{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T12:11:18Z","timestamp":1760616678386,"version":"build-2065373602"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T00:00:00Z","timestamp":1758758400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T00:00:00Z","timestamp":1758758400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,10]]},"DOI":"10.1007\/s10207-025-01123-y","type":"journal-article","created":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T00:59:07Z","timestamp":1758761947000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Mitigating black-box membership inference attack using metric mapping"],"prefix":"10.1007","volume":"24","author":[{"given":"Aayush","family":"Yadav","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7111-4908","authenticated-orcid":false,"given":"Sunil","family":"Mane","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,25]]},"reference":[{"key":"1123_CR1","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1016\/j.csbj.2014.11.005","volume":"13","author":"K Konstantina","year":"2015","unstructured":"Konstantina, K., Themis, P.E., Konstantinos, P.E., Michalis, V.K., Dimitrios, I.F.: Machine Learning applications in cancer prognosis and prediction. Computational and Structural Biotechnology Jornal 13, 8\u201317 (2015). https:\/\/doi.org\/10.1016\/j.csbj.2014.11.005","journal-title":"Computational and Structural Biotechnology Jornal"},{"key":"1123_CR2","doi-asserted-by":"publisher","unstructured":"Quing, R., Jelena, F.: Deep Learning for Self-Driving Cars: Chances and Challenges. Proceedings of $$1^{st}$$ International Workshop on Softare Engineering for AI in Autonomous Systems, Gothenburg, Sweden, pp. 35\u201338. (2018). https:\/\/doi.org\/10.1145\/3194085.3194087","DOI":"10.1145\/3194085.3194087"},{"key":"1123_CR3","volume-title":"Membership Inference Attacks Against Machine Learning Models","author":"S Reza","year":"2017","unstructured":"Reza, S., Marco, S., Congzheng, S., Vitaly, S.: Membership Inference Attacks Against Machine Learning Models. IEEE Symposium on Security and Privacy (SP), San Jose, California, USA (2017)"},{"issue":"11s","key":"1123_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3523273","volume":"54","author":"H Hongsheng","year":"2022","unstructured":"Hongsheng, H., Zoran, S., Lichao, S., Gillian, D., Philip, S.Y., Xuyun, Z.: Membership Inference Attacks on Machine Learning: A Survey. ACM Computing Surveys 54(11s), 1\u201337 (2022). https:\/\/doi.org\/10.1145\/3523273","journal-title":"ACM Computing Surveys"},{"key":"1123_CR5","doi-asserted-by":"publisher","unstructured":"Maria, R., Sebastian, G.: A Survey of Privacy Attacks in Machine learning. arXiv. (2021). https:\/\/doi.org\/10.48550\/arXiv.2007.07646","DOI":"10.48550\/arXiv.2007.07646"},{"key":"1123_CR6","unstructured":"Jiaxin, F., Qi, Y., Mohan, Li., Guanqun, Q., Yang, X.: A Survey on Data Poisoning Attacks and Defenses. $$7^{th}$$ IEEE International Conference on Data Science in Cyberspace, Shijiazhuang, China, pp. 1\u20138. (2022)"},{"key":"1123_CR7","doi-asserted-by":"publisher","unstructured":"Mathias, P.M.P., Bal\u00e1zs, P., Dayana, S.: Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model\u2019s Complexity. arXiv. (2021). https:\/\/doi.org\/10.48550\/arXiv.2104.13061","DOI":"10.48550\/arXiv.2104.13061"},{"key":"1123_CR8","first-page":"1322","volume-title":"Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. . ACM SIGSAC Conference on Computer and Communications","author":"F Matt","year":"2015","unstructured":"Matt, F., Somesh, J., Thomas, R.: Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. . ACM SIGSAC Conference on Computer and Communications, pp. 1322\u20131333. Denver, Colorado, USA (2015)"},{"key":"1123_CR9","doi-asserted-by":"publisher","unstructured":"Nicholas, C., Chang, L., \u00dalfar, E., Jernej, K., Dawn, S.: The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks. (2019). https:\/\/doi.org\/10.48550\/arXiv.1802.08232","DOI":"10.48550\/arXiv.1802.08232"},{"key":"1123_CR10","volume-title":"Knock Knock, Who\u2019s There? Membership Inference on Aggregate Location Data. $$25^{th}$$ Network and Distributed System Security Symposium","author":"P Apostolos","year":"2018","unstructured":"Apostolos, P., Carmela, T., Emiliano, D.C.: Knock Knock, Who\u2019s There? Membership Inference on Aggregate Location Data. $$25^{th}$$ Network and Distributed System Security Symposium. Internet Society, San Diego, California, USA (2018)"},{"key":"1123_CR11","first-page":"17","volume-title":"Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. $$23^{rd}$$ USENIX Security Symposium","author":"F Matthew","year":"2014","unstructured":"Matthew, F., Eric, L., Somesh, J., Simon, L., David, P., Thomas, R.: Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. $$23^{rd}$$ USENIX Security Symposium, pp. 17\u201332. USENIX Association, San Diego, California, USA (2014)"},{"key":"1123_CR12","doi-asserted-by":"crossref","unstructured":"Michael, B., Mathias, H., Jun, P., Yang, Z.: walk2friends: Inferring Social Links from Mobility Profiles. ACM SIGSAC Conference on Computer and Communications, Dallas, Texas, USA, pp. 1943-1957. (2017)","DOI":"10.1145\/3133956.3133972"},{"key":"1123_CR13","unstructured":"Umang, G., Dimitris, S., Pradeep, K.L., Paul, M.T., Jos\u00e9, L.A., Greg, V.S.: Membership Inference Attacks on Deep Regression Models for Neuroimaging. Proceedings of Machine Learning Research, Vol. 143, pp. 228-251. (2021). Publisher: PMLR"},{"key":"1123_CR14","unstructured":"Ahmed, S., Yang, Z., Mathias, H., Pascal, B., Mario, F., Michael, B.: ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. Network and Distributed Systems Security Symposium, San Diego, California, USA. (2019). Publisher: The Internet Society"},{"key":"1123_CR15","doi-asserted-by":"publisher","unstructured":"Zhaoxi, Z., Leo Yu, Z., Xufei, Z., Bilal, A., Shengshan, H.: Evaluation Membership Inference Through Adversarial Robustness. The Computer Journal. (2022). https:\/\/doi.org\/10.48550\/arXiv.2205.06986","DOI":"10.48550\/arXiv.2205.06986"},{"key":"1123_CR16","doi-asserted-by":"publisher","unstructured":"Nicholas, C., Steve, C., Milad, N., Shuang, S., Andreas, T., Florian, T.: Membership Inference Attacks From First Principles. arXiv. (2022). https:\/\/doi.org\/10.48550\/arXiv.2112.03570","DOI":"10.48550\/arXiv.2112.03570"},{"key":"1123_CR17","unstructured":"Samuel, Y., Irene, G., Matt, F., Somesh, J.: Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting. IEEE $$31^{st}$$ Computer Security Foundations Symposium, Oxford, United Kingdom. (2018). Publisher: IEEE Computer Society"},{"key":"1123_CR18","doi-asserted-by":"publisher","unstructured":"Shakila, M.T., Dinusha, V., Farhad, F., Dali, K., Zhigang, L., Gioacchino, T.: Data and Model Dependencies of Membership Inference Attacks. arXiv. (2020). https:\/\/doi.org\/10.48550\/arXiv.2002.06856","DOI":"10.48550\/arXiv.2002.06856"},{"key":"1123_CR19","volume-title":"Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries","author":"R Shadi","year":"2019","unstructured":"Shadi, R., Tribhuvanesh, O., Mario, F.: Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries. NuerIPS Workshop on Privacy in Machine Learning, Vancouver, Canada (2019)"},{"key":"1123_CR20","unstructured":"Milad, N., Reza, S., Amir, H.: Comprehensive Privacy Ananlysis of Deep Learning. IEEE Symposium on Security and Privacy, San Francisco, California, USA. (2019). https:\/\/ieeexplore.ieee.org\/document\/8835245"},{"key":"1123_CR21","unstructured":"Christopher, A.C., Florian, T., Nicholas, C., Nicolas, P.: Label-Only Membership Inference Attacks. Proceedings of $$38^{th}$$ International Conference on Machine Learning, Vol. 139, pp. 1964-1974. (2021). Publisher: PMLR"},{"key":"1123_CR22","unstructured":"Md Shamimur R.S., Dima, A.: Membership Inference Attacks: Analysis and Mitigation. IEEE $$19^{th}$$ International Conference on Trust, Security and Privacy in Computing and Communications, Guangzhou, China. (2020)"},{"key":"1123_CR23","first-page":"1929","volume":"15","author":"S Nitish","year":"2014","unstructured":"Nitish, S., Geoffrey, H., Alex, K., Ilya, S., Ruslan, S.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15, 1929\u20131958 (2014)","journal-title":"J. Mach. Learn. Res."},{"key":"1123_CR24","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-018-0124-9","volume":"5","author":"J Priyank","year":"2018","unstructured":"Priyank, J., Manasi, G., Nilay, K.: Differential privacy: its technological prescriptive using big data. Journal of Big Data 5, 15 (2018). https:\/\/doi.org\/10.1186\/s40537-018-0124-9","journal-title":"Journal of Big Data"},{"key":"1123_CR25","first-page":"26","volume":"26","author":"C Junjie","year":"2021","unstructured":"Junjie, C., Wendy, H.W., Xinghua, S.: Differential privacy protection against membership inference attack on machine learning for genomic data. Pac. Symp. Biocomput. 26, 26\u201337 (2021)","journal-title":"Pac. Symp. Biocomput."},{"key":"1123_CR26","doi-asserted-by":"crossref","unstructured":"Mart\u00edn, A., Andy, C., Ian, G., H. Brendan, M., Ilya, M., Kunal, T., Li, Z.: Deep Learning with Differential Privacy. $$23^{rd}$$ ACM Conference on Computer and Communications Security, Vienna, Austria, pp. 308-318. (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"1123_CR27","doi-asserted-by":"crossref","unstructured":"Shuang, S., Kamalika, C., Anand, D.S.: Stochastic gradient descent with differentially private updates. Proceedings of IEEE Global Conference on Signal and Information Processing, Austin, Texas, USA, pp. 245-248. (2013)","DOI":"10.1109\/GlobalSIP.2013.6736861"},{"key":"1123_CR28","doi-asserted-by":"crossref","unstructured":"Virat, S., Amir, H.: Membership Privacy for Machine Learning Models Through Knowledge Transfer. Proceedings of the $$35^{th}$$ AAAI Conference on Artificial Intelligence, pp. 9549\u20139557. (2021). Publisher: AAAI Press","DOI":"10.1609\/aaai.v35i11.17150"},{"key":"1123_CR29","doi-asserted-by":"crossref","unstructured":"Jinyuan, J., Ahmed, S., Michael, B., Yang, Z., Neil, Z.G.: MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples. ACM SIGSAC Conference on Computer and Communication Security, London, United Kingdom, pp. 259\u2013274. (2019)","DOI":"10.1145\/3319535.3363201"},{"key":"1123_CR30","doi-asserted-by":"crossref","unstructured":"Deng, L.: The mnist database of handwritten digit images for machine learning research. IEEE Signal Processing Magzine. 29(6), 141-142 (2012). http:\/\/yann.lecun.com\/exdb\/mnist","DOI":"10.1109\/MSP.2012.2211477"},{"key":"1123_CR31","unstructured":"Alex, K., Vinod, N., Geoffrey, H.: Learning Multiple Layers of Features from Tiny Images. (2009). https:\/\/www.cs.toronto.edu\/~kriz\/learning-features-2009-TR.pdf"},{"key":"1123_CR32","unstructured":"Ronny, K., Barry, B.: Adult Data Set. UCI Machine Learning Repository. (1996). https:\/\/archive.ics.uci.edu\/ml\/datasets\/adult"},{"key":"1123_CR33","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1109\/MSP.2017.2695801","volume":"34","author":"K Soheil","year":"2017","unstructured":"Soheil, K., Serim, P., Matthew, T., Dejan, S., Gustavo, R.: Optimal mass transport: signal processing and machine-learning applications. IEEE Signal Process. Mag. 34, 43\u201359 (2017). https:\/\/doi.org\/10.1109\/MSP.2017.2695801","journal-title":"IEEE Signal Process. Mag."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01123-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01123-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01123-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T11:38:39Z","timestamp":1760614719000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01123-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,25]]},"references-count":33,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,10]]}},"alternative-id":["1123"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01123-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,9,25]]},"assertion":[{"value":"6 March 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 August 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 September 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no potential conflicts of interest to disclose. Furthermore, this research did not involve the participation of humans or animals.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with Ethical Standards"}},{"value":"The authors declare no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}}],"article-number":"214"}}