{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T13:21:09Z","timestamp":1776000069553,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,10,15]],"date-time":"2018-10-15T00:00:00Z","timestamp":1539561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1525642"],"award-info":[{"award-number":["1525642"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,10,15]]},"DOI":"10.1145\/3243734.3243855","type":"proceedings-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T17:38:33Z","timestamp":1539711513000},"page":"634-646","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":318,"title":["Machine Learning with Membership Privacy using Adversarial Regularization"],"prefix":"10.1145","author":[{"given":"Milad","family":"Nasr","sequence":"first","affiliation":[{"name":"University of Massachusetts Amherst, Amherst, MA, USA"}]},{"given":"Reza","family":"Shokri","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"given":"Amir","family":"Houmansadr","sequence":"additional","affiliation":[{"name":"University of Massachusetts Amherst, Amherst, MA, USA"}]}],"member":"320","published-online":{"date-parts":[[2018,10,15]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68711-7_23"},{"key":"e_1_3_2_2_3_1","volume-title":"Wasserstein gan. arXiv preprint arXiv:1701.07875","author":"Arjovsky Martin","year":"2017"},{"key":"e_1_3_2_2_4_1","volume-title":"Nonlinear programming: analysis and methods","author":"Avriel Mordecai"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978355"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2014.56"},{"key":"e_1_3_2_2_7_1","volume-title":"Pattern Recognition and Machine Learning (Information Science and Statistics)","author":"Bishop Christopher M."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_2_9_1","volume-title":"The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets. arXiv preprint arXiv:1802.08232","author":"Carlini Nicholas","year":"2018"},{"key":"e_1_3_2_2_10_1","volume-title":"Differentially private empirical risk minimization. Journal of Machine Learning Research","author":"Chaudhuri Kamalika","year":"2011"},{"key":"e_1_3_2_2_11_1","unstructured":"Zihang Dai Zhilin Yang Fan Yang William W Cohen and Ruslan R Salakhutdinov. 2017. Good semi-supervised learning that requires a bad gan. In Advances in Neural Information Processing Systems.  Zihang Dai Zhilin Yang Fan Yang William W Cohen and Ruslan R Salakhutdinov. 2017. Good semi-supervised learning that requires a bad gan. In Advances in Neural Information Processing Systems."},{"key":"e_1_3_2_2_12_1","volume-title":"Training GANs with Optimism. arXiv preprint arXiv:1711.00141","author":"Daskalakis Constantinos","year":"2017"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/773153.773173"},{"key":"e_1_3_2_2_14_1","volume-title":"Adversarially learned inference. arXiv preprint arXiv:1606.00704","author":"Dumoulin Vincent","year":"2016"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_14"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1561\/0400000042"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"crossref","unstructured":"Cynthia Dwork Adam Smith Thomas Steinke and Jonathan Ullman. 2017. Exposed! a survey of attacks on private data. (2017).  Cynthia Dwork Adam Smith Thomas Steinke and Jonathan Ullman. 2017. Exposed! a survey of attacks on private data. (2017).","DOI":"10.1146\/annurev-statistics-060116-054123"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2015.46"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_2_20_1","volume-title":"International Conference on Machine Learning.","author":"Gilad-Bachrach Ran","year":"2016"},{"key":"e_1_3_2_2_21_1","unstructured":"Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems.   Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems."},{"key":"e_1_3_2_2_22_1","volume-title":"Train faster, generalize better: Stability of stochastic gradient descent. arXiv preprint arXiv:1509.01240","author":"Hardt Moritz","year":"2015"},{"key":"e_1_3_2_2_23_1","volume-title":"Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics","author":"Homer Nils","year":"2008"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488608.2488651"},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition.","author":"Huang Gao"},{"key":"e_1_3_2_2_26_1","volume-title":"Chiron: Privacy-preserving Machine Learning as a Service. arXiv preprint arXiv:1803.05961","author":"Hunt Tyler","year":"2018"},{"key":"e_1_3_2_2_27_1","volume-title":"AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning. arXiv preprint arXiv:1805.04810","author":"Jia Jinyuan","year":"2018"},{"key":"e_1_3_2_2_28_1","volume-title":"Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980","author":"Kingma Diederik P","year":"2014"},{"key":"e_1_3_2_2_29_1","volume-title":"An Adversarial Regularisation for Semi-Supervised Training of Structured Output Neural Networks. arXiv preprint arXiv:1702.02382","author":"Kozi'ski Mateusz","year":"2017"},{"key":"e_1_3_2_2_30_1","unstructured":"Alex Krizhevsky and Geoffrey Hinton. 2009. Learning multiple layers of features from tiny images. (2009).  Alex Krizhevsky and Geoffrey Hinton. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065386"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516686"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/646765.704129"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2480741.2480742"},{"key":"e_1_3_2_2_35_1","volume-title":"Virtual adversarial training: a regularization method for supervised and semi-supervised learning. arXiv preprint arXiv:1704.03976","author":"Miyato Takeru","year":"2017"},{"key":"e_1_3_2_2_36_1","volume-title":"Distributional smoothing with virtual adversarial training. arXiv preprint arXiv:1507.00677","author":"Miyato Takeru","year":"2015"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"key":"e_1_3_2_2_38_1","volume-title":"Semi-supervised learning with generative adversarial networks. arXiv preprint arXiv:1606.01583","author":"Odena Augustus","year":"2016"},{"key":"e_1_3_2_2_39_1","volume-title":"Oblivious Multi-Party Machine Learning on Trusted Processors. In USENIX Security Symposium.","author":"Ohrimenko Olga","year":"2016"},{"key":"e_1_3_2_2_40_1","volume-title":"Scalable Private Learning with PATE. arXiv preprint arXiv:1802.08908","author":"Papernot Nicolas","year":"2018"},{"key":"e_1_3_2_2_41_1","volume-title":"arXiv preprint arXiv:1708.06145","author":"Pyrgelis Apostolos","year":"2017"},{"key":"e_1_3_2_2_42_1","unstructured":"Tim Salimans Ian Goodfellow Wojciech Zaremba Vicki Cheung Alec Radford and Xi Chen. 2016. Improved techniques for training gans. In Advances in Neural Information Processing Systems. 2234--2242.   Tim Salimans Ian Goodfellow Wojciech Zaremba Vicki Cheung Alec Radford and Xi Chen. 2016. Improved techniques for training gans. In Advances in Neural Information Processing Systems. 2234--2242."},{"key":"e_1_3_2_2_43_1","volume-title":"Genomic privacy and limits of individual detection in a pool. Nature genetics","author":"Sankararaman Sriram","year":"2009"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0024"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382261"},{"key":"e_1_3_2_2_47_1","unstructured":"Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In USENIX Security.  Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In USENIX Security."},{"key":"e_1_3_2_2_48_1","volume-title":"Stealing Hyperparameters in Machine Learning. arXiv preprint arXiv:1802.05351","author":"Wang Binghui","year":"2018"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653726"},{"key":"e_1_3_2_2_50_1","volume-title":"I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators. arXiv preprint arXiv:1803.05847","author":"Wei Lingxiao","year":"2018"},{"key":"e_1_3_2_2_51_1","volume-title":"Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting. arXiv preprint arXiv:1709.01604","author":"Yeom Samuel","year":"2018"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015330.1015332"}],"event":{"name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","location":"Toronto Canada","acronym":"CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243855","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243855","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3243734.3243855","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:57:47Z","timestamp":1750208267000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3243734.3243855"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,10,15]]},"references-count":52,"alternative-id":["10.1145\/3243734.3243855","10.1145\/3243734"],"URL":"https:\/\/doi.org\/10.1145\/3243734.3243855","relation":{},"subject":[],"published":{"date-parts":[[2018,10,15]]},"assertion":[{"value":"2018-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}