{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,20]],"date-time":"2025-07-20T03:48:58Z","timestamp":1752983338286,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031708893"},{"type":"electronic","value":"9783031708909"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70890-9_20","type":"book-chapter","created":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T09:24:24Z","timestamp":1725528264000},"page":"390-409","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Exploiting Internal Randomness for\u00a0Privacy in\u00a0Vertical Federated Learning"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0088-0385","authenticated-orcid":false,"given":"Yulian","family":"Sun","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1663-2622","authenticated-orcid":false,"given":"Li","family":"Duan","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2077-7223","authenticated-orcid":false,"given":"Ricardo","family":"Mendes","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9552-0097","authenticated-orcid":false,"given":"Derui","family":"Zhu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0002-0896-9521","authenticated-orcid":false,"given":"Yue","family":"Xia","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1916-7033","authenticated-orcid":false,"given":"Asja","family":"Fischer","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,6]]},"reference":[{"key":"20_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308\u2013318 (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"20_CR2","unstructured":"Bai, J., Wang, W., Gomes, C.P.: Contrastively disentangled sequential variational autoencoder. In: Advances in Neural Information Processing Systems, vol. 34, pp. 10105\u201310118 (2021)"},{"key":"20_CR3","unstructured":"Bator, M.: Dataset for Sensorless Drive Diagnosis. UCI Machine Learning Repository (2015)"},{"key":"20_CR4","unstructured":"Bernstein, J., Wang, Y.X., Azizzadenesheli, K., Anandkumar, A.: signSGD: compressed optimisation for non-convex problems. In: International Conference on Machine Learning, pp. 560\u2013569. PMLR (2018)"},{"key":"20_CR5","doi-asserted-by":"crossref","unstructured":"Bird, J.J., Faria, D.R., Premebida, C., Ek\u00e1rt, A., Vogiatzis, G.: Look and listen: a multi-modality late fusion approach to scene classification for autonomous machines. In: 2020 IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS), pp. 10380\u201310385. IEEE (2020)","DOI":"10.1109\/IROS45743.2020.9341557"},{"key":"20_CR6","doi-asserted-by":"crossref","unstructured":"Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175\u20131191 (2017)","DOI":"10.1145\/3133956.3133982"},{"key":"20_CR7","unstructured":"Burchard, P., Daoud, A., Dotterrer, D.: Empirical differential privacy. arXiv preprint arXiv:1910.12820 (2019)"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Cohen, G., Afshar, S., Tapson, J., Van\u00a0Schaik, A.: EMNIST: extending MNIST to handwritten letters. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 2921\u20132926. IEEE (2017)","DOI":"10.1109\/IJCNN.2017.7966217"},{"key":"20_CR9","doi-asserted-by":"publisher","DOI":"10.1016\/j.compbiomed.2023.107251","volume":"164","author":"Y Dai","year":"2023","unstructured":"Dai, Y., et al.: Improving adversarial robustness of medical imaging systems via adding global attention noise. Comput. Biol. Med. 164, 107251 (2023)","journal-title":"Comput. Biol. Med."},{"key":"20_CR10","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)"},{"key":"20_CR11","doi-asserted-by":"crossref","unstructured":"Duan, Y.: Privacy without noise. In: Proceedings of the 18th ACM Conference on Information and Knowledge Management, pp. 1517\u20131520 (2009)","DOI":"10.1145\/1645953.1646160"},{"key":"20_CR12","doi-asserted-by":"crossref","unstructured":"Dwork, C., Roth, A., et\u00a0al.: The algorithmic foundations of differential privacy. Found. Trends\u00ae Theor. Comput. Sci. 9(3\u20134), 211\u2013407 (2014)","DOI":"10.1561\/0400000042"},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Erlingsson, \u00da., Feldman, V., Mironov, I., Raghunathan, A., Talwar, K., Thakurta, A.: Amplification by shuffling: From local to central differential privacy via anonymity. In: Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 2468\u20132479. SIAM (2019)","DOI":"10.1137\/1.9781611975482.151"},{"key":"20_CR14","unstructured":"Fu, C., et al.: Label inference attacks against vertical federated learning. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 1397\u20131414 (2022)"},{"key":"20_CR15","unstructured":"Geng, J., et al.: Towards general deep leakage in federated learning. arXiv preprint arXiv:2110.09074 (2021)"},{"key":"20_CR16","doi-asserted-by":"crossref","unstructured":"Grining, K., Klonowski, M.: Towards extending noiseless privacy: dependent data and more practical approach. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 546\u2013560 (2017)","DOI":"10.1145\/3052973.3052992"},{"issue":"2","key":"20_CR17","doi-asserted-by":"publisher","first-page":"263","DOI":"10.2478\/popets-2022-0045","volume":"2022","author":"X Jiang","year":"2022","unstructured":"Jiang, X., Zhou, X., Grossklags, J.: Comprehensive analysis of privacy leakage in vertical federated learning during prediction. Proc. Priv. Enhancing Technol. 2022(2), 263\u2013281 (2022)","journal-title":"Proc. Priv. Enhancing Technol."},{"issue":"1\u20132","key":"20_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1561\/2200000083","volume":"14","author":"P Kairouz","year":"2021","unstructured":"Kairouz, P., et al.: Advances and open problems in federated learning. Found. Trends Mach. Learn. 14(1\u20132), 1\u2013210 (2021)","journal-title":"Found. Trends Mach. Learn."},{"key":"20_CR19","unstructured":"Kingma, D.P., Welling, M.: Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013)"},{"key":"20_CR20","unstructured":"Knott, B., Venkataraman, S., Hannun, A., Sengupta, S., Ibrahim, M., van der Maaten, L.: Crypten: secure multi-party computation meets machine learning. In: Advances in Neural Information Processing Systems, vol. 34, pp. 4961\u20134973 (2021)"},{"key":"20_CR21","doi-asserted-by":"crossref","unstructured":"Koker, T., Mireshghallah, F., Titcombe, T., Kaissis, G.: U-noise: learnable noise masks for interpretable image segmentation. In: 2021 IEEE International Conference on Image Processing (ICIP), pp. 394\u2013398. IEEE (2021)","DOI":"10.1109\/ICIP42928.2021.9506345"},{"key":"20_CR22","unstructured":"Criteo dataset (2021). https:\/\/labs.criteo.com\/2014\/02\/download-kaggle-display-advertising-challenge-dataset\/"},{"key":"20_CR23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-981-99-8721-4_10","volume-title":"ASIACRYPT 2023","author":"H Li","year":"2023","unstructured":"Li, H., Lin, H., Polychroniadou, A., Tessaro, S.: LERNA: secure single-server aggregation via key-homomorphic masking. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT 2023. LNCS, vol. 14438, pp. 302\u2013334. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-981-99-8721-4_10"},{"key":"20_CR24","doi-asserted-by":"publisher","unstructured":"Li, X., et al.: Opboost: a vertical federated tree boosting framework based on order-preserving desensitization. Proc. VLDB Endow. 16(2), 202\u2013215 (2022). https:\/\/doi.org\/10.14778\/3565816.3565823","DOI":"10.14778\/3565816.3565823"},{"key":"20_CR25","unstructured":"Liu, Y., et al.: Vertical federated learning. arXiv preprint arXiv:2211.12814 (2022)"},{"key":"20_CR26","doi-asserted-by":"crossref","unstructured":"Luo, X., Wu, Y., Xiao, X., Ooi, B.C.: Feature inference attack on model predictions in vertical federated learning. In: 2021 IEEE 37th International Conference on Data Engineering (ICDE), pp. 181\u2013192. IEEE (2021)","DOI":"10.1109\/ICDE51399.2021.00023"},{"key":"20_CR27","doi-asserted-by":"crossref","unstructured":"Neumeier, M., Botsch, M., Tollk\u00fchn, A., Berberich, T.: Variational autoencoder-based vehicle trajectory prediction with an interpretable latent space. In: 2021 IEEE International Intelligent Transportation Systems Conference (ITSC), pp. 820\u2013827. IEEE (2021)","DOI":"10.1109\/ITSC48978.2021.9565120"},{"key":"20_CR28","doi-asserted-by":"crossref","unstructured":"Orekondy, T., Schiele, B., Fritz, M.: Knockoff nets: stealing functionality of black-box models. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4954\u20134963 (2019)","DOI":"10.1109\/CVPR.2019.00509"},{"issue":"3","key":"20_CR29","doi-asserted-by":"publisher","first-page":"819","DOI":"10.2298\/CSIS190923022O","volume":"17","author":"W Ou","year":"2020","unstructured":"Ou, W., Zeng, J., Guo, Z., Yan, W., Liu, D., Fuentes, S.: A homomorphic-encryption-based vertical federated learning scheme for rick management. Comput. Sci. Inf. Syst. 17(3), 819\u2013834 (2020)","journal-title":"Comput. Sci. Inf. Syst."},{"key":"20_CR30","unstructured":"Ranbaduge, T., Ding, M.: Differentially private vertical federated learning. arXiv preprint arXiv:2211.06782 (2022)"},{"key":"20_CR31","doi-asserted-by":"crossref","unstructured":"Scheliga, D., M\u00e4der, P., Seeland, M.: Precode-a generic model extension to prevent deep gradient leakage. In: Proceedings of the IEEE\/CVF Winter Conference on Applications of Computer Vision, pp. 1849\u20131858 (2022)","DOI":"10.1109\/WACV51458.2022.00366"},{"key":"20_CR32","doi-asserted-by":"crossref","unstructured":"Seif, M., Tandon, R., Li, M.: Wireless federated learning with local differential privacy. In: 2020 IEEE International Symposium on Information Theory (ISIT), pp. 2604\u20132609. IEEE (2020)","DOI":"10.1109\/ISIT44484.2020.9174426"},{"key":"20_CR33","unstructured":"Shridhar, K., Laumann, F., Liwicki, M.: A comprehensive guide to Bayesian convolutional neural network with variational inference. arXiv preprint arXiv:1901.02731 (2019)"},{"key":"20_CR34","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)"},{"key":"20_CR35","doi-asserted-by":"crossref","unstructured":"Truex, S., Liu, L., Chow, K.H., Gursoy, M.E., Wei, W.: LDP-fed: federated learning with local differential privacy. In: Proceedings of the Third ACM International Workshop on Edge Systems, Analytics and Networking, pp. 61\u201366 (2020)","DOI":"10.1145\/3378679.3394533"},{"key":"20_CR36","doi-asserted-by":"crossref","unstructured":"Yang, C., Wang, X., Mao, S.: Autotag: recurrent variational autoencoder for unsupervised apnea detection with RFID tags. In: 2018 IEEE Global Communications Conference (GLOBECOM), pp.\u00a01\u20137. IEEE (2018)","DOI":"10.1109\/GLOCOM.2018.8648073"},{"key":"20_CR37","doi-asserted-by":"crossref","unstructured":"Yang, J., Shi, R., Ni, B.: Medmnist classification decathlon: a lightweight automl benchmark for medical image analysis. In: IEEE 18th International Symposium on Biomedical Imaging (ISBI), pp. 191\u2013195 (2021)","DOI":"10.1109\/ISBI48211.2021.9434062"},{"issue":"2","key":"20_CR38","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 10(2), 1\u201319 (2019)","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"},{"key":"20_CR39","unstructured":"Zhang, X., Zhao, J., LeCun, Y.: Character-level convolutional networks for text classification. In: Advances in Neural Information Processing Systems, vol. 28 (2015)"},{"key":"20_CR40","unstructured":"Zhu, L., Liu, Z., Han, S.: Deep leakage from gradients. In: Advances in Neural Information Processing Systems, vol. 32 (2019)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70890-9_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T09:28:50Z","timestamp":1725528530000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70890-9_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031708893","9783031708909"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70890-9_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"6 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}