{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T18:50:11Z","timestamp":1764874211262,"version":"3.46.0"},"reference-count":62,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100013101","name":"National Research Council","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100013101","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,8,26]]},"DOI":"10.1109\/pst65910.2025.11268888","type":"proceedings-article","created":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T18:40:04Z","timestamp":1764787204000},"page":"1-11","source":"Crossref","is-referenced-by-count":0,"title":["A Generic Framework for Privacy Risk Assessment of Machine Learning Models"],"prefix":"10.1109","author":[{"given":"Le","family":"Wang","sequence":"first","affiliation":[{"name":"University of Guelph,School of Computer Science,Guelph,ON,Canada,N1G 2W1"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sonal","family":"Allana","sequence":"additional","affiliation":[{"name":"University of Guelph,School of Computer Science,Guelph,ON,Canada,N1G 2W1"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaowei","family":"Sun","sequence":"additional","affiliation":[{"name":"York University,School of Information Technology,North York,ON,Canada,M3J 1P3"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liang","family":"Xue","sequence":"additional","affiliation":[{"name":"York University,School of Information Technology,North York,ON,Canada,M3J 1P3"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaodong","family":"Lin","sequence":"additional","affiliation":[{"name":"University of Guelph,School of Computer Science,Guelph,ON,Canada,N1G 2W1"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rozita","family":"Dara","sequence":"additional","affiliation":[{"name":"University of Guelph,School of Computer Science,Guelph,ON,Canada,N1G 2W1"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pulei","family":"Xiong","sequence":"additional","affiliation":[{"name":"1200 Montréal Rd,Ottawa,ON,Canada,K1A 0R6"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jiixd.2024.02.001"},{"key":"ref2","first-page":"2423","article-title":"Property existence inference against generative models","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Wang"},{"key":"ref3","article-title":"Privacy leakage on dnns: A survey of model inversion attacks and defenses","author":"Fang","year":"2024","journal-title":"arXiv preprint arXiv:2402.04013"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3657002"},{"journal-title":"Website","article-title":"Ai act","author":"Union","key":"ref5"},{"author":"of Canada","key":"ref6","article-title":"The artificial intelligence and data act (aida)"},{"key":"ref7","first-page":"9389","article-title":"Just how toxic is data poisoning? a unified benchmark for backdoor and data poisoning attacks","volume-title":"International Conference on Machine Learning.","author":"Schwarzschild"},{"year":"2021","key":"ref8","article-title":"Counterfit"},{"key":"ref9","article-title":"Robustbench: a standardized adversarial robustness benchmark","author":"Croce","year":"2020","journal-title":"arXiv preprint arXiv:2010.09670"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.21105\/joss.02607"},{"key":"ref11","first-page":"7","article-title":"cleverhans v0. 1: an adversarial machine learning library","volume":"1","author":"Goodfellow","year":"2016","journal-title":"arXiv preprint arXiv:1610.00768"},{"key":"ref12","article-title":"Advertorch v0. 1: An adversarial robustness toolbox based on pytorch","author":"Ding","year":"2019","journal-title":"arXiv preprint arXiv:1902.07623"},{"article-title":"Adversarial robustness toolbox v1.0.0","year":"2019","author":"Nicolae","key":"ref13"},{"key":"ref14","article-title":"garak: A framework for security probing large language models","author":"Derczynski","year":"2024","journal-title":"arXiv preprint arXiv:2406.11036"},{"article-title":"Easyjailbreak: A unified framework for jailbreaking large language models","year":"2024","author":"Zhou","key":"ref15"},{"year":"2025","key":"ref16","article-title":"Rebuff: Llm prompt injection detector"},{"first-page":"2025","article-title":"Tensorflow privacy","year":"2025","key":"ref17"},{"article-title":"Privacy meter: An open-source library to audit data privacy in statistical and machine learning algorithms","year":"2020","author":"Shokri","key":"ref18"},{"key":"ref19","article-title":"Privacy risks of general-purpose ai systems: A foundation for investigating practitioner perspectives","author":"Meisenbacher","year":"2024","journal-title":"arXiv preprint arXiv:2407.02027"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3287195"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3624010"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23019"},{"key":"ref24","article-title":"A survey of what to share in federated learning: Perspectives on model utility, privacy leakage, and communication efficiency","author":"Shao","year":"2023","journal-title":"arXiv preprint arXiv:2307.10655"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.001.2000196"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2022.3229593"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2022.3216981"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/PhDEDITS51180.2020.9315305"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/ICC40277.2020.9149181"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MCI.2022.3180883"},{"key":"ref31","article-title":"Constructing a fully homomorphic encryption scheme with the yoneda lemma","author":"Tuy\u00e9ras","year":"2024","journal-title":"arXiv preprint arXiv:2401.13255"},{"key":"ref32","first-page":"4961","article-title":"Crypten: Secure multi-party computation meets machine learning","volume":"34","author":"Knott","year":"2021","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2023-0118"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32009-5_38"},{"article-title":"A survey on secure machine learning","year":"2025","author":"Liao","key":"ref35"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.02.037"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3386901.3388946"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3458864.3466628"},{"key":"ref39","article-title":"Zero-knowledge proof meets machine learning in verifiability: A survey","author":"Xing","year":"2023","journal-title":"arXiv preprint arXiv:2310.14848"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485379"},{"key":"ref41","article-title":"A survey of zero-knowledge proof based verifiable machine learning","author":"Peng","year":"2025","journal-title":"arXiv preprint arXiv:2502.18535"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2022.09.004"},{"article-title":"Towards more accurate and useful data anonymity vulnerability measures","year":"2024","author":"Francis","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3547139"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-97-0407-1_7"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-023-01767-4"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23087"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2024.3379240"},{"key":"ref49","article-title":"Semi-supervised knowledge transfer for deep learning from private training data","author":"Papernot","year":"2016","journal-title":"arXiv preprint arXiv:1610.05755"},{"key":"ref50","first-page":"68","article-title":"Obfuscating decision trees","volume":"2023","author":"Banerjee","year":"2023","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2021.11.005"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2025.3551762"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.001.2000196"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.5555\/2999134.2999257"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241142"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SaTML54575.2023.00018"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00019"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833743"},{"article-title":"Defense against model extraction attack by bayesian active watermarking","volume-title":"Forty-First International Conference on Machine Learning","author":"Wang","key":"ref62"}],"event":{"name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","start":{"date-parts":[[2025,8,26]]},"location":"Fredericton, NB, Canada","end":{"date-parts":[[2025,8,28]]}},"container-title":["2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11268482\/11268814\/11268888.pdf?arnumber=11268888","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T18:35:40Z","timestamp":1764873340000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11268888\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,26]]},"references-count":62,"URL":"https:\/\/doi.org\/10.1109\/pst65910.2025.11268888","relation":{},"subject":[],"published":{"date-parts":[[2025,8,26]]}}}