{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T21:50:48Z","timestamp":1774475448700,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,8,14]],"date-time":"2021-08-14T00:00:00Z","timestamp":1628899200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,8,14]]},"DOI":"10.1145\/3447548.3467444","type":"proceedings-article","created":{"date-parts":[[2021,8,13]],"date-time":"2021-08-13T18:21:39Z","timestamp":1628878899000},"page":"2026-2036","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Defending Privacy Against More Knowledgeable Membership Inference Attackers"],"prefix":"10.1145","author":[{"given":"Yu","family":"Yin","sequence":"first","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ke","family":"Chen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lidan","family":"Shou","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gang","family":"Chen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hang Zhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,8,14]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"crossref","unstructured":"Shai Ben-David John Blitzer Koby Crammer and Fernando Pereira. 2006. Analysis of representations for domain adaptation. In NIPS. 137--144. Shai Ben-David John Blitzer Koby Crammer and Fernando Pereira. 2006. Analysis of representations for domain adaptation. In NIPS. 137--144.","DOI":"10.7551\/mitpress\/7503.003.0022"},{"key":"e_1_3_2_2_2_1","unstructured":"Vitaly Shmatikov Congzheng Song. 2019. Auditing data provenance in text-generation models. In KDD. 196--206. Vitaly Shmatikov Congzheng Song. 2019. Auditing data provenance in text-generation models. In KDD. 196--206."},{"key":"e_1_3_2_2_3_1","unstructured":"Blitzer et al. 2007. Learning bounds for domain adaptation. In NIPS. 129--136. Blitzer et al. 2007. Learning bounds for domain adaptation. In NIPS. 129--136."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2021036"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"crossref","unstructured":"Dwork et al. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. 265--284. Dwork et al. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. 265--284.","DOI":"10.1007\/11681878_14"},{"key":"e_1_3_2_2_6_1","volume-title":"2020 a. Privacy in Deep Learning: A Survey. CoRR","author":"Fatemehsadat Mireshghallah","year":"2020","unstructured":"Fatemehsadat Mireshghallah et al. 2020 a. Privacy in Deep Learning: A Survey. CoRR ( 2020 ). Fatemehsadat Mireshghallah et al. 2020 a. Privacy in Deep Learning: A Survey. CoRR (2020)."},{"key":"e_1_3_2_2_7_1","volume-title":"6th ICLR 2018 .","author":"Hongyi","unstructured":"Hongyi Zhang et al. 2018a. mixup: Beyond Empirical Risk Minimization . In 6th ICLR 2018 . Hongyi Zhang et al. 2018a. mixup: Beyond Empirical Risk Minimization. In 6th ICLR 2018 ."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"crossref","unstructured":"Jia et al. 2019 a. Memguard: Defending against black-box membership inference attacks via adversarial examples. In the 2019 ACM SIGSACy. 259--274. Jia et al. 2019 a. Memguard: Defending against black-box membership inference attacks via adversarial examples. In the 2019 ACM SIGSACy. 259--274.","DOI":"10.1145\/3319535.3363201"},{"key":"e_1_3_2_2_9_1","unstructured":"J. Kirkpatrick et al. 2016. Overcoming catastrophic forgetting in neural networks. CoRR (2016). J. Kirkpatrick et al. 2016. Overcoming catastrophic forgetting in neural networks. CoRR (2016)."},{"key":"e_1_3_2_2_10_1","unstructured":"Krizhevsky et al. 2009. Learning multiple layers of features from tiny images. (2009). Krizhevsky et al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.3233\/SW-140134"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_2_2_13_1","unstructured":"Milad Nasr et al. 2018b. Comprehensive Privacy Analysis of Deep Learning: Stand-alone and Federated Learning under Passive and Active White-box Inference Attacks. CoRR Vol. abs\/1812.00910 (2018). Milad Nasr et al. 2018b. Comprehensive Privacy Analysis of Deep Learning: Stand-alone and Federated Learning under Passive and Active White-box Inference Attacks. CoRR Vol. abs\/1812.00910 (2018)."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"crossref","unstructured":"Nasr et al. 2018c. Machine learning with membership privacy using adversarial regularization. In CCS. 634--646. Nasr et al. 2018c. Machine learning with membership privacy using adversarial regularization. In CCS. 634--646.","DOI":"10.1145\/3243734.3243855"},{"key":"e_1_3_2_2_15_1","unstructured":"Rahman et al. 2018 d. Membership Inference Attack against Differentially Private Deep Learning Model. Trans. Data Priv. (2018) 61--79. Rahman et al. 2018 d. Membership Inference Attack against Differentially Private Deep Learning Model. Trans. Data Priv. (2018) 61--79."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"crossref","unstructured":"Song et al. 2017a. Machine learning models that remember too much. In CCS. 587--601. Song et al. 2017a. Machine learning models that remember too much. In CCS. 587--601.","DOI":"10.1145\/3133956.3134077"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_18_1","volume-title":"ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed Systems Security Symposium","author":"Salem","year":"2019","unstructured":"Salem et al. 2019 c . ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed Systems Security Symposium 2019. Internet Society. Salem et al. 2019 c. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed Systems Security Symposium 2019. Internet Society."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPS-ISA48467.2019.00019"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"crossref","unstructured":"Yeom et al. 2018 e. Privacy risk in machine learning: Analyzing the connection to overfitting. In CSF. 268--282. Yeom et al. 2018 e. Privacy risk in machine learning: Analyzing the connection to overfitting. In CSF. 268--282.","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_2_21_1","volume-title":"2020 b. Defending model inversion and membership inference attacks via prediction purification. arXiv preprint arXiv:2005.03915","author":"Yang","year":"2020","unstructured":"Yang et al. 2020 b. Defending model inversion and membership inference attacks via prediction purification. arXiv preprint arXiv:2005.03915 ( 2020 ). Yang et al. 2020 b. Defending model inversion and membership inference attacks via prediction purification. arXiv preprint arXiv:2005.03915 (2020)."},{"key":"e_1_3_2_2_22_1","unstructured":"Zhang et al. 2017c. Understanding deep learning requires rethinking generalization. In ICLR . Zhang et al. 2017c. Understanding deep learning requires rethinking generalization. In ICLR ."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"crossref","unstructured":"Zhao et al. 2020 c. Not one but many Tradeoffs: Privacy Vs. Utility in Differentially Private Machine Learning. In CCS. 15--26. Zhao et al. 2020 c. Not one but many Tradeoffs: Privacy Vs. Utility in Differentially Private Machine Learning. In CCS. 15--26.","DOI":"10.1145\/3411495.3421352"},{"key":"e_1_3_2_2_24_1","volume-title":"Annales scientifiques de l'\u00c9cole Normale Sup\u00e9rieure","author":"Fortet Robert","unstructured":"Robert Fortet and Edith Mourier . 1953. Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique . In Annales scientifiques de l'\u00c9cole Normale Sup\u00e9rieure , Vol. 70 . 267--285. Robert Fortet and Edith Mourier. 1953. Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique. In Annales scientifiques de l'\u00c9cole Normale Sup\u00e9rieure, Vol. 70. 267--285."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"crossref","unstructured":"Matt Fredrikson Somesh Jha and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In CCS. 1322--1333. Matt Fredrikson Somesh Jha and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In CCS. 1322--1333.","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"Arik Friedman and Assaf Schuster. 2010. Data mining with differential privacy. In KDD. 493--502. Arik Friedman and Assaf Schuster. 2010. Data mining with differential privacy. In KDD. 493--502.","DOI":"10.1145\/1835804.1835868"},{"key":"e_1_3_2_2_27_1","volume-title":"Johnson","author":"Garey M. R.","year":"1979","unstructured":"M. R. Garey and David S . Johnson . 1979 . Computers and Intractability: A Guide to the Theory of NP-Completeness .W. H. Freeman . M. R. Garey and David S. Johnson. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness .W. H. Freeman."},{"key":"e_1_3_2_2_28_1","volume-title":"Knapsack problems","author":"Kellerer Hans","unstructured":"Hans Kellerer , Ulrich Pferschy , and David Pisinger . 2004. Multidimensional knapsack problems . In Knapsack problems . Springer , 235--283. Hans Kellerer, Ulrich Pferschy, and David Pisinger. 2004. Multidimensional knapsack problems. In Knapsack problems. Springer, 235--283."},{"key":"e_1_3_2_2_29_1","unstructured":"Jiacheng Li Ninghui Li and Bruno Ribeiro. 2021. Membership Inference Attacks and Defenses in Classification Models. 5--16 pages. Jiacheng Li Ninghui Li and Bruno Ribeiro. 2021. Membership Inference Attacks and Defenses in Classification Models. 5--16 pages."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"crossref","unstructured":"Julian McAuley and Jure Leskovec. 2013. From amateurs to connoisseurs: modeling the evolution of user expertise through online reviews. In WWW. 897--908. Julian McAuley and Jure Leskovec. 2013. From amateurs to connoisseurs: modeling the evolution of user expertise through online reviews. In WWW. 897--908.","DOI":"10.1145\/2488388.2488466"},{"key":"e_1_3_2_2_31_1","unstructured":"Frank Nielsen. 2010. A family of statistical symmetric divergences based on Jensen's inequality. (2010). arxiv: 1009.4004 Frank Nielsen. 2010. A family of statistical symmetric divergences based on Jensen's inequality. (2010). arxiv: 1009.4004"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"crossref","unstructured":"Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In CCS. 1310--1321. Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In CCS. 1310--1321.","DOI":"10.1109\/ALLERTON.2015.7447103"},{"key":"e_1_3_2_2_33_1","volume-title":"Pyvacy: Towards practical differential privacy for deep learning.","author":"Waites Christopher","year":"2019","unstructured":"Christopher Waites . 2019 . Pyvacy: Towards practical differential privacy for deep learning. (2019). Christopher Waites. 2019. Pyvacy: Towards practical differential privacy for deep learning. (2019)."},{"key":"e_1_3_2_2_34_1","volume-title":"Kun Zhang, and Geoffrey Gordon.","author":"Zhao Han","year":"2019","unstructured":"Han Zhao , Remi Tachet Des Combes , Kun Zhang, and Geoffrey Gordon. 2019 . On learning invariant representations for domain adaptation. (2019), 7523--7532. Han Zhao, Remi Tachet Des Combes, Kun Zhang, and Geoffrey Gordon. 2019. On learning invariant representations for domain adaptation. (2019), 7523--7532."}],"event":{"name":"KDD '21: The 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining","location":"Virtual Event Singapore","acronym":"KDD '21","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGKDD ACM Special Interest Group on Knowledge Discovery in Data"]},"container-title":["Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3447548.3467444","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3447548.3467444","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:37Z","timestamp":1750191517000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3447548.3467444"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,14]]},"references-count":34,"alternative-id":["10.1145\/3447548.3467444","10.1145\/3447548"],"URL":"https:\/\/doi.org\/10.1145\/3447548.3467444","relation":{},"subject":[],"published":{"date-parts":[[2021,8,14]]},"assertion":[{"value":"2021-08-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}