{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,11]],"date-time":"2026-05-11T22:45:10Z","timestamp":1778539510594,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,4,26]],"date-time":"2021-04-26T00:00:00Z","timestamp":1619395200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"United States National Science Foundation","award":["1931443"],"award-info":[{"award-number":["1931443"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,4,26]]},"DOI":"10.1145\/3422337.3447836","type":"proceedings-article","created":{"date-parts":[[2021,4,10]],"date-time":"2021-04-10T07:57:52Z","timestamp":1618041472000},"page":"5-16","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":58,"title":["Membership Inference Attacks and Defenses in Classification Models"],"prefix":"10.1145","author":[{"given":"Jiacheng","family":"Li","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Bruno","family":"Ribeiro","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,4,26]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978355"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btl242"},{"key":"e_1_3_2_2_4_1","volume-title":"The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets. ArXiv e-prints","author":"Carlini Nicholas","year":"2018","unstructured":"Nicholas Carlini , Chang Liu , Jernej Kos , Ulfar Erlingsson , and Dawn Song . 2018. The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets. ArXiv e-prints , Vol. 1802 .08232 ( 2018 ). https:\/\/arxiv.org\/abs\/1802.08232 Nicholas Carlini, Chang Liu, Jernej Kos, Ulfar Erlingsson, and Dawn Song. 2018. The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets. ArXiv e-prints, Vol. 1802.08232 (2018). https:\/\/arxiv.org\/abs\/1802.08232"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"crossref","unstructured":"Cynthia Dwork. 2006. Differential privacy. In ICALP. 1--12.  Cynthia Dwork. 2006. Differential privacy. In ICALP. 1--12.","DOI":"10.1007\/11787006_1"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1791834.1791836"},{"key":"e_1_3_2_2_7_1","volume-title":"Theory of cryptography conference","author":"Dwork Cynthia","unstructured":"Cynthia Dwork , Frank McSherry , Kobbi Nissim , and Adam Smith . 2006. Calibrating noise to sensitivity in private data analysis . In Theory of cryptography conference . Springer , 265--284. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. Springer, 265--284."},{"key":"e_1_3_2_2_8_1","volume-title":"Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique. Annales scientifiques de l'\u00c9cole Normale Sup\u00e9rieure","author":"Fortet Robert","year":"1953","unstructured":"Robert Fortet and Edith Mourier . 1953. Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique. Annales scientifiques de l'\u00c9cole Normale Sup\u00e9rieure , Vol. 70 , 3 ( 1953 ), 267--285. Robert Fortet and Edith Mourier. 1953. Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique. Annales scientifiques de l'\u00c9cole Normale Sup\u00e9rieure, Vol. 70, 3 (1953), 267--285."},{"key":"e_1_3_2_2_9_1","unstructured":"Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672--2680.  Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672--2680."},{"key":"e_1_3_2_2_10_1","first-page":"723","article-title":"A kernel two-sample test","volume":"13","author":"Gretton Arthur","year":"2012","unstructured":"Arthur Gretton , Karsten M Borgwardt , Malte J Rasch , Bernhard Sch\u00f6lkopf , and Alexander Smola . 2012 . A kernel two-sample test . Journal of Machine Learning Research , Vol. 13 , Mar (2012), 723 -- 773 . Arthur Gretton, Karsten M Borgwardt, Malte J Rasch, Bernhard Sch\u00f6lkopf, and Alexander Smola. 2012. A kernel two-sample test. Journal of Machine Learning Research, Vol. 13, Mar (2012), 723--773.","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0008"},{"key":"e_1_3_2_2_12_1","volume-title":"Deep Residual Learning for Image Recognition. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR).","author":"He Kaiming","year":"2016","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun . 2016 . Deep Residual Learning for Image Recognition. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR)."},{"key":"e_1_3_2_2_13_1","volume-title":"Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton , Oriol Vinyals , and Jeff Dean . 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 ( 2015 ). Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)."},{"key":"e_1_3_2_2_14_1","volume-title":"Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics","author":"Homer Nils","year":"2008","unstructured":"Nils Homer , Szabolcs Szelinger , Margot Redman , David Duggan , Waibhav Tembe , Jill Muehling , John V Pearson , Dietrich A Stephan , Stanley F Nelson , and David W Craig . 2008. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics , Vol. 4 , 8 ( 2008 ), e1000167. Nils Homer, Szabolcs Szelinger, Margot Redman, David Duggan, Waibhav Tembe, Jill Muehling, John V Pearson, Dietrich A Stephan, Stanley F Nelson, and David W Craig. 2008. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics, Vol. 4, 8 (2008), e1000167."},{"key":"e_1_3_2_2_15_1","volume-title":"Densely Connected Convolutional Networks. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR).","author":"Huang Gao","unstructured":"Gao Huang , Zhuang Liu , Laurens van der Maaten, and Kilian Q. Weinberger. 2017 . Densely Connected Convolutional Networks. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Gao Huang, Zhuang Liu, Laurens van der Maaten, and Kilian Q. Weinberger. 2017. Densely Connected Convolutional Networks. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR)."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363201"},{"key":"e_1_3_2_2_17_1","volume-title":"On the Effectiveness of Regularization Against Membership Inference Attacks. arXiv preprint arXiv:2006.05336","author":"Kaya Yigitcan","year":"2020","unstructured":"Yigitcan Kaya , Sanghyun Hong , and Tudor Dumitras . 2020. On the Effectiveness of Regularization Against Membership Inference Attacks. arXiv preprint arXiv:2006.05336 ( 2020 ). Yigitcan Kaya, Sanghyun Hong, and Tudor Dumitras. 2020. On the Effectiveness of Regularization Against Membership Inference Attacks. arXiv preprint arXiv:2006.05336 (2020)."},{"key":"e_1_3_2_2_18_1","unstructured":"Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Advances in neural information processing systems. 1097--1105.  Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Advances in neural information processing systems. 1097--1105."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516686"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/3305890.3305909"},{"key":"e_1_3_2_2_21_1","volume-title":"Towards measuring membership privacy. arXiv preprint arXiv:1712.09136","author":"Long Yunhui","year":"2017","unstructured":"Yunhui Long , Vincent Bindschaedler , and Carl A Gunter . 2017a. Towards measuring membership privacy. arXiv preprint arXiv:1712.09136 ( 2017 ). Yunhui Long, Vincent Bindschaedler, and Carl A Gunter. 2017a. Towards measuring membership privacy. arXiv preprint arXiv:1712.09136 (2017)."},{"key":"e_1_3_2_2_22_1","volume-title":"Understanding membership inferences on well-generalized learning models. arXiv preprint arXiv:1802.04889","author":"Long Yunhui","year":"2018","unstructured":"Yunhui Long , Vincent Bindschaedler , Lei Wang , Diyue Bu , Xiaofeng Wang , Haixu Tang , Carl A Gunter , and Kai Chen . 2018. Understanding membership inferences on well-generalized learning models. arXiv preprint arXiv:1802.04889 ( 2018 ). Yunhui Long, Vincent Bindschaedler, Lei Wang, Diyue Bu, Xiaofeng Wang, Haixu Tang, Carl A Gunter, and Kai Chen. 2018. Understanding membership inferences on well-generalized learning models. arXiv preprint arXiv:1802.04889 (2018)."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_2_25_1","unstructured":"Adam Paszke Sam Gross Soumith Chintala Gregory Chanan Edward Yang Zachary DeVito Zeming Lin Alban Desmaison Luca Antiga and Adam Lerer. 2017. Automatic differentiation in PyTorch. In NIPS-W.  Adam Paszke Sam Gross Soumith Chintala Gregory Chanan Edward Yang Zachary DeVito Zeming Lin Alban Desmaison Luca Antiga and Adam Lerer. 2017. Automatic differentiation in PyTorch. In NIPS-W."},{"key":"e_1_3_2_2_26_1","volume-title":"ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In 25th Annual Network and Distributed System Security Symposium (NDSS).","author":"Salem Ahmed","year":"2019","unstructured":"Ahmed Salem , Yang Zhang , Mathias Humbert , Mario Fritz , and Michael Backes . 2019 . ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In 25th Annual Network and Distributed System Security Symposium (NDSS). Ahmed Salem, Yang Zhang, Mathias Humbert, Mario Fritz, and Michael Backes. 2019. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In 25th Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_27_1","volume-title":"Reconciling Utility and Membership Privacy via Knowledge Distillation. arXiv preprint arXiv:1906.06589","author":"Shejwalkar Virat","year":"2019","unstructured":"Virat Shejwalkar and Amir Houmansadr . 2019. Reconciling Utility and Membership Privacy via Knowledge Distillation. arXiv preprint arXiv:1906.06589 ( 2019 ). Virat Shejwalkar and Amir Houmansadr. 2019. Reconciling Utility and Membership Privacy via Knowledge Distillation. arXiv preprint arXiv:1906.06589 (2019)."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_29_1","volume-title":"Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations.","author":"Simonyan K.","unstructured":"K. Simonyan and A. Zisserman . 2015 . Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations. K. Simonyan and A. Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_30_1","volume-title":"Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research","author":"Srivastava Nitish","year":"2014","unstructured":"Nitish Srivastava , Geoffrey Hinton , Alex Krizhevsky , Ilya Sutskever , and Ruslan Salakhutdinov . 2014. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research , Vol. 15 , 1 ( 2014 ), 1929--1958. Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research, Vol. 15, 1 (2014), 1929--1958."},{"key":"e_1_3_2_2_31_1","unstructured":"S. Truex L. Liu M. E. Gursoy L. Yu and W. Wei. 2019. Demystifying Membership Inference Attacks in Machine Learning as a Service. IEEE Transactions on Services Computing (2019) 1--1.  S. Truex L. Liu M. E. Gursoy L. Yu and W. Wei. 2019. Demystifying Membership Inference Attacks in Machine Learning as a Service. IEEE Transactions on Services Computing (2019) 1--1."},{"key":"e_1_3_2_2_32_1","unstructured":"Jindong Wang et almbox. [n.d.]. Everything about Transfer Learning and Domain Adapation. http:\/\/transferlearning.xyz.  Jindong Wang et almbox. [n.d.]. Everything about Transfer Learning and Domain Adapation. http:\/\/transferlearning.xyz."},{"key":"e_1_3_2_2_33_1","volume-title":"XiaoFeng Wang, Haixu Tang, and Xiaoyong Zhou.","author":"Wang Rui","year":"2009","unstructured":"Rui Wang , Yong Fuga Li , XiaoFeng Wang, Haixu Tang, and Xiaoyong Zhou. 2009 . Learning your identity and disease from research papers: information leaks in genome wide association study. In CCS. 534--544. Rui Wang, Yong Fuga Li, XiaoFeng Wang, Haixu Tang, and Xiaoyong Zhou. 2009. Learning your identity and disease from research papers: information leaks in genome wide association study. In CCS. 534--544."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_2_35_1","volume-title":"International Conference on Learning Representations","author":"Zhang Hongyi","year":"2018","unstructured":"Hongyi Zhang , Moustapha Cisse , Yann N. Dauphin , and David Lopez-Paz . 2018 . mixup: Beyond Empirical Risk Minimization . International Conference on Learning Representations (2018). Hongyi Zhang, Moustapha Cisse, Yann N. Dauphin, and David Lopez-Paz. 2018. mixup: Beyond Empirical Risk Minimization. International Conference on Learning Representations (2018)."}],"event":{"name":"CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy","location":"Virtual Event USA","acronym":"CODASPY '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422337.3447836","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3422337.3447836","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:03:21Z","timestamp":1750197801000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422337.3447836"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,26]]},"references-count":35,"alternative-id":["10.1145\/3422337.3447836","10.1145\/3422337"],"URL":"https:\/\/doi.org\/10.1145\/3422337.3447836","relation":{},"subject":[],"published":{"date-parts":[[2021,4,26]]},"assertion":[{"value":"2021-04-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}