X., Wang, Q., Chen, Y., et al.: Model extraction attacks and defenses on cloud-based machine learning models. IEEE Commun. Mag. 58(12), 83\u201389 (2020)","journal-title":"IEEE Commun. Mag."},{"key":"17_CR30","doi-asserted-by":"crossref","unstructured":"Lee, T., Edwards, B., Molloy, I., et al.: Defending against neural network model stealing attacks using deceptive perturbations. In: 2019 IEEE Security and Privacy Workshops (SPW). IEEE, pp. 43\u201349 (2019)","DOI":"10.1109\/SPW.2019.00020"},{"key":"17_CR31","unstructured":"Orekondy, T., Schiele, B., Fritz, M.: Prediction poisoning: utility-constrained defenses against model stealing attacks. In: International Conference on Representation Learning (ICLR), vol. 2020 (2020)"},{"key":"17_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-030-29959-0_4","volume-title":"Computer Security \u2013 ESORICS 2019","author":"H Zheng","year":"2019","unstructured":"Zheng, H., Ye, Q., Hu, H., Fang, C., Shi, J.: BDPL: a boundary differentially private layer against machine learning model extraction attacks. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 66\u201383. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-29959-0_4"},{"issue":"4","key":"17_CR33","doi-asserted-by":"publisher","first-page":"2680","DOI":"10.1109\/TDSC.2021.3069258","volume":"19","author":"H Yan","year":"2021","unstructured":"Yan, H., Li, X., Li, H., et al.: Monitoring-based differential privacy mechanism against query flooding-based model extraction attack. IEEE Trans. Dependable Secure Comput. 19(4), 2680\u20132694 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"2","key":"17_CR34","doi-asserted-by":"publisher","first-page":"960","DOI":"10.1109\/TDSC.2022.3144690","volume":"20","author":"X Li","year":"2022","unstructured":"Li, X., Yan, H., Cheng, Z., et al.: Protecting regression models with personalized local differential privacy. IEEE Trans. Dependable Secure Comput. 20(2), 960\u2013974 (2022)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"17_CR35","doi-asserted-by":"crossref","unstructured":"Hardt, M., Rothblum, G.N.: A multiplicative weights mechanism for privacy-preserving data analysis. In: 2010 IEEE 51st Annual Symposium on Foundations of Computer Science. IEEE, pp. 61\u201370 (2010)","DOI":"10.1109\/FOCS.2010.85"},{"issue":"309","key":"17_CR36","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1080\/01621459.1965.10480775","volume":"60","author":"SL Warner","year":"1965","unstructured":"Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63\u201369 (1965)","journal-title":"J. Am. Stat. Assoc."},{"key":"17_CR37","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., Varoquaux, G., Gramfort, A., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825\u20132830 (2011)","journal-title":"J. Mach. Learn. Res."}],"container-title":["Lecture Notes in Computer Science","Artificial Intelligence Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-9785-5_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T18:11:12Z","timestamp":1706983872000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-9785-5_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819997848","9789819997855"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-9785-5_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"4 February 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"AIS&P","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Artificial Intelligence Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ais&p2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/aisp2023","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"115","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23 large model and security workshop papers","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}