{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:06:25Z","timestamp":1775815585226,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100011030","name":"U.S. Department of Energy","doi-asserted-by":"publisher","award":["DE-OE0000780"],"award-info":[{"award-number":["DE-OE0000780"]}],"id":[{"id":"10.13039\/100011030","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243834","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T17:38:33Z","timestamp":1539711513000},"page":"619-633","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":307,"title":["Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations"],"prefix":"10.1145","author":[{"given":"Karan","family":"Ganju","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}]},{"given":"Qi","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}]},{"given":"Wei","family":"Yang","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}]},{"given":"Carl A.","family":"Gunter","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}]},{"given":"Nikita","family":"Borisov","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL, USA"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_2_2_1","volume-title":"Machine Learning at AWS. https:\/\/aws.amazon.com\/machine-learning\/ Retrieved","year":"2018","unstructured":"Amazon. 2018. Machine Learning at AWS. https:\/\/aws.amazon.com\/machine-learning\/ Retrieved August 15, 2018 from Amazon. 2018. Machine Learning at AWS. https:\/\/aws.amazon.com\/machine-learning\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_3_1","volume-title":"Android Neural Networks API. https:\/\/developer.android.com\/ndk\/guides\/neuralnetworks\/ Retrieved","author":"Developers Android","year":"2018","unstructured":"Android Developers . 2018. Android Neural Networks API. https:\/\/developer.android.com\/ndk\/guides\/neuralnetworks\/ Retrieved August 15, 2018 from Android Developers. 2018. Android Neural Networks API. https:\/\/developer.android.com\/ndk\/guides\/neuralnetworks\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_4_1","volume-title":"https:\/\/developer.apple.com\/documentation\/coreml Retrieved","author":"Apple Inc. 2018. Core ML.","year":"2018","unstructured":"Apple Inc. 2018. Core ML. https:\/\/developer.apple.com\/documentation\/coreml Retrieved August 15, 2018 from Apple Inc. 2018. Core ML. https:\/\/developer.apple.com\/documentation\/coreml Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2015.071829"},{"key":"e_1_3_2_2_6_1","volume-title":"https:\/\/bigml.com\/ Retrieved","author":"BigML Inc. 2018. BigML.","year":"2018","unstructured":"BigML Inc. 2018. BigML. https:\/\/bigml.com\/ Retrieved August 15, 2018 from BigML Inc. 2018. BigML. https:\/\/bigml.com\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_7_1","volume-title":"Proceedings of the 1st Conference on Fairness, Accountability and Transparency (Proceedings of Machine Learning Research), Sorelle A. Friedler and Christo Wilson (Eds.)","volume":"81","author":"Buolamwini Joy","year":"2018","unstructured":"Joy Buolamwini and Timnit Gebru . 2018 . Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification . In Proceedings of the 1st Conference on Fairness, Accountability and Transparency (Proceedings of Machine Learning Research), Sorelle A. Friedler and Christo Wilson (Eds.) , Vol. 81 . PMLR, New York, NY, USA, 77--91. http:\/\/proceedings.mlr.press\/v81\/buolamwini18a.html Joy Buolamwini and Timnit Gebru. 2018. Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification. In Proceedings of the 1st Conference on Fairness, Accountability and Transparency (Proceedings of Machine Learning Research), Sorelle A. Friedler and Christo Wilson (Eds.), Vol. 81. PMLR, New York, NY, USA, 77--91. http:\/\/proceedings.mlr.press\/v81\/buolamwini18a.html"},{"key":"e_1_3_2_2_8_1","unstructured":"Caffe. 2018. Caffe Model Zoo. http:\/\/caffe.berkeleyvision.org\/model_zoo.html Retrieved August 15 2018 from  Caffe. 2018. Caffe Model Zoo. http:\/\/caffe.berkeleyvision.org\/model_zoo.html Retrieved August 15 2018 from"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/IISWC.2009.5306797"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2016.09.014"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508148.2485970"},{"key":"e_1_3_2_2_12_1","unstructured":"Dua Dheeru and Efi Karra Taniskidou. 2017. UCI Machine Learning Repository. http:\/\/archive.ics.uci.edu\/ml  Dua Dheeru and Efi Karra Taniskidou. 2017. UCI Machine Learning Repository. http:\/\/archive.ics.uci.edu\/ml"},{"key":"e_1_3_2_2_13_1","volume-title":"Robust physical-world attacks on machine learning models. arXiv preprint arXiv:1707.08945","author":"Evtimov Ivan","year":"2017","unstructured":"Ivan Evtimov , Kevin Eykholt , Earlence Fernandes , Tadayoshi Kohno , Bo Li , Atul Prakash , Amir Rahmati , and Dawn Song . 2017. Robust physical-world attacks on machine learning models. arXiv preprint arXiv:1707.08945 ( 2017 ). Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song. 2017. Robust physical-world attacks on machine learning models. arXiv preprint arXiv:1707.08945 (2017)."},{"key":"e_1_3_2_2_14_1","volume-title":"https:\/\/www.gradientzoo.com\/ Retrieved","author":"Florenzano Eric","year":"2018","unstructured":"Eric Florenzano . 2016. Gadientzoo. https:\/\/www.gradientzoo.com\/ Retrieved August 15, 2018 from Eric Florenzano. 2016. Gadientzoo. https:\/\/www.gradientzoo.com\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_2_16_1","volume-title":"Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. In USENIX Security Symposium. 17--32","author":"Fredrikson Matthew","year":"2014","unstructured":"Matthew Fredrikson , Eric Lantz , Somesh Jha , Simon Lin , David Page , and Thomas Ristenpart . 2014 . Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. In USENIX Security Symposium. 17--32 . Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. 2014. Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. In USENIX Security Symposium. 17--32."},{"key":"e_1_3_2_2_17_1","volume-title":"Cloud Machine Learning Engine. https:\/\/cloud.google.com\/ml-engine\/ Retrieved","author":"Cloud Google","year":"2018","unstructured":"Google Cloud . 2018. Cloud Machine Learning Engine. https:\/\/cloud.google.com\/ml-engine\/ Retrieved August 15, 2018 from Google Cloud. 2018. Cloud Machine Learning Engine. https:\/\/cloud.google.com\/ml-engine\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_18_1","volume-title":"LOGAN: evaluating privacy leakage of generative models using generative adversarial networks. arXiv preprint arXiv:1705.07663","author":"Hayes Jamie","year":"2017","unstructured":"Jamie Hayes , Luca Melis , George Danezis , and Emiliano De Cristofaro . 2017. LOGAN: evaluating privacy leakage of generative models using generative adversarial networks. arXiv preprint arXiv:1705.07663 ( 2017 ). Jamie Hayes, Luca Melis, George Danezis, and Emiliano De Cristofaro. 2017. LOGAN: evaluating privacy leakage of generative models using generative adversarial networks. arXiv preprint arXiv:1705.07663 (2017)."},{"key":"e_1_3_2_2_19_1","volume-title":"Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980","author":"Kingma Diederik P","year":"2014","unstructured":"Diederik P Kingma and Jimmy Ba . 2014 . Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014). Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)."},{"key":"e_1_3_2_2_20_1","volume-title":"Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907","author":"Kipf Thomas N","year":"2016","unstructured":"Thomas N Kipf and Max Welling . 2016. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 ( 2016 ). Thomas N Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)."},{"key":"e_1_3_2_2_21_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19)","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher , Jann Horn , Anders Fogh , Daniel Genkin , Daniel Gruss , Werner Haas , Mike Hamburg , Moritz Lipp , Stefan Mangard , Thomas Prescher , Michael Schwarz , and Yuval Yarom . 2019 . Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19) . Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19) ."},{"key":"e_1_3_2_2_22_1","unstructured":"Yann LeCun Corinna Cortes and Christopher J Burges. 2018. The MNIST database of handwritten digits. http:\/\/yann.lecun.com\/exdb\/mnist\/.  Yann LeCun Corinna Cortes and Christopher J Burges. 2018. The MNIST database of handwritten digits. http:\/\/yann.lecun.com\/exdb\/mnist\/."},{"key":"e_1_3_2_2_23_1","volume-title":"Proceedings of the 11th Annual Information Security Symposium. CERIAS-Purdue University, 5.","author":"Lin Zhiqiang","year":"2010","unstructured":"Zhiqiang Lin , Xiangyu Zhang , and Dongyan Xu . 2010 . Automatic reverse engineering of data structures from binary execution . In Proceedings of the 11th Annual Information Security Symposium. CERIAS-Purdue University, 5. Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2010. Automatic reverse engineering of data structures from binary execution. In Proceedings of the 11th Annual Information Security Symposium. CERIAS-Purdue University, 5."},{"key":"e_1_3_2_2_24_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Anders Fogh , Jann Horn , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . 2018 . Meltdown: Reading Kernel Memory from User Space . In 27th USENIX Security Symposium (USENIX Security 18) . Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18) ."},{"key":"e_1_3_2_2_25_1","volume-title":"Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Liu Yingqi","year":"2018","unstructured":"Yingqi Liu , Shiqing Ma , Yousra Aafer , Wen-Chuan Lee , Juan Zhai , Weihang Wang , and Xiangyu Zhang . 2018 b. Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA, February 18--221 , 2018. The Internet Society. Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. 2018b. Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--221, 2018. The Internet Society."},{"key":"e_1_3_2_2_26_1","unstructured":"Ziwei Liu Ping Luo Xiaogang Wang and Xiaoou Tang. 2018a. Large-scale CelebFaces Attributes (CelebA) Dataset. http:\/\/mmlab.ie.cuhk.edu.hk\/projects\/CelebA.html Retrieved August 15 2018 from  Ziwei Liu Ping Luo Xiaogang Wang and Xiaoou Tang. 2018a. Large-scale CelebFaces Attributes (CelebA) Dataset. http:\/\/mmlab.ie.cuhk.edu.hk\/projects\/CelebA.html Retrieved August 15 2018 from"},{"key":"e_1_3_2_2_27_1","volume-title":"Adversarial Examples that Fool Detectors. arXiv preprint arXiv:1712.02494","author":"Lu Jiajun","year":"2017","unstructured":"Jiajun Lu , Hussein Sibai , and Evan Fabry . 2017. Adversarial Examples that Fool Detectors. arXiv preprint arXiv:1712.02494 ( 2017 ). Jiajun Lu, Hussein Sibai, and Evan Fabry. 2017. Adversarial Examples that Fool Detectors. arXiv preprint arXiv:1712.02494 (2017)."},{"key":"e_1_3_2_2_28_1","volume-title":"Azure Machine Learning. https:\/\/azure.microsoft.com\/en-us\/services\/machine-learning-studio\/ Retrieved","year":"2018","unstructured":"Microsoft. 2018. Azure Machine Learning. https:\/\/azure.microsoft.com\/en-us\/services\/machine-learning-studio\/ Retrieved August 15, 2018 from Microsoft. 2018. Azure Machine Learning. https:\/\/azure.microsoft.com\/en-us\/services\/machine-learning-studio\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_29_1","volume-title":"Universal adversarial perturbations. arXiv preprint","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2017","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Alhussein Fawzi , Omar Fawzi , and Pascal Frossard . 2017. Universal adversarial perturbations. arXiv preprint ( 2017 ). Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. arXiv preprint (2017)."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_2_31_1","volume-title":"Towards Reverse-Engineering Black-Box Neural Networks. International Conference on Learning Representations","author":"Oh Seong Joon","year":"2018","unstructured":"Seong Joon Oh , Max Augustin , Bernt Schiele , and Mario Fritz . 2018 . Towards Reverse-Engineering Black-Box Neural Networks. International Conference on Learning Representations (2018). Seong Joon Oh, Max Augustin, Bernt Schiele, and Mario Fritz. 2018. Towards Reverse-Engineering Black-Box Neural Networks. International Conference on Learning Representations (2018)."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_2_33_1","volume-title":"Detecting Spectre And Meltdown Using Hardware Performance Counters. https:\/\/www.endgame.com\/blog\/technical-blog\/detecting-spectre-and-meltdown-using-hardware-performance-counters Retrieved","author":"Pierce Cody","year":"2018","unstructured":"Cody Pierce . 2018. Detecting Spectre And Meltdown Using Hardware Performance Counters. https:\/\/www.endgame.com\/blog\/technical-blog\/detecting-spectre-and-meltdown-using-hardware-performance-counters Retrieved August 15, 2018 from Cody Pierce. 2018. Detecting Spectre And Meltdown Using Hardware Performance Counters. https:\/\/www.endgame.com\/blog\/technical-blog\/detecting-spectre-and-meltdown-using-hardware-performance-counters Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_34_1","volume-title":"http:\/\/pytorch.org\/ Retrieved","author":"Pytorch PyTorch","year":"2018","unstructured":"PyTorch core team. 2018. Pytorch . http:\/\/pytorch.org\/ Retrieved August 15, 2018 from PyTorch core team. 2018. Pytorch. http:\/\/pytorch.org\/ Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_35_1","volume-title":"A stochastic approximation method. The annals of mathematical statistics","author":"Robbins Herbert","year":"1951","unstructured":"Herbert Robbins and Sutton Monro . 1951. A stochastic approximation method. The annals of mathematical statistics ( 1951 ), 400--407. Herbert Robbins and Sutton Monro. 1951. A stochastic approximation method. The annals of mathematical statistics (1951), 400--407."},{"key":"e_1_3_2_2_36_1","volume-title":"The Perceptron: A Probabilistic Model for Information Storage and Organization in The Brain. Psychological Review","author":"Rosenblatt F.","year":"1958","unstructured":"F. Rosenblatt . 1958 . The Perceptron: A Probabilistic Model for Information Storage and Organization in The Brain. Psychological Review (1958), 65--386. F. Rosenblatt. 1958. The Perceptron: A Probabilistic Model for Information Storage and Organization in The Brain. Psychological Review (1958), 65--386."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2015.7298682"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134077"},{"key":"e_1_3_2_2_40_1","volume-title":"Geng Daniel Liu, and Wen-mei W Hwu","author":"Stratton John A","year":"2012","unstructured":"John A Stratton , Christopher Rodrigues , I- Jui Sung , Nady Obeid , Li-Wen Chang , Nasser Anssari , Geng Daniel Liu, and Wen-mei W Hwu . 2012 . Parboil : A revised benchmark suite for scientific and commercial throughput computing. Center for Reliable and High-Performance Computing , Vol. 127 (2012). John A Stratton, Christopher Rodrigues, I-Jui Sung, Nady Obeid, Li-Wen Chang, Nasser Anssari, Geng Daniel Liu, and Wen-mei W Hwu. 2012. Parboil: A revised benchmark suite for scientific and commercial throughput computing. Center for Reliable and High-Performance Computing, Vol. 127 (2012)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_13"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2014.220"},{"key":"e_1_3_2_2_43_1","volume-title":"USENIX Security Symposium. 601--618","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r , Fan Zhang , Ari Juels , Michael K Reiter , and Thomas Ristenpart . 2016 . Stealing Machine Learning Models via Prediction APIs . In USENIX Security Symposium. 601--618 . Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2016. Stealing Machine Learning Models via Prediction APIs. In USENIX Security Symposium. 601--618."},{"key":"e_1_3_2_2_44_1","unstructured":"Trend Micro. 2018. Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/detecting-attacks-that-exploit-meltdown-and-spectre-with-performance-counters\/ Retrieved August 15 2018 from  Trend Micro. 2018. Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/detecting-attacks-that-exploit-meltdown-and-spectre-with-performance-counters\/ Retrieved August 15 2018 from"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2641190.2641198"},{"key":"e_1_3_2_2_46_1","volume-title":"Stealing Hyperparameters in Machine Learning. In 2018 IEEE Symposium on Security and Privacy (SP) .","author":"Wang Binghui","year":"2018","unstructured":"Binghui Wang and Neil Zhenqiang Gong . 2018 . Stealing Hyperparameters in Machine Learning. In 2018 IEEE Symposium on Security and Privacy (SP) . Binghui Wang and Neil Zhenqiang Gong. 2018. Stealing Hyperparameters in Machine Learning. In 2018 IEEE Symposium on Security and Privacy (SP) ."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2463209.2488831"},{"key":"e_1_3_2_2_48_1","volume-title":"Linux profiling with performance counters. https:\/\/perf.wiki.kernel.org\/index.php\/Main_Page Retrieved","author":"Wiki Perf","year":"2018","unstructured":"Perf Wiki . 2018. Linux profiling with performance counters. https:\/\/perf.wiki.kernel.org\/index.php\/Main_Page Retrieved August 15, 2018 from Perf Wiki. 2018. Linux profiling with performance counters. https:\/\/perf.wiki.kernel.org\/index.php\/Main_Page Retrieved August 15, 2018 from"},{"key":"e_1_3_2_2_49_1","volume-title":"The Unintended Consequences of Overfitting: Training Data Inference Attacks. arXiv preprint arXiv:1709.01604","author":"Yeom Samuel","year":"2017","unstructured":"Samuel Yeom , Matt Fredrikson , and Somesh Jha . 2017. The Unintended Consequences of Overfitting: Training Data Inference Attacks. arXiv preprint arXiv:1709.01604 ( 2017 ). Samuel Yeom, Matt Fredrikson, and Somesh Jha. 2017. The Unintended Consequences of Overfitting: Training Data Inference Attacks. arXiv preprint arXiv:1709.01604 (2017)."},{"key":"e_1_3_2_2_50_1","unstructured":"Manzil Zaheer Satwik Kottur Siamak Ravanbakhsh Barnabas Poczos Ruslan R Salakhutdinov and Alexander J Smola. 2017. Deep sets. In Advances in Neural Information Processing Systems. 3394--3404.  Manzil Zaheer Satwik Kottur Siamak Ravanbakhsh Barnabas Poczos Ruslan R Salakhutdinov and Alexander J Smola. 2017. Deep sets. In Advances in Neural Information Processing Systems. 3394--3404."},{"key":"e_1_3_2_2_51_1","volume-title":"5th International Conference on Learning Representations (ICLR) .","author":"Zhang Chiyuan","year":"2017","unstructured":"Chiyuan Zhang , Samy Bengio , Moritz Hardt , Benjamin Recht , and Oriol Vinyals . 2017 . Understanding deep learning requires rethinking generalization . In 5th International Conference on Learning Representations (ICLR) . Chiyuan Zhang, Samy Bengio, Moritz Hardt, Benjamin Recht, and Oriol Vinyals. 2017. Understanding deep learning requires rethinking generalization. In 5th International Conference on Learning Representations (ICLR) ."}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243834","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243834","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243834","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:08:19Z","timestamp":1750212499000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243834"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":51,"alternative-id":["10.1145\/3243734.3243834","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243834","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}