{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T00:39:09Z","timestamp":1767141549430,"version":"build-2238731810"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,7,9]],"date-time":"2022-07-09T00:00:00Z","timestamp":1657324800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,7,9]],"date-time":"2022-07-09T00:00:00Z","timestamp":1657324800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2023,1]]},"DOI":"10.1007\/s11227-022-04660-8","type":"journal-article","created":{"date-parts":[[2022,7,9]],"date-time":"2022-07-09T13:04:31Z","timestamp":1657371871000},"page":"321-348","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Loss-based differentiation strategy for privacy preserving of social robots"],"prefix":"10.1007","volume":"79","author":[{"given":"Qinglin","family":"Yang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Taiyu","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kaiming","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9776-1441","authenticated-orcid":false,"given":"Junbo","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Han","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chunhua","family":"Su","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,7,9]]},"reference":[{"key":"4660_CR1","doi-asserted-by":"crossref","unstructured":"Ribeiro M, Grolinger K, Capretz MA (2015) Mlaas: machine learning as a service. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE, pp 896\u2013902","DOI":"10.1109\/ICMLA.2015.152"},{"key":"4660_CR2","doi-asserted-by":"crossref","unstructured":"Shokri R, Stronati M, Song C, Shmatikov V (2017) Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, pp 3\u201318","DOI":"10.1109\/SP.2017.41"},{"issue":"3","key":"4660_CR3","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1504\/IJSN.2015.071829","volume":"10","author":"G Ateniese","year":"2015","unstructured":"Ateniese G, Mancini LV, Spognardi A, Villani A, Vitali D, Felici G (2015) Hacking smart machines with smarter ones: how to extract meaningful data from machine learning classifiers. Int J Secur Netw 10(3):137\u2013150","journal-title":"Int J Secur Netw"},{"key":"4660_CR4","doi-asserted-by":"crossref","unstructured":"Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp 1322\u20131333","DOI":"10.1145\/2810103.2813677"},{"key":"4660_CR5","doi-asserted-by":"crossref","unstructured":"Hitaj B, Ateniese G, Perez-Cruz F (2017) Deep models under the gan: information leakage from collaborative deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp 603\u2013618","DOI":"10.1145\/3133956.3134012"},{"key":"4660_CR6","unstructured":"Shokri R, Strobel M, Zick Y (2019) Privacy risks of explaining machine learning models. CoRR abs\/1907.00164"},{"key":"4660_CR7","doi-asserted-by":"publisher","unstructured":"Yeom S, Giacomelli I, Fredrikson M, Jha S (2018) Privacy risk in machine learning: Analyzing the connection to overfitting. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp 268\u2013282. https:\/\/doi.org\/10.1109\/CSF.2018.00027","DOI":"10.1109\/CSF.2018.00027"},{"key":"4660_CR8","doi-asserted-by":"crossref","unstructured":"Song L, Shokri R, Mittal P (2019) Privacy risks of securing machine learning models against adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp 241\u2013257","DOI":"10.1145\/3319535.3354211"},{"key":"4660_CR9","doi-asserted-by":"crossref","unstructured":"Yeom S, Giacomelli I, Fredrikson M, Jha S (2018) Privacy risk in machine learning: analyzing the connection to overfitting. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, pp 268\u2013282","DOI":"10.1109\/CSF.2018.00027"},{"key":"4660_CR10","doi-asserted-by":"crossref","unstructured":"Nasr M, Shokri R, Houmansadr A (2019) Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE, pp 739\u2013753","DOI":"10.1109\/SP.2019.00065"},{"key":"4660_CR11","doi-asserted-by":"crossref","unstructured":"Dinur I, Nissim K (2003) Revealing information while preserving privacy. In: Proceedings of the Twenty-second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp 202\u2013210","DOI":"10.1145\/773153.773173"},{"key":"4660_CR12","doi-asserted-by":"crossref","unstructured":"Abadi M, Chu A, Goodfellow I, McMahan HB, Mironov I, Talwar K, Zhang L (2016) Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp 308\u2013318","DOI":"10.1145\/2976749.2978318"},{"issue":"6248","key":"4660_CR13","doi-asserted-by":"publisher","first-page":"636","DOI":"10.1126\/science.aaa9375","volume":"349","author":"C Dwork","year":"2015","unstructured":"Dwork C, Feldman V, Hardt M, Pitassi T, Reingold O, Roth A (2015) The reusable holdout: preserving validity in adaptive data analysis. Science 349(6248):636\u2013638","journal-title":"Science"},{"key":"4660_CR14","unstructured":"Tople S, Sharma A, Nori A (2020) Alleviating privacy attacks via causal learning. In: International Conference on Machine Learning. PMLR, pp 9537\u20139547"},{"key":"4660_CR15","doi-asserted-by":"crossref","unstructured":"Yu H, Yang K, Zhang T, Tsai Y-Y, Ho T-Y, Jin Y (2020) Cloudleak: large-scale deep learning models stealing through adversarial examples. In: NDSS","DOI":"10.14722\/ndss.2020.24178"},{"key":"4660_CR16","unstructured":"Zhang H, Cisse M, Dauphin YN, Lopez-Paz D (2017) mixup: beyond empirical risk minimization. arXiv preprint arXiv:1710.09412"},{"key":"4660_CR17","unstructured":"Yaghini M, Kulynych B, Cherubin G, Troncoso C (2019) Disparate vulnerability: on the unfairness of privacy attacks against machine learning. arXiv preprint arXiv:1906.00389"},{"key":"4660_CR18","doi-asserted-by":"crossref","unstructured":"Song C, Raghunathan A (2020) Information leakage in embedding models. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp 377\u2013390","DOI":"10.1145\/3372297.3417270"},{"key":"4660_CR19","doi-asserted-by":"crossref","unstructured":"Fioretto F, Mitridati L, Van\u00a0Hentenryck P (2020) Differential privacy for stackelberg games. arXiv preprint arXiv:2002.00944","DOI":"10.24963\/ijcai.2020\/481"},{"key":"4660_CR20","doi-asserted-by":"crossref","unstructured":"Phan N, Vu M, Liu Y, Jin R, Dou D, Wu X, Thai MT (2019) Heterogeneous gaussian mechanism: Preserving differential privacy in deep learning with provable robustness. arXiv preprint arXiv:1906.01444","DOI":"10.24963\/ijcai.2019\/660"},{"key":"4660_CR21","doi-asserted-by":"crossref","unstructured":"Cummings R, Gupta V, Kimpara D, Morgenstern J (2019) On the compatibility of privacy and fairness. In: Adjunct Publication of the 27th Conference on User Modeling, Adaptation and Personalization, pp 309\u2013315","DOI":"10.1145\/3314183.3323847"},{"key":"4660_CR22","unstructured":"Chaudhuri K, Monteleoni C, Sarwate AD (2011) Differentially private empirical risk minimization. J Mach Learn Res 12(3)"},{"key":"4660_CR23","unstructured":"Papernot N, Song S, Mironov I, Raghunathan A, Talwar K, Erlingsson \u00da (2018) Scalable private learning with pate. arXiv preprint arXiv:1802.08908"},{"key":"4660_CR24","unstructured":"Sablayrolles A, Douze M, Schmid C, Ollivier Y, J\u00e9gou H (2019) White-box vs black-box: Bayes optimal strategies for membership inference. In: International Conference on Machine Learning. PMLR, pp 5558\u20135567"},{"key":"4660_CR25","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3127886","author":"Z Wei","year":"2021","unstructured":"Wei Z, Pei Q, Zhang N, Liu X, Wu C, Taherkordi A (2021) Lightweight federated learning for large-scale iot devices with privacy guarantee. IEEE Internet Things J. https:\/\/doi.org\/10.1109\/JIOT.2021.3127886","journal-title":"IEEE Internet Things J"},{"key":"4660_CR26","doi-asserted-by":"crossref","unstructured":"Truex S, Baracaldo N, Anwar A, Steinke T, Ludwig H, Zhang R, Zhou Y (2019) A hybrid approach to privacy-preserving federated learning. In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, pp 1\u201311","DOI":"10.1145\/3338501.3357370"},{"issue":"5","key":"4660_CR27","first-page":"1333","volume":"13","author":"Y Aono","year":"2017","unstructured":"Aono Y, Hayashi T, Wang L, Moriai S et al (2017) Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans Inf Forensics Secur 13(5):1333\u20131345","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"4660_CR28","doi-asserted-by":"crossref","unstructured":"Wang Z., Song M, Zhang Z, Song Y, Wang Q, Qi H (2019) Beyond inferring class representatives: User-level privacy leakage from federated learning. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications. IEEE, pp 2512\u20132520","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"4660_CR29","unstructured":"Zhu L, Liu Z, Han S (2019) Deep leakage from gradients. Advances in Neural Information Processing Systems 32"},{"key":"4660_CR30","doi-asserted-by":"crossref","unstructured":"Shokri R, Shmatikov V (2015) Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp 1310\u20131321","DOI":"10.1145\/2810103.2813687"},{"issue":"1","key":"4660_CR31","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1111\/j.2517-6161.1996.tb02073.x","volume":"58","author":"T Hastie","year":"1996","unstructured":"Hastie T, Tibshirani R (1996) Discriminant analysis by gaussian mixtures. J Royal Stat Soc Series B (Methodol) 58(1):155\u2013176","journal-title":"J Royal Stat Soc Series B (Methodol)"},{"key":"4660_CR32","unstructured":"Long Y, Bindschaedler V, Wang L, Bu D, Wang X, Tang H, Gunter CA, Chen K (2018)Understanding membership inferences on well-generalized learning models. arXiv preprint arXiv:1802.04889"},{"key":"4660_CR33","unstructured":"Leino K, Fredrikson M (2020) Stolen memories: leveraging model memorization for calibrated white-box membership inference. In: 29th $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 20), pp 1605\u20131622"},{"issue":"6","key":"4660_CR34","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1109\/JSAC.2019.2904348","volume":"37","author":"S Wang","year":"2019","unstructured":"Wang S, Tuor T, Salonidis T, Leung KK, Makaya C, He T, Chan K (2019) Adaptive federated learning in resource constrained edge computing systems. IEEE J Sel Areas Commun 37(6):1205\u20131221","journal-title":"IEEE J Sel Areas Commun"},{"key":"4660_CR35","unstructured":"LeCun Y, et al.: Lenet-5, convolutional neural networks. http:\/\/yann.lecun.com\/exdb\/lenet 20(5), 14 (2015)"},{"key":"4660_CR36","unstructured":"Li W (2017) cifar-10-cnn: play deep learning with CIFAR datasets. https:\/\/github.com\/BIGBALLON\/cifar-10-cnn"},{"key":"4660_CR37","unstructured":"Zhu C, Han S, Mao H, Dally WJ (2016) Trained ternary quantization. arXiv preprint arXiv:1612.01064"},{"key":"4660_CR38","unstructured":"Xiao H, Rasul K, Vollgraf R (2017) Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747"},{"key":"4660_CR39","unstructured":"Krizhevsky A (2017) The CIFAR-100 dataset. https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html (Accessed: 2022-01-01)"},{"key":"4660_CR40","doi-asserted-by":"crossref","unstructured":"He Z, Zhang T, Lee RB (2019) Model inversion attacks against collaborative inference. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp 148\u2013162","DOI":"10.1145\/3359789.3359824"},{"key":"4660_CR41","doi-asserted-by":"publisher","unstructured":"Zhao Y, Li M, Lai L, Suda N, Civin D, Chandra V (2018)Federated Learning with Non-IID Data. arXiv . https:\/\/doi.org\/10.48550\/arXiv.1806.00582. https:\/\/arXiv.org\/abs\/1806.00582","DOI":"10.48550\/arXiv.1806.00582"},{"key":"4660_CR42","doi-asserted-by":"publisher","unstructured":"Brun M, Xu Q, Dougherty ER (2008) A criterion for choosing between full-sample and hold-out classifier design. In: 2008 IEEE International Workshop on Genomic Signal Processing and Statistics, pp 1\u20132. https:\/\/doi.org\/10.1109\/GENSIPS.2008.4555662","DOI":"10.1109\/GENSIPS.2008.4555662"}],"updated-by":[{"DOI":"10.1007\/s11227-022-04716-9","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2022,7,18]],"date-time":"2022-07-18T00:00:00Z","timestamp":1658102400000}}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-022-04660-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-022-04660-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-022-04660-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,28]],"date-time":"2024-09-28T17:19:14Z","timestamp":1727543954000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-022-04660-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,9]]},"references-count":42,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1]]}},"alternative-id":["4660"],"URL":"https:\/\/doi.org\/10.1007\/s11227-022-04660-8","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"value":"0920-8542","type":"print"},{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7,9]]},"assertion":[{"value":"2 June 2022","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 July 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 July 2022","order":3,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":4,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A Correction to this paper has been published:","order":5,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1007\/s11227-022-04716-9","URL":"https:\/\/doi.org\/10.1007\/s11227-022-04716-9","order":6,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}]}}