{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T13:21:26Z","timestamp":1776000086145,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":73,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1937786"],"award-info":[{"award-number":["1937786"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3363201","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"259-274","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":263,"title":["MemGuard"],"prefix":"10.1145","author":[{"given":"Jinyuan","family":"Jia","sequence":"first","affiliation":[{"name":"Duke University, Durham, NC, USA"}]},{"given":"Ahmed","family":"Salem","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Michael","family":"Backes","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Yang","family":"Zhang","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Neil Zhenqiang","family":"Gong","sequence":"additional","affiliation":[{"name":"Duke University, Durham, NC, USA"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_2_2_1","volume-title":"Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers. CoRR abs\/1306.4447","author":"Ateniese Giuseppe","year":"2013","unstructured":"Giuseppe Ateniese , Giovanni Felici , Luigi V. Mancini , Angelo Spognardi , Antonio Villani , and Domenico Vitali . 2013. Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers. CoRR abs\/1306.4447 ( 2013 ). Giuseppe Ateniese, Giovanni Felici, Luigi V. Mancini, Angelo Spognardi, Antonio Villani, and Domenico Vitali. 2013. Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers. CoRR abs\/1306.4447 (2013)."},{"key":"e_1_3_2_2_3_1","volume-title":"Proceedings of the 2018 International Conference on Machine Learning (ICML). JMLR, 274--283","author":"Athalye Anish","unstructured":"Anish Athalye , Nicholas Carlini , and David A. Wagner . 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples . In Proceedings of the 2018 International Conference on Machine Learning (ICML). JMLR, 274--283 . Anish Athalye, Nicholas Carlini, and David A. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In Proceedings of the 2018 International Conference on Machine Learning (ICML). JMLR, 274--283."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978355"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133972"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2014.56"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382260"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23304"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134606"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_2_11_1","volume-title":"Proceedings of the 2012 Network and Distributed System Security Symposium (NDSS). Internet Society.","author":"Chaabane Abdelberi","year":"2012","unstructured":"Abdelberi Chaabane , Gergely Acs , and Mohamed Ali Kaafar . 2012 . You Are What You Like! Information Leakage Through Users' Interests . In Proceedings of the 2012 Network and Distributed System Security Symposium (NDSS). Internet Society. Abdelberi Chaabane, Gergely Acs, and Mohamed Ali Kaafar. 2012. You Are What You Like! Information Leakage Through Users' Interests. In Proceedings of the 2012 Network and Distributed System Security Symposium (NDSS). Internet Society."},{"key":"e_1_3_2_2_12_1","volume-title":"Differentially Private Empirical Risk Minimization. Journal of Machine Learning Research","author":"Chaudhuri Kamalika","year":"2011","unstructured":"Kamalika Chaudhuri , Claire Monteleoni , and Anand D Sarwate . 2011. Differentially Private Empirical Risk Minimization. Journal of Machine Learning Research ( 2011 ). Kamalika Chaudhuri, Claire Monteleoni, and Anand D Sarwate. 2011. Differentially Private Empirical Risk Minimization. Journal of Machine Learning Research (2011)."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_14"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_2_15_1","volume-title":"Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 17--32","author":"Fredrikson Matt","year":"2014","unstructured":"Matt Fredrikson , Eric Lantz , Somesh Jha , Simon Lin , David Page , and Thomas Ristenpart . 2014 . Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing . In Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 17--32 . Matt Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. 2014. Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. In Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 17--32."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"e_1_3_2_2_17_1","volume-title":"Proceedings of the 2016 USENIX Security Symposium (USENIX Security). USENIX, 979--995","author":"Gong Neil Zhenqiang","year":"2016","unstructured":"Neil Zhenqiang Gong and Bin Liu . 2016 . You are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors . In Proceedings of the 2016 USENIX Security Symposium (USENIX Security). USENIX, 979--995 . Neil Zhenqiang Gong and Bin Liu. 2016. You are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors. In Proceedings of the 2016 USENIX Security Symposium (USENIX Security). USENIX, 979--995."},{"key":"e_1_3_2_2_18_1","volume-title":"Proceedings of the 2014 Annual Conference on Neural Information Processing Systems (NIPS). NIPS.","author":"Goodfellow Ian","year":"2014","unstructured":"Ian Goodfellow , Jean Pouget-Abadie , Mehdi Mirza , Bing Xu , David Warde-Farley , Sherjil Ozair , Aaron Courville , and Yoshua Bengio . 2014 . Generative Adversarial Nets . In Proceedings of the 2014 Annual Conference on Neural Information Processing Systems (NIPS). NIPS. Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative Adversarial Nets. In Proceedings of the 2014 Annual Conference on Neural Information Processing Systems (NIPS). NIPS."},{"key":"e_1_3_2_2_19_1","volume-title":"Proceedings of the 2015 International Conference on Learning Representations (ICLR).","author":"Goodfellow Ian","year":"2015","unstructured":"Ian Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and Harnessing Adversarial Examples . In Proceedings of the 2015 International Conference on Learning Representations (ICLR). Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In Proceedings of the 2015 International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23064"},{"key":"e_1_3_2_2_21_1","volume-title":"LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. Symposium on Privacy Enhancing Technologies Symposium","author":"Hayes Jamie","year":"2019","unstructured":"Jamie Hayes , Luca Melis , George Danezis , and Emiliano De Cristofaro . 2019 . LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. Symposium on Privacy Enhancing Technologies Symposium (2019). Jamie Hayes, Luca Melis, George Danezis, and Emiliano De Cristofaro. 2019. LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. Symposium on Privacy Enhancing Technologies Symposium (2019)."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655013"},{"key":"e_1_3_2_2_23_1","volume-title":"Craig","author":"Homer Nils","year":"2008","unstructured":"Nils Homer , Szabolcs Szelinger , Margot Redman , David Duggan , Waibhav Tembe , Jill Muehling , John V. Pearson , Dietrich A. Stephan , Stanley F. Nelson , and David W . Craig . 2008 . Resolving Individuals Contributing Trace Amounts of DNA to Highly Complex Mixtures Using High-Density SNP Genotyping Microarrays. PLOS Genetics ( 2008). Nils Homer, Szabolcs Szelinger, Margot Redman, David Duggan, Waibhav Tembe, Jill Muehling, John V. Pearson, Dietrich A. Stephan, Stanley F. Nelson, and David W. Craig. 2008. Resolving Individuals Contributing Trace Amounts of DNA to Highly Complex Mixtures Using High-Density SNP Genotyping Microarrays. PLOS Genetics (2008)."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00001"},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX","author":"Jayaraman Bargav","year":"2014","unstructured":"Bargav Jayaraman and David Evans . 2014 . Evaluating Differentially Private Machine Learning in Practice . In Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX , 1895--1912. Bargav Jayaraman and David Evans. 2014. Evaluating Differentially Private Machine Learning in Practice. In Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 1895--1912."},{"key":"e_1_3_2_2_26_1","volume-title":"Proceedings of the 2018 USENIX Security Symposium (USENIX Security). USENIX.","author":"Jia Jinyuan","year":"2018","unstructured":"Jinyuan Jia and Neil Zhenqiang Gong . 2018 . AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning . In Proceedings of the 2018 USENIX Security Symposium (USENIX Security). USENIX. Jinyuan Jia and Neil Zhenqiang Gong. 2018. AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning. In Proceedings of the 2018 USENIX Security Symposium (USENIX Security). USENIX."},{"key":"e_1_3_2_2_27_1","volume-title":"Defending against Machine Learning based Inference Attacks via Adversarial Examples: Opportunities and Challenges. CoRR abs\/1909.08526","author":"Jia Jinyuan","year":"2019","unstructured":"Jinyuan Jia and Neil Zhenqiang Gong . 2019. Defending against Machine Learning based Inference Attacks via Adversarial Examples: Opportunities and Challenges. CoRR abs\/1909.08526 ( 2019 ). Jinyuan Jia and Neil Zhenqiang Gong. 2019. Defending against Machine Learning based Inference Attacks via Adversarial Examples: Opportunities and Challenges. CoRR abs\/1909.08526 (2019)."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052695"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660368"},{"key":"e_1_3_2_2_30_1","volume-title":"Proceedings of the 2012 Annual Conference on Learning Theory (COLT). JMLR, 1--25","author":"Kifer Daniel","year":"2012","unstructured":"Daniel Kifer , Adam Smith , and Abhradeep Thakurta . 2012 . Private Convex Optimization for Empirical Risk Minimization with Applications to High-dimensional Regression . In Proceedings of the 2012 Annual Conference on Learning Theory (COLT). JMLR, 1--25 . Daniel Kifer, Adam Smith, and Abhradeep Thakurta. 2012. Private Convex Optimization for Empirical Risk Minimization with Applications to High-dimensional Regression. In Proceedings of the 2012 Annual Conference on Learning Theory (COLT). JMLR, 1--25."},{"key":"e_1_3_2_2_31_1","volume-title":"Adversarial Examples in the Physical World. CoRR abs\/1607.02533","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2016. Adversarial Examples in the Physical World. CoRR abs\/1607.02533 ( 2016 ). Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial Examples in the Physical World. CoRR abs\/1607.02533 (2016)."},{"key":"e_1_3_2_2_32_1","volume-title":"Delving into Transferable Adversarial Examples and Black-box Attacks. CoRR abs\/1611.02770","author":"Liu Yanpei","year":"2016","unstructured":"Yanpei Liu , Xinyun Chen , Chang Liu , and Dawn Song . 2016. Delving into Transferable Adversarial Examples and Black-box Attacks. CoRR abs\/1611.02770 ( 2016 ). Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. 2016. Delving into Transferable Adversarial Examples and Black-box Attacks. CoRR abs\/1611.02770 (2016)."},{"key":"e_1_3_2_2_33_1","volume-title":"Gunter","author":"Long Yunhui","year":"2017","unstructured":"Yunhui Long , Vincent Bindschaedler , and Carl A . Gunter . 2017 . Towards Measuring Membership Privacy. CoRR abs\/1712.09136 (2017). Yunhui Long, Vincent Bindschaedler, and Carl A. Gunter. 2017. Towards Measuring Membership Privacy. CoRR abs\/1712.09136 (2017)."},{"key":"e_1_3_2_2_34_1","volume-title":"Understanding Membership Inferences on Well-Generalized Learning Models. CoRR abs\/1802.04889","author":"Long Yunhui","year":"2018","unstructured":"Yunhui Long , Vincent Bindschaedler , Lei Wang , Diyue Bu , Xiaofeng Wang , Haixu Tang , Carl A. Gunter , and Kai Chen . 2018. Understanding Membership Inferences on Well-Generalized Learning Models. CoRR abs\/1802.04889 ( 2018 ). Yunhui Long, Vincent Bindschaedler, Lei Wang, Diyue Bu, Xiaofeng Wang, Haixu Tang, Carl A. Gunter, and Kai Chen. 2018. Understanding Membership Inferences on Well-Generalized Learning Models. CoRR abs\/1802.04889 (2018)."},{"key":"e_1_3_2_2_35_1","volume-title":"Proceedings of the 2018 International Conference on Learning Representations (ICLR).","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2018 . Towards Deep Learning Models Resistant to Adversarial Attacks . In Proceedings of the 2018 International Conference on Learning Representations (ICLR). Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In Proceedings of the 2018 International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"e_1_3_2_2_38_1","volume-title":"Adversarial Binaries for Authorship Identification. CoRR abs\/1809.08316","author":"Meng Xiaozhu","year":"2018","unstructured":"Xiaozhu Meng , Barton P Miller , and Somesh Jha . 2018. Adversarial Binaries for Authorship Identification. CoRR abs\/1809.08316 ( 2018 ). Xiaozhu Meng, Barton P Miller, and Somesh Jha. 2018. Adversarial Binaries for Authorship Identification. CoRR abs\/1809.08316 (2018)."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.46"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_2_44_1","volume-title":"Proceedings of the 2018 International Conference on Learning Representations (ICLR).","author":"Oh Seong Joon","year":"2018","unstructured":"Seong Joon Oh , Max Augustin , Bernt Schiele , and Mario Fritz . 2018 . Towards Reverse-Engineering Black-Box Neural Networks . In Proceedings of the 2018 International Conference on Learning Representations (ICLR). Seong Joon Oh, Max Augustin, Bernt Schiele, and Mario Fritz. 2018. Towards Reverse-Engineering Black-Box Neural Networks. In Proceedings of the 2018 International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134004"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046556.2046570"},{"key":"e_1_3_2_2_47_1","volume-title":"Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. CoRR abs\/1605.07277","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick McDaniel , and Ian Goodfellow . 2016a. Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. CoRR abs\/1605.07277 ( 2016 ). Nicolas Papernot, Patrick McDaniel, and Ian Goodfellow. 2016a. Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. CoRR abs\/1605.07277 (2016)."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00035"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23183"},{"key":"e_1_3_2_2_53_1","volume-title":"Under the Hood of Membership Inference Attacks on Aggregate Location Time-Series. CoRR abs\/1902.07456","author":"Pyrgelis Apostolos","year":"2019","unstructured":"Apostolos Pyrgelis , Carmela Troncoso , and Emiliano De Cristofaro . 2019. Under the Hood of Membership Inference Attacks on Aggregate Location Time-Series. CoRR abs\/1902.07456 ( 2019 ). Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro. 2019. Under the Hood of Membership Inference Attacks on Aggregate Location Time-Series. CoRR abs\/1902.07456 (2019)."},{"key":"e_1_3_2_2_54_1","volume-title":"Proceedings of the 2019 USENIX Security Symposium (USENIX Security). USENIX, 479--496","author":"Quiring Erwin","year":"2019","unstructured":"Erwin Quiring , Alwin Maier , and Konrad Rieck . 2019 . Misleading Authorship Attribution of Source Code using Adversarial Learning . In Proceedings of the 2019 USENIX Security Symposium (USENIX Security). USENIX, 479--496 . Erwin Quiring, Alwin Maier, and Konrad Rieck. 2019. Misleading Authorship Attribution of Source Code using Adversarial Learning. In Proceedings of the 2019 USENIX Security Symposium (USENIX Security). USENIX, 479--496."},{"key":"e_1_3_2_2_55_1","volume-title":"2019 a. Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning. CoRR abs\/1904.01067","author":"Salem Ahmed","year":"2019","unstructured":"Ahmed Salem , Apratim Bhattacharya , Michael Backes , Mario Fritz , and Yang Zhang . 2019 a. Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning. CoRR abs\/1904.01067 ( 2019 ). Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, and Yang Zhang. 2019 a. Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning. CoRR abs\/1904.01067 (2019)."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23119"},{"key":"e_1_3_2_2_57_1","volume-title":"Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 1310--1321","author":"Shokri Reza","year":"2015","unstructured":"Reza Shokri and Vitaly Shmatikov . 2015 . Privacy-Preserving Deep Learning . In Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 1310--1321 . Reza Shokri and Vitaly Shmatikov. 2015. Privacy-Preserving Deep Learning. In Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 1310--1321."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354211"},{"key":"e_1_3_2_2_60_1","volume-title":"Proceedings of the 2013 IEEE Global Conference on Signal and Information Processing (GlobalSIP). IEEE, 245--248","author":"Song Shuang","unstructured":"Shuang Song , Kamalika Chaudhuri , and Anand D. Sarwate . 2013. Stochastic Gradient Descent with Differentially Private Updates . In Proceedings of the 2013 IEEE Global Conference on Signal and Information Processing (GlobalSIP). IEEE, 245--248 . Shuang Song, Kamalika Chaudhuri, and Anand D. Sarwate. 2013. Stochastic Gradient Descent with Differentially Private Updates. In Proceedings of the 2013 IEEE Global Conference on Signal and Information Processing (GlobalSIP). IEEE, 245--248."},{"key":"e_1_3_2_2_61_1","volume-title":"Dropout: A Simple Way to Prevent Neural Networks from Overfitting. Journal of Machine Learning Research","author":"Srivastava Nitish","year":"2014","unstructured":"Nitish Srivastava , Geoffrey Hinton , Alex Krizhevsky , Ilya Sutskever , and Ruslan Salakhutdinov . 2014 . Dropout: A Simple Way to Prevent Neural Networks from Overfitting. Journal of Machine Learning Research (2014). Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: A Simple Way to Prevent Neural Networks from Overfitting. Journal of Machine Learning Research (2014)."},{"key":"e_1_3_2_2_62_1","volume-title":"Intriguing Properties of Neural Networks. CoRR abs\/1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2013. Intriguing Properties of Neural Networks. CoRR abs\/1312.6199 ( 2013 ). Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing Properties of Neural Networks. CoRR abs\/1312.6199 (2013)."},{"key":"e_1_3_2_2_63_1","volume-title":"Proceedings of the 2017 International Conference on Learning Representations (ICLR).","author":"Tram\u00e8r Florian","year":"2017","unstructured":"Florian Tram\u00e8r , Alexey Kurakin , Nicolas Papernot , Ian Goodfellow , Dan Boneh , and Patrick McDaniel . 2017 . Ensemble Adversarial Training: Attacks and Defenses . In Proceedings of the 2017 International Conference on Learning Representations (ICLR). Florian Tram\u00e8r, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel. 2017. Ensemble Adversarial Training: Attacks and Defenses. In Proceedings of the 2017 International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_2_64_1","volume-title":"Proceedings of the 2016 USENIX Security Symposium (USENIX Security). USENIX, 601--618","author":"Tram\u00e9r Florian","year":"2016","unstructured":"Florian Tram\u00e9r , Fan Zhang , Ari Juels , Michael K. Reiter , and Thomas Ristenpart . 2016 . Stealing Machine Learning Models via Prediction APIs . In Proceedings of the 2016 USENIX Security Symposium (USENIX Security). USENIX, 601--618 . Florian Tram\u00e9r, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2016. Stealing Machine Learning Models via Prediction APIs. In Proceedings of the 2016 USENIX Security Symposium (USENIX Security). USENIX, 601--618."},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00038"},{"key":"e_1_3_2_2_66_1","volume-title":"Proceedings of the 2017 Annual Conference on Neural Information Processing Systems (NIPS). NIPS, 2722--2731","author":"Wang Di","year":"2017","unstructured":"Di Wang , Minwei Ye , and Jinhui Xu . 2017 . Differentially Private Empirical Risk Minimization Revisited: Faster and More General . In Proceedings of the 2017 Annual Conference on Neural Information Processing Systems (NIPS). NIPS, 2722--2731 . Di Wang, Minwei Ye, and Jinhui Xu. 2017. Differentially Private Empirical Risk Minimization Revisited: Faster and More General. In Proceedings of the 2017 Annual Conference on Neural Information Processing Systems (NIPS). NIPS, 2722--2731."},{"key":"e_1_3_2_2_67_1","volume-title":"Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 143--157","author":"Wang Tao","year":"2014","unstructured":"Tao Wang , Xiang Cai , Rishab Nithyanand , Rob Johnson , and Ian Goldberg . 2014 . Effective Attacks and Provable Defenses for Website Fingerprinting . In Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 143--157 . Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In Proceedings of the 2014 USENIX Security Symposium (USENIX Security). USENIX, 143--157."},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23198"},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00019"},{"key":"e_1_3_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23210"},{"key":"e_1_3_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186095"},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382230"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363201","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363201","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363201","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:32Z","timestamp":1750203872000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363201"}},"subtitle":["Defending against Black-Box Membership Inference Attacks via Adversarial Examples"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":73,"alternative-id":["10.1145\/3319535.3363201","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3363201","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}