{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T18:43:50Z","timestamp":1772649830924,"version":"3.50.1"},"reference-count":170,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"11","license":[{"start":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T00:00:00Z","timestamp":1717200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T00:00:00Z","timestamp":1717200000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T00:00:00Z","timestamp":1717200000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Fujian Province Industry\u2013University\u2013Research Collaboration Project","award":["2023H6034"],"award-info":[{"award-number":["2023H6034"]}]},{"name":"Fujian Province Project for Young and Middle-Aged Researchers","award":["JAT220827"],"award-info":[{"award-number":["JAT220827"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2024,6,1]]},"DOI":"10.1109\/jiot.2024.3377730","type":"journal-article","created":{"date-parts":[[2024,3,27]],"date-time":"2024-03-27T19:31:42Z","timestamp":1711567902000},"page":"19232-19255","source":"Crossref","is-referenced-by-count":31,"title":["Unraveling Attacks to Machine-Learning-Based IoT Systems: A Survey and the Open Libraries Behind Them"],"prefix":"10.1109","volume":"11","author":[{"given":"Chao","family":"Liu","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Maryland at Baltimore County, Baltimore, MD, USA"}]},{"given":"Boxi","family":"Chen","sequence":"additional","affiliation":[{"name":"Department of Research, Deep Red Future Technology Company Ltd., Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9873-8331","authenticated-orcid":false,"given":"Wei","family":"Shao","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Eveleigh, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7973-8769","authenticated-orcid":false,"given":"Chris","family":"Zhang","sequence":"additional","affiliation":[{"name":"Department of Mechanical Engineering, University of Saskatchewan, Saskatoon, SK, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5221-7549","authenticated-orcid":false,"given":"Kelvin K. L.","family":"Wong","sequence":"additional","affiliation":[{"name":"Department of Mechanical Engineering, University of Saskatchewan, Saskatoon, SK, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5867-9322","authenticated-orcid":false,"given":"Yi","family":"Zhang","sequence":"additional","affiliation":[{"name":"Machine Intelligence Laboratory, College of Computer Science, Sichuan University, Chengdu, Sichuan, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2994551.2994555"},{"issue":"1","key":"ref2","first-page":"1","article-title":"Convergence of AI, IoT, big data and blockchain: A review","volume":"1","author":"Rabah","year":"2018","journal-title":"Lake Inst. J."},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2010.05.010"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2012.02.016"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-011-0288-5"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2020.3046648"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2019.00130"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TSMC.2022.3220080"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3112737"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TFUZZ.2022.3172991"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2017.16"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICED.2016.7804660"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.3390\/s21113654"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2003.1176986"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SMARTGRID.2010.5622045"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3395352.3402619"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03329-3_13"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01258-8_10"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-39650-5_7"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2006.889687"},{"key":"ref22","article-title":"Adversarial model for offline reinforcement learning","author":"Bhardwaj","year":"2023","journal-title":"arXiv:2302.11048"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-010-5188-5"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2013.57"},{"issue":"8","key":"ref25","first-page":"1","article-title":"Machine learning security and privacy: A survey","volume":"4","author":"Lei","year":"2018","journal-title":"Chin. J. Netw. Inf. Security"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2018.8489592"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00509"},{"key":"ref31","first-page":"1345","article-title":"High accuracy and high fidelity extraction of neural networks","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Jagielski"},{"key":"ref32","first-page":"1","article-title":"Generative adversarial nets","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"27","author":"Goodfellow"},{"key":"ref33","first-page":"1","article-title":"Improved techniques for training GANs","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"29","author":"Salimans"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref35","first-page":"5558","article-title":"White-box vs black-box: Bayes optimal strategies for membership inference","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Sablayrolles"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241142"},{"key":"ref38","article-title":"ML-Leaks: Model and data independent membership inference attacks and defenses on machine learning models","author":"Salem","year":"2018","journal-title":"arXiv:1806.01246"},{"key":"ref39","article-title":"Understanding membership inferences on wellgeneralized learning models","author":"Long","year":"2018","journal-title":"arXiv:1802.04889"},{"key":"ref40","first-page":"1","article-title":"Comprehensive privacy analysis of deep learning","volume-title":"Proc. Proc. IEEE Symp. Security Privacy (SP)","author":"Nasr"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354211"},{"key":"ref42","first-page":"1964","article-title":"Labelonly membership inference attacks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Choquette-Choo"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"ref44","first-page":"2615","article-title":"Systematic evaluation of privacy risks of machine learning models","volume-title":"Proc. 30th USENIX Security Symp. (USENIX Security)","author":"Song"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363201"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24293"},{"key":"ref47","article-title":"Membership inference attacks and defenses in supervised learning via generalization gap","author":"Li","year":"2020","journal-title":"arXiv:2002.12062"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM51629.2021.00129"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1503.02531"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560684"},{"key":"ref51","article-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2013","journal-title":"arXiv:1312.6199"},{"key":"ref52","article-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2014","journal-title":"arXiv:1412.6572"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref54","article-title":"Adversarial machine learning at scale","author":"Kurakin","year":"2016","journal-title":"arXiv:1611.01236"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140448"},{"key":"ref58","article-title":"Detecting adversarial samples from artifacts","author":"Feinman","year":"2017","journal-title":"arXiv:1703.00410"},{"key":"ref59","article-title":"On the (statistical) detection of adversarial examples","author":"Grosse","year":"2017","journal-title":"arXiv:1702.06280"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63387-9_1"},{"key":"ref61","article-title":"On detecting adversarial perturbations","author":"Metzen","year":"2017","journal-title":"arXiv:1702.04267"},{"key":"ref62","article-title":"Feature squeezing: Detecting adversarial examples in deep neural networks","author":"Xu","year":"2017","journal-title":"arXiv:1704.01155"},{"key":"ref63","article-title":"Towards deep learning models resistant to adversarial attacks","author":"Madry","year":"2017","journal-title":"arXiv:1706.06083"},{"key":"ref64","article-title":"Robust convolutional neural networks under adversarial noise","author":"Jin","year":"2015","journal-title":"arXiv:1511.06306"},{"key":"ref65","article-title":"Ensemble adversarial training: Attacks and defenses","author":"Tram\u00e8r","year":"2017","journal-title":"arXiv:1705.07204"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140449"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.485"},{"key":"ref68","first-page":"2137","article-title":"Black-box adversarial attacks with limited queries and information","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Ilyas"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/s10208-015-9296-2"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/TEVC.2019.2890858"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00045"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134606"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-20065-6_10"},{"key":"ref74","article-title":"Queryefficient hard-label black-box attack: An optimization-based approach","author":"Cheng","year":"2018","journal-title":"arXiv:1807.04457"},{"key":"ref75","article-title":"Sign-OPT: A query-efficient hard-label adversarial attack","author":"Cheng","year":"2019","journal-title":"arXiv:1909.10773"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00130"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00847"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.01029"},{"key":"ref79","first-page":"2484","article-title":"Simple black-box adversarial attacks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Guo"},{"key":"ref80","article-title":"Query-efficient meta attack to deep neural networks","author":"Du","year":"2019","journal-title":"arXiv:1906.02398"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2021\/694"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.21105\/joss.02607"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3508398.3511510"},{"key":"ref84","article-title":"Decision-based adversarial attacks: Reliable attacks against black-box machine learning models","author":"Brendel","year":"2017","journal-title":"arXiv:1712.04248"},{"key":"ref85","article-title":"Distributional smoothing with virtual adversarial training","author":"Miyato","year":"2015","journal-title":"arXiv:1507.00677"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00023"},{"key":"ref87","first-page":"17","article-title":"Privacy in pharmacogenetics: An {end-to-end} case study of personalized warfarin dosing","volume-title":"Proc. 23rd USENIX Security Symp. (USENIX Security)","author":"Fredrikson"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"ref89","first-page":"1","article-title":"Deep leakage from gradients","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"32","author":"Zhu"},{"key":"ref90","article-title":"Deep gradient compression: Reducing the communication bandwidth for distributed training","author":"Lin","year":"2017","journal-title":"arXiv:1712.01887"},{"key":"ref91","article-title":"Variance-based gradient compression for efficient distributed deep learning","author":"Tsuzuku","year":"2018","journal-title":"arXiv:1802.06058"},{"key":"ref92","article-title":"Practical secure aggregation for federated learning on user-held data","author":"Bonawitz","year":"2016","journal-title":"arXiv:1611.04482"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2787987"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359824"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00033"},{"key":"ref97","article-title":"R-Gap: Recursive gradient attack on privacy","author":"Zhu","year":"2020","journal-title":"arXiv:2010.07733"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01462"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.01964"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1145\/3559613.3563201"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833677"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354261"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134077"},{"key":"ref104","article-title":"iDLG: Improved deep leakage from gradients","author":"Zhao","year":"2020","journal-title":"arXiv:2001.02610"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2015.071829"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1016\/j.peva.2007.06.014"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pcbi.0030116"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2008.080406"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1145\/1071690.1064222"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/TPWRS.2009.2016528"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813687"},{"key":"ref113","article-title":"Learning differentially private recurrent language models","author":"McMahan","year":"2017","journal-title":"arXiv:1710.06963"},{"key":"ref114","article-title":"Differentially private federated learning: A client level perspective","author":"Geyer","year":"2017","journal-title":"arXiv:1712.07557"},{"key":"ref115","article-title":"Overlearning reveals sensitive attributes","author":"Song","year":"2019","journal-title":"arXiv:1905.11742"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/IHMSC49165.2020.00057"},{"key":"ref117","first-page":"2687","article-title":"Leakage of dataset properties in {multi-party} machine learning","volume-title":"Proc. 30th USENIX Security Symp. (USENIX Security)","author":"Zhang"},{"key":"ref118","first-page":"4961","article-title":"Crypten: Secure multi-party computation meets machine learning","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"34","author":"Knott"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1561\/9781601988195"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020598"},{"key":"ref121","article-title":"Property inference attacks against GANs","author":"Zhou","year":"2021","journal-title":"arXiv:2111.07608"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.5220\/0010555600002998"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484533"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833623"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2022-0121"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1109\/SaTML54575.2023.00018"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1109\/SaTML54575.2023.00019"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485259"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1007\/11787006_1"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516686"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00038"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-28954-6_7"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00020"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"ref136","first-page":"515","article-title":"{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel","volume-title":"Proc. 28th USENIX Security Symp. (USENIX Security)","author":"Batina"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34961-4_44"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1109\/ICCIT.2008.179"},{"key":"ref139","first-page":"2633","article-title":"Extracting training data from large language models","volume-title":"Proc. 30th USENIX Security Symp. (USENIX Security)","author":"Carlini"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3497753"},{"key":"ref141","first-page":"20120","article-title":"Blackbox ripper: Copying black-box models using generative evolutionary algorithms","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Barbalau"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-56877-1_7"},{"key":"ref143","first-page":"12058","article-title":"Dataset inference for self-supervised models","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"35","author":"Dziedzic"},{"key":"ref144","first-page":"1","article-title":"Poison frogs! Targeted clean-label poisoning attacks on neural networks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"31","author":"Shafahi"},{"key":"ref145","article-title":"Poisoning attacks against support vector machines","author":"Biggio","year":"2012","journal-title":"arXiv:1206.6389"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.5555\/3016100.3016102"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"ref148","doi-asserted-by":"publisher","DOI":"10.1145\/358669.358692"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4612-4380-9_35"},{"key":"ref150","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Bhagoji"},{"key":"ref151","first-page":"1605","article-title":"Local model poisoning attacks to Byzantine-robust federated learning","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Fang"},{"key":"ref152","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref153","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24525"},{"key":"ref154","doi-asserted-by":"publisher","DOI":"10.1145\/3447548.3467233"},{"key":"ref155","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE53745.2022.00243"},{"key":"ref156","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.32"},{"key":"ref157","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017","journal-title":"arXiv:1712.05526"},{"key":"ref158","article-title":"Reconstruction of training samples from loss functions","author":"Sannai","year":"2018","journal-title":"arXiv:1805.07337"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00040"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01585"},{"key":"ref161","article-title":"Plug & play attacks: Towards robust and flexible model inversion attacks","author":"Struppek","year":"2022","journal-title":"arXiv:2201.12179"},{"key":"ref162","article-title":"Membership inference attacks against synthetic data through overfitting detection","author":"van Breugel","year":"2023","journal-title":"arXiv:2302.12580"},{"key":"ref163","doi-asserted-by":"publisher","DOI":"10.1145\/3543507.3583359"},{"key":"ref164","doi-asserted-by":"publisher","DOI":"10.1109\/SPW59333.2023.00013"},{"key":"ref165","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.02365"},{"key":"ref166","article-title":"PriSampler: Mitigating property inference of diffusion models","author":"Hu","year":"2023","journal-title":"arXiv:2306.05208"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1145\/3603216.3624964"},{"key":"ref168","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179406"},{"key":"ref169","first-page":"39299","article-title":"Data poisoning attacks against multimodal encoders","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Yang"},{"key":"ref170","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179336"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6488907\/10536937\/10479166.pdf?arnumber=10479166","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,3]],"date-time":"2024-09-03T04:40:49Z","timestamp":1725338449000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10479166\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,1]]},"references-count":170,"journal-issue":{"issue":"11"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2024.3377730","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,1]]}}}