{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T21:28:50Z","timestamp":1749072530348,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":33,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819997848"},{"type":"electronic","value":"9789819997855"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-99-9785-5_34","type":"book-chapter","created":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T18:02:05Z","timestamp":1706983325000},"page":"483-498","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["MKD: Mutual Knowledge Distillation for\u00a0Membership Privacy Protection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-8551-9611","authenticated-orcid":false,"given":"Sihao","family":"Huang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4651-2131","authenticated-orcid":false,"given":"Zhongxiang","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0243-4993","authenticated-orcid":false,"given":"Jiafu","family":"Yu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9705-4950","authenticated-orcid":false,"given":"Yongde","family":"Tang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1426-2067","authenticated-orcid":false,"given":"Zidan","family":"Luo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3150-5103","authenticated-orcid":false,"given":"Yuan","family":"Rao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,2,4]]},"reference":[{"key":"34_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308\u2013318 (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"34_CR2","unstructured":"Chen, D., Yu, N., Fritz, M.: RelaxLoss: defending membership inference attacks without losing utility. arXiv preprint arXiv:2207.05801 (2022)"},{"key":"34_CR3","doi-asserted-by":"crossref","unstructured":"Chen, J., Wang, W.H., Shi, X.: Differential privacy protection against membership inference attack on machine learning for genomic data. In: BIOCOMPUTING 2021: Proceedings of the Pacific Symposium, pp. 26\u201337. World Scientific (2020)","DOI":"10.1142\/9789811232701_0003"},{"key":"34_CR4","unstructured":"Choquette-Choo, C.A., Tramer, F., Carlini, N., Papernot, N.: Label-only membership inference attacks. In: International Conference on Machine Learning, pp. 1964\u20131974. PMLR (2021)"},{"key":"34_CR5","doi-asserted-by":"crossref","unstructured":"Chowdhary, K., Chowdhary, K.: Natural language processing. In: Fundamentals of Artificial Intelligence, pp. 603\u2013649 (2020)","DOI":"10.1007\/978-81-322-3972-7_19"},{"key":"34_CR6","doi-asserted-by":"crossref","unstructured":"Giraldo, J., Cardenas, A., Kantarcioglu, M., Katz, J.: Adversarial classification under differential privacy. In: Network and Distributed Systems Security (NDSS) Symposium 2020 (2020)","DOI":"10.14722\/ndss.2020.23047"},{"key":"34_CR7","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"34_CR8","doi-asserted-by":"crossref","unstructured":"Hong, Y., An, S., Im, S., Jo, J., Oh, I.: MONICA2: mobile neural voice command assistants towards smaller and smarter. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 36, pp. 13176\u201313178 (2022)","DOI":"10.1609\/aaai.v36i11.21719"},{"key":"34_CR9","doi-asserted-by":"crossref","unstructured":"Hu, H., Salcic, Z., Dobbie, G., Chen, Y., Zhang, X.: EAR: an enhanced adversarial regularization approach against membership inference attacks. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20138. IEEE (2021)","DOI":"10.1109\/IJCNN52387.2021.9534381"},{"key":"34_CR10","doi-asserted-by":"crossref","unstructured":"Huang, G., Liu, Z., Van Der Maaten, L., Weinberger, K.Q.: Densely connected convolutional networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4700\u20134708 (2017)","DOI":"10.1109\/CVPR.2017.243"},{"key":"34_CR11","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1016\/j.ins.2023.01.126","volume":"628","author":"T Huang","year":"2023","unstructured":"Huang, T., Huang, J., Pang, Y., Yan, H.: Smart contract watermarking based on code obfuscation. Inf. Sci. 628, 439\u2013448 (2023)","journal-title":"Inf. Sci."},{"key":"34_CR12","doi-asserted-by":"crossref","unstructured":"Jayaraman, B., Evans, D.: Are attribute inference attacks just imputation? In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 1569\u20131582 (2022)","DOI":"10.1145\/3548606.3560663"},{"key":"34_CR13","doi-asserted-by":"crossref","unstructured":"Jia, J., Salem, A., Backes, M., Zhang, Y., Gong, N.Z.: MemGuard: defending against black-box membership inference attacks via adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 259\u2013274 (2019)","DOI":"10.1145\/3319535.3363201"},{"key":"34_CR14","unstructured":"Kaya, Y., Hong, S., Dumitras, T.: On the effectiveness of regularization against membership inference attacks. arXiv preprint arXiv:2006.05336 (2020)"},{"key":"34_CR15","unstructured":"Krizhevsky, A.: Learning multiple layers of features from tiny images. University of Toronto (2012). http:\/\/www.cs.toronto.edu\/kriz\/cifar.html. Accessed 13 May (2022)"},{"key":"34_CR16","unstructured":"Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems 25 (2012)"},{"key":"34_CR17","unstructured":"Leino, K., Fredrikson, M.: Stolen memories: leveraging model memorization for calibrated $$\\{$$White-Box$$\\}$$ membership inference. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1605\u20131622 (2020)"},{"key":"34_CR18","doi-asserted-by":"publisher","first-page":"6999","DOI":"10.1109\/TNNLS.2021.3084827","volume":"33","author":"Z Li","year":"2021","unstructured":"Li, Z., Liu, F., Yang, W., Peng, S., Zhou, J.: A survey of convolutional neural networks: analysis, applications, and prospects. IEEE Trans. Neural Netw. Learn. Syst. 33, 6999\u20137019 (2021)","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"34_CR19","doi-asserted-by":"crossref","unstructured":"Li, Z., Zhang, Y.: Membership leakage in label-only exposures. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 880\u2013895 (2021)","DOI":"10.1145\/3460120.3484575"},{"key":"34_CR20","doi-asserted-by":"crossref","unstructured":"Nasr, M., Shokri, R., Houmansadr, A.: Machine learning with membership privacy using adversarial regularization. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 634\u2013646 (2018)","DOI":"10.1145\/3243734.3243855"},{"key":"34_CR21","unstructured":"Papernot, N., Song, S., Mironov, I., Raghunathan, A., Talwar, K., Erlingsson, \u00da.: Scalable private learning with pate. arXiv preprint arXiv:1802.08908 (2018)"},{"key":"34_CR22","doi-asserted-by":"crossref","unstructured":"Qin, X., Tan, S., Tang, W., Li, B., Huang, J.: Image steganography based on iterative adversarial perturbations onto a synchronized-directions sub-image. In: ICASSP 2021\u20132021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2705\u20132709. IEEE (2021)","DOI":"10.1109\/ICASSP39728.2021.9414055"},{"key":"34_CR23","unstructured":"Salem, A., Bhattacharya, A., Backes, M., Fritz, M., Zhang, Y.: $$\\{$$Updates-Leak$$\\}$$: Data set inference and reconstruction attacks in online learning. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1291\u20131308 (2020)"},{"key":"34_CR24","doi-asserted-by":"crossref","unstructured":"Salem, A., Zhang, Y., Humbert, M., Berrang, P., Fritz, M., Backes, M.: ML-Leaks: model and data independent membership inference attacks and defenses on machine learning models. arXiv preprint arXiv:1806.01246 (2018)","DOI":"10.14722\/ndss.2019.23119"},{"key":"34_CR25","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: NDSS (2021)","DOI":"10.14722\/ndss.2021.24498"},{"key":"34_CR26","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Membership privacy for machine learning models through knowledge transfer. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 9549\u20139557 (2021)","DOI":"10.1609\/aaai.v35i11.17150"},{"key":"34_CR27","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 3\u201318. IEEE (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"34_CR28","unstructured":"Song, L., Mittal, P.: Systematic evaluation of privacy risks of machine learning models. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 2615\u20132632 (2021)"},{"key":"34_CR29","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/j.neucom.2020.10.081","volume":"429","author":"M Wang","year":"2021","unstructured":"Wang, M., Deng, W.: Deep face recognition: a survey. Neurocomputing 429, 215\u2013244 (2021)","journal-title":"Neurocomputing"},{"issue":"1","key":"34_CR30","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1109\/TETC.2022.3184408","volume":"11","author":"M Xue","year":"2022","unstructured":"Xue, M., et al.: Use the spear as a shield: an adversarial example based privacy-preserving technique against membership inference attacks. IEEE Trans. Emerg. Top. Comput. 11(1), 153\u2013169 (2022)","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"34_CR31","doi-asserted-by":"crossref","unstructured":"Yeom, S., Giacomelli, I., Fredrikson, M., Jha, S.: Privacy risk in machine learning: analyzing the connection to overfitting. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 268\u2013282. IEEE (2018)","DOI":"10.1109\/CSF.2018.00027"},{"issue":"1","key":"34_CR32","doi-asserted-by":"publisher","first-page":"35","DOI":"10.3233\/JCS-191362","volume":"28","author":"S Yeom","year":"2020","unstructured":"Yeom, S., Giacomelli, I., Menaged, A., Fredrikson, M., Jha, S.: Overfitting, robustness, and malicious algorithms: a study of potential causes of privacy risk in machine learning. J. Comput. Secur. 28(1), 35\u201370 (2020)","journal-title":"J. Comput. Secur."},{"issue":"11","key":"34_CR33","doi-asserted-by":"publisher","first-page":"9921","DOI":"10.1002\/int.23021","volume":"37","author":"Z Zhang","year":"2022","unstructured":"Zhang, Z., Lin, G., Ke, L., Peng, S., Hu, L., Yan, H.: KD-GAN: an effective membership inference attacks defence framework. Int. J. Intell. Syst. 37(11), 9921\u20139935 (2022)","journal-title":"Int. J. Intell. Syst."}],"container-title":["Lecture Notes in Computer Science","Artificial Intelligence Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-9785-5_34","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T18:13:33Z","timestamp":1706984013000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-9785-5_34"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819997848","9789819997855"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-9785-5_34","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"4 February 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"AIS&P","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Artificial Intelligence Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ais&p2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/aisp2023","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"115","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23 large model and security workshop papers","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}