{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T22:16:44Z","timestamp":1776464204410,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359824","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"148-162","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":245,"title":["Model inversion attacks against collaborative inference"],"prefix":"10.1145","author":[{"given":"Zecheng","family":"He","sequence":"first","affiliation":[{"name":"Princeton University"}]},{"given":"Tianwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University"}]},{"given":"Ruby B.","family":"Lee","sequence":"additional","affiliation":[{"name":"Princeton University"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. https:\/\/pytorch.org\/docs\/0.4.0\/torchvision\/datasets.html.  2018. https:\/\/pytorch.org\/docs\/0.4.0\/torchvision\/datasets.html."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_3_1","volume-title":"International Journal of Security and Networks","author":"Ateniese Giuseppe","year":"2015"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23241"},{"key":"e_1_3_2_1_5_1","volume-title":"Towards Making Systems Forget with Machine Unlearning. In IEEE Symposium on Security and Privacy.","author":"Cao Yinzhi","year":"2015"},{"key":"e_1_3_2_1_6_1","volume-title":"USENIX Symposium on Operating Systems Design and Implementation.","author":"Chilimbi Trishul","year":"2014"},{"key":"e_1_3_2_1_7_1","unstructured":"Jeffrey Dean Greg Corrado Rajat Monga Kai Chen Matthieu Devin Mark Mao Andrew Senior Paul Tucker Ke Yang Quoc V Le etal 2012. Large scale distributed deep networks. In Advances in neural information processing systems.  Jeffrey Dean Greg Corrado Rajat Monga Kai Chen Matthieu Devin Mark Mao Andrew Senior Paul Tucker Ke Yang Quoc V Le et al. 2012. Large scale distributed deep networks. In Advances in neural information processing systems."},{"key":"e_1_3_2_1_8_1","unstructured":"Amir Erfan Eshratifar Mohammad Saeed Abrishami and Massoud Pedram. 2018. JointDNN: an efficient training and inference engine for intelligent mobile cloud computing services. arXiv preprint arXiv:1801.08618 (2018).  Amir Erfan Eshratifar Mohammad Saeed Abrishami and Massoud Pedram. 2018. JointDNN: an efficient training and inference engine for intelligent mobile cloud computing services. arXiv preprint arXiv:1801.08618 (2018)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Security Symposium.","author":"Fredrikson Matthew","year":"2014"},{"key":"e_1_3_2_1_11_1","volume-title":"ACM Conference on Computer and Communications Security.","author":"Ganju Karan","year":"2018"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the thirteenth international conference on artificial intelligence and statistics. 249--256","author":"Glorot Xavier","year":"2010"},{"key":"e_1_3_2_1_14_1","unstructured":"Ian Goodfellow Yoshua Bengio Aaron Courville and Yoshua Bengio. 2016. Deep learning. Vol. 1. MIT press Cambridge.  Ian Goodfellow Yoshua Bengio Aaron Courville and Yoshua Bengio. 2016. Deep learning. Vol. 1. MIT press Cambridge."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2015.10"},{"key":"e_1_3_2_1_16_1","unstructured":"Awni Y. Hannun Carl Case Jared Casper Bryan Catanzaro Greg Diamos Erich Elsen Ryan Prenger Sanjeev Satheesh Shubho Sengupta Adam Coates and Andrew Y. Ng. 2014. Deep Speech: Scaling Up End-to-end Speech Recognition. CoRR abs\/1412.5567 (2014). arXiv:1412.5567 http:\/\/arxiv.org\/abs\/1412.5567  Awni Y. Hannun Carl Case Jared Casper Bryan Catanzaro Greg Diamos Erich Elsen Ryan Prenger Sanjeev Satheesh Shubho Sengupta Adam Coates and Andrew Y. Ng. 2014. Deep Speech: Scaling Up End-to-end Speech Recognition. CoRR abs\/1412.5567 (2014). arXiv:1412.5567 http:\/\/arxiv.org\/abs\/1412.5567"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2014.6855235"},{"key":"e_1_3_2_1_18_1","unstructured":"Jamie Hayes Luca Melis George Danezis and Emiliano De Cristofaro. 2017. LOGAN: evaluating privacy leakage of generative models using generative adversarial networks. arXiv preprint arXiv:1705.07663 (2017).  Jamie Hayes Luca Melis George Danezis and Emiliano De Cristofaro. 2017. LOGAN: evaluating privacy leakage of generative models using generative adversarial networks. arXiv preprint arXiv:1705.07663 (2017)."},{"key":"e_1_3_2_1_19_1","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2015. Deep Residual Learning for Image Recognition. CoRR abs\/1512.03385 (2015). arXiv:1512.03385 http:\/\/arxiv.org\/abs\/1512.03385  Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2015. Deep Residual Learning for Image Recognition. CoRR abs\/1512.03385 (2015). arXiv:1512.03385 http:\/\/arxiv.org\/abs\/1512.03385"},{"key":"e_1_3_2_1_20_1","volume-title":"Power-Grid Controller Anomaly Detection with Enhanced Temporal Deep Learning. In 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.","author":"He Zecheng","year":"2019"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00486"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_2_1_23_1","volume-title":"ACM\/ESDA\/IEEE Design Automation Conference.","author":"Hua Weizhe","year":"2018"},{"key":"e_1_3_2_1_24_1","volume-title":"Chiron: Privacy-preserving Machine Learning as a Service. arXiv preprint arXiv:1803.05961","author":"Hunt Tyler","year":"2018"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3093336.3037698"},{"key":"e_1_3_2_1_26_1","volume-title":"Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980","author":"Kingma Diederik P","year":"2014"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/AVSS.2018.8639121"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.41400"},{"key":"e_1_3_2_1_29_1","volume-title":"Generative Model: Membership Attack, Generalization and Diversity. arXiv preprint arXiv:1805.09898","author":"Liu Kin Sum","year":"2018"},{"key":"e_1_3_2_1_30_1","unstructured":"Yunhui Long Vincent Bindschaedler Lei Wang Diyue Bu Xiaofeng Wang Haixu Tang Carl A Gunter and Kai Chen. 2018. Understanding Membership Inferences on Well-Generalized Learning Models. arXiv preprint arXiv:1802.04889 (2018).  Yunhui Long Vincent Bindschaedler Lei Wang Diyue Bu Xiaofeng Wang Haixu Tang Carl A Gunter and Kai Chen. 2018. Understanding Membership Inferences on Well-Generalized Learning Models. arXiv preprint arXiv:1802.04889 (2018)."},{"key":"e_1_3_2_1_31_1","unstructured":"Minh-Thang Luong Hieu Pham and Christopher D. Manning. 2015. Effective Approaches to Attention-based Neural Machine Translation. CoRR abs\/1508.04025 (2015). arXiv:1508.04025 http:\/\/arxiv.org\/abs\/1508.04025  Minh-Thang Luong Hieu Pham and Christopher D. Manning. 2015. Effective Approaches to Attention-based Neural Machine Translation. CoRR abs\/1508.04025 (2015). arXiv:1508.04025 http:\/\/arxiv.org\/abs\/1508.04025"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_2_1_33_1","volume-title":"INternational Conference on Learning Representations.","author":"Oh Seong Joon","year":"2018"},{"key":"e_1_3_2_1_34_1","volume-title":"USENIX Security Symposium.","author":"Ohrimenko Olga","year":"2016"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Herbert Robbins and Sutton Monro. 1951. A stochastic approximation method. The annals of mathematical statistics (1951) 400--407.  Herbert Robbins and Sutton Monro. 1951. A stochastic approximation method. The annals of mathematical statistics (1951) 400--407.","DOI":"10.1214\/aoms\/1177729586"},{"key":"e_1_3_2_1_36_1","volume-title":"The Perceptron: A Probabilistic Model for Information Storage and Organization in the Brain. Psychological review 65, 6","author":"Rosenblatt Frank","year":"1958"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Leonid I Rudin Stanley Osher and Emad Fatemi. 1992. Nonlinear total variation based noise removal algorithms. Physica D: nonlinear phenomena 60 1-4 (1992) 259--268.  Leonid I Rudin Stanley Osher and Emad Fatemi. 1992. Nonlinear total variation based noise removal algorithms. Physica D: nonlinear phenomena 60 1-4 (1992) 259--268.","DOI":"10.1016\/0167-2789(92)90242-F"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"David E Rumelhart Geoffrey E Hinton and Ronald J Williams. 1986. Learning Representations by Back-propagating Errors. nature 323 6088 (1986) 533.  David E Rumelhart Geoffrey E Hinton and Ronald J Williams. 1986. Learning Representations by Back-propagating Errors. nature 323 6088 (1986) 533.","DOI":"10.1038\/323533a0"},{"key":"e_1_3_2_1_39_1","volume-title":"ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium.","author":"Salem Ahmed","year":"2018"},{"key":"e_1_3_2_1_40_1","volume-title":"ACM conference on computer and communications security.","author":"Shokri Reza","year":"2015"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134077"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017.226"},{"key":"e_1_3_2_1_44_1","volume-title":"USENIX Security Symposium.","author":"Tram\u00e8r Florian","year":"2016"},{"key":"e_1_3_2_1_45_1","unstructured":"Aleksei Triastcyn and Boi Faltings. 2018. Generating Artificial Data for Private Deep Learning. arXiv preprint arXiv:1803.03148 (2018).  Aleksei Triastcyn and Boi Faltings. 2018. Generating Artificial Data for Private Deep Learning. arXiv preprint arXiv:1803.03148 (2018)."},{"key":"e_1_3_2_1_46_1","volume-title":"Stealing Hyperparameters in Machine Learning. In IEEE Symposium on Security and Privacy.","author":"Wang Binghui","year":"2018"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Zhou Wang Alan C Bovik Hamid R Sheikh Eero P Simoncelli etal 2004. Image quality assessment: from error visibility to structural similarity. IEEE transactions on image processing 13 4 (2004) 600--612.  Zhou Wang Alan C Bovik Hamid R Sheikh Eero P Simoncelli et al. 2004. Image quality assessment: from error visibility to structural similarity. IEEE transactions on image processing 13 4 (2004) 600--612.","DOI":"10.1109\/TIP.2003.819861"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274696"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMSCS.2018.2821154"},{"key":"e_1_3_2_1_51_1","unstructured":"Tianwei Zhang Zecheng He and Ruby B Lee. 2018. Privacy-preserving machine learning through data obfuscation. arXiv preprint arXiv:1807.01860 (2018).  Tianwei Zhang Zecheng He and Ruby B Lee. 2018. Privacy-preserving machine learning through data obfuscation. arXiv preprint arXiv:1807.01860 (2018)."},{"key":"e_1_3_2_1_52_1","volume-title":"echnical Report). arXiv preprint arXiv:1801.01594","author":"Zhang Xinyang","year":"2018"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359824","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359824","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:04Z","timestamp":1750203904000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359824"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":52,"alternative-id":["10.1145\/3359789.3359824","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359824","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}