{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T20:34:53Z","timestamp":1773434093900,"version":"3.50.1"},"reference-count":129,"publisher":"Association for Computing Machinery (ACM)","issue":"7","license":[{"start":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T00:00:00Z","timestamp":1626566400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2022,9,30]]},"abstract":"<jats:p>Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions, novel stealing attacks utilize machine learning (ML) algorithms to achieve high success rate and cause a lot of damage. Detecting and defending against such attacks is challenging and urgent so governments, organizations, and individuals should attach great importance to the ML-based stealing attacks. This survey presents the recent advances in this new type of attack and corresponding countermeasures. The ML-based stealing attack is reviewed in perspectives of three categories of targeted controlled information, including controlled user activities, controlled ML model-related information, and controlled authentication information. Recent publications are summarized to generalize an overarching attack methodology and to derive the limitations and future directions of ML-based stealing attacks. Furthermore, countermeasures are proposed towards developing effective protections from three aspects\u2014detection, disruption, and isolation.<\/jats:p>","DOI":"10.1145\/3465171","type":"journal-article","created":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T16:07:33Z","timestamp":1626624453000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":94,"title":["Machine Learning\u2013based Cyber Attacks Targeting on Controlled Information"],"prefix":"10.1145","volume":"54","author":[{"given":"Yuantian","family":"Miao","sequence":"first","affiliation":[{"name":"School of Software and Electrical Engineering, Swinburne University of Technology"}]},{"given":"Chao","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Science &amp; Engineering, James Cook University"}]},{"given":"Lei","family":"Pan","sequence":"additional","affiliation":[{"name":"School of Information Technology, Deakin University"}]},{"given":"Qing-Long","family":"Han","sequence":"additional","affiliation":[{"name":"School of Software and ElectricalEngineering, Swinburne University of Technology"}]},{"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Software and ElectricalEngineering, Swinburne University of Technology"}]},{"given":"Yang","family":"Xiang","sequence":"additional","affiliation":[{"name":"School of Software and ElectricalEngineering, Swinburne University of Technology"}]}],"member":"320","published-online":{"date-parts":[[2021,7,18]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSUSC.2018.2838520"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.01.008"},{"key":"e_1_2_2_4_1","volume-title":"Jan.","author":"Alpar Orcan","year":"2017","unstructured":"Orcan Alpar . 2017. Frequency spectrograms for biometric keystroke authentication using neural network based classifier. Knowl.-based Syst. 116 , Jan. ( 2017 ), 163\u2013171. Orcan Alpar. 2017. Frequency spectrograms for biometric keystroke authentication using neural network based classifier. Knowl.-based Syst. 116, Jan. (2017), 163\u2013171."},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2015.071829"},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.25"},{"key":"e_1_2_2_7_1","volume-title":"Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT\u201917)","author":"Barona R.","unstructured":"R. Barona and E. A. Mary Anita . 2017. A survey on data breach challenges in cloud computing security: Issues and threats . In Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT\u201917) . IEEE, 1\u20138. R. Barona and E. A. Mary Anita. 2017. A survey on data breach challenges in cloud computing security: Issues and threats. In Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT\u201917). IEEE, 1\u20138."},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180436"},{"key":"e_1_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"e_1_2_2_10_1","unstructured":"BigML. 2019. Machine learning made beautifully simple for everyone. Retrieved from https:\/\/bigml.com\/.  BigML. 2019. Machine learning made beautifully simple for everyone. Retrieved from https:\/\/bigml.com\/."},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_2_2_12_1","unstructured":"Thomas Brewster. 2015. 13 million passwords appear to have leaked from this free web host. Retrieved from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2015\/10\/28\/000webhost-database-leak\/#5b2a9ad06098.  Thomas Brewster. 2015. 13 million passwords appear to have leaked from this free web host. Retrieved from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2015\/10\/28\/000webhost-database-leak\/#5b2a9ad06098."},{"key":"e_1_2_2_13_1","volume-title":"Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec\u201911)","author":"Cai Liang","year":"2011","unstructured":"Liang Cai and Hao Chen . 2011 . TouchLogger: Inferring keystrokes on touch screen from smartphone motion . In Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec\u201911) . USENIX Association, 9\u201315. Liang Cai and Hao Chen. 2011. TouchLogger: Inferring keystrokes on touch screen from smartphone motion. In Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec\u201911). USENIX Association, 9\u201315."},{"key":"e_1_2_2_14_1","volume-title":"Proceedings of the 10th Symposium on Information Assurance (Asia\u201915)","author":"Califano Anthony","year":"2015","unstructured":"Anthony Califano , Ersin Dincelli , and Sanjay Goel . 2015 . Using features of cloud computing to defend smart grid against DDoS attacks . In Proceedings of the 10th Symposium on Information Assurance (Asia\u201915) . NYS, 44\u201350. Anthony Califano, Ersin Dincelli, and Sanjay Goel. 2015. Using features of cloud computing to defend smart grid against DDoS attacks. In Proceedings of the 10th Symposium on Information Assurance (Asia\u201915). NYS, 44\u201350."},{"key":"e_1_2_2_15_1","volume-title":"Global Data Leakage Report","author":"InfoWatch Analytics Center","year":"2017","unstructured":"InfoWatch Analytics Center . 2018. Global Data Leakage Report , 2017 . Retrieved from https:\/\/infowatch.com\/report2017#. InfoWatch Analytics Center. 2018. Global Data Leakage Report, 2017. Retrieved from https:\/\/infowatch.com\/report2017#."},{"key":"e_1_2_2_16_1","first-page":"52","article-title":"Privacy concerns amidst OBA and the need for alternative models","author":"Chanchary Farah","year":"2018","unstructured":"Farah Chanchary , Yomna Abdelaziz , and Sonia Chiasson . 2018 . Privacy concerns amidst OBA and the need for alternative models . IEEE Internet Comput. 22 , Apr. (2018), 52 \u2013 61 . Farah Chanchary, Yomna Abdelaziz, and Sonia Chiasson. 2018. Privacy concerns amidst OBA and the need for alternative models. IEEE Internet Comput. 22, Apr. (2018), 52\u201361.","journal-title":"IEEE Internet Comput. 22"},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2621888"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2510822"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1002\/widm.1211"},{"key":"e_1_2_2_20_1","unstructured":"Maximilian Christ Andreas W. Kempa-Liehr and Michael Feindt. 2016. Distributed and parallel time series feature extraction for industrial big data applications. arxiv:cs.LG\/1610.07717.  Maximilian Christ Andreas W. Kempa-Liehr and Michael Feindt. 2016. Distributed and parallel time series feature extraction for industrial big data applications. arxiv:cs.LG\/1610.07717."},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2019.2940940"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23357"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.2211477"},{"key":"e_1_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.32"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2718178"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1108\/02635570610666403"},{"key":"e_1_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1973.9030"},{"key":"e_1_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_2_2_30_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914)","author":"Fredrikson Matthew","year":"2014","unstructured":"Matthew Fredrikson , Eric Lantz , Somesh Jha , Simon Lin , David Page , and Thomas Ristenpart . 2014 . Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing . In Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914) . USENIX Association, 17\u201332. Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. 2014. Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security\u201914). USENIX Association, 17\u201332."},{"key":"e_1_2_2_31_1","unstructured":"Ponemon from IBM. 2018. 2018 Cost of a Data Breach Study: Global Overview. Retrieved from https:\/\/www.ibm.com\/security\/data-breach.  Ponemon from IBM. 2018. 2018 Cost of a Data Breach Study: Global Overview. Retrieved from https:\/\/www.ibm.com\/security\/data-breach."},{"key":"e_1_2_2_32_1","volume-title":"Cybercrime will cost business over $2 trillion by","author":"Juniper Research Sam Smith","year":"2019","unstructured":"Sam Smith from Juniper Research . 2015. Cybercrime will cost business over $2 trillion by 2019 . Retrieved from https:\/\/www.juniperresearch.com\/press\/press-releases\/cybercrime-cost-busi nesses-over-2trillion. Sam Smith from Juniper Research. 2015. Cybercrime will cost business over $2 trillion by 2019. Retrieved from https:\/\/www.juniperresearch.com\/press\/press-releases\/cybercrime-cost-busi nesses-over-2trillion."},{"key":"e_1_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"e_1_2_2_34_1","volume-title":"Proceedings of the 3rd International Conference on Learning Representations (ICLR\u201915)","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and harnessing adversarial examples . In Proceedings of the 3rd International Conference on Learning Representations (ICLR\u201915) . OpenReview.net, 1\u201311. Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In Proceedings of the 3rd International Conference on Learning Representations (ICLR\u201915). OpenReview.net, 1\u201311."},{"key":"e_1_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.imavis.2016.06.003"},{"key":"e_1_2_2_36_1","unstructured":"Google. 2019. Predictive analytics \u2014 Cloud machine learning engine. Retrieved from https:\/\/cloud.google.com\/ml-engine\/.  Google. 2019. Predictive analytics \u2014 Cloud machine learning engine. Retrieved from https:\/\/cloud.google.com\/ml-engine\/."},{"key":"e_1_2_2_37_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918)","author":"Gras Ben","year":"2018","unstructured":"Ben Gras , Kaveh Razavi , Herbert Bos , and Cristiano Giuffrida . 2018 . Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks . In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918) . USENIX Association, 955\u2013972. Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918). USENIX Association, 955\u2013972."},{"key":"e_1_2_2_38_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917)","author":"Gruss Daniel","year":"2017","unstructured":"Daniel Gruss , Julian Lettner , Felix Schuster , Olya Ohrimenko , Istvan Haller , and Manuel Costa . 2017 . Strong and efficient cache side-channel protection using hardware transactional memory . In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917) . USENIX Association, 217\u2013233. Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917). USENIX Association, 217\u2013233."},{"key":"e_1_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3177230"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2016.2544805"},{"key":"e_1_2_2_41_1","unstructured":"Texas Health and Human Service. 2018. Hospital discharge data public use data file. Retrieved from https:\/\/www.dshs.texas.gov\/THCIC\/Hospitals\/Download.shtm.  Texas Health and Human Service. 2018. Hospital discharge data public use data file. Retrieved from https:\/\/www.dshs.texas.gov\/THCIC\/Hospitals\/Download.shtm."},{"key":"e_1_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_2_2_43_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS\u201916)","author":"Hojjati Avesta","unstructured":"Avesta Hojjati , Anku Adhikari , Katarina Struckmann , Edward Chou , Thi Ngoc Tho Nguyen , Kushagra Madan , Marianne S. Winslett , Carl A. Gunter , and William P. King . 2016. Leave your phone at the door: Side channels that reveal factory floor secrets . In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS\u201916) . ACM, 883\u2013894. Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, Marianne S. Winslett, Carl A. Gunter, and William P. King. 2016. Leave your phone at the door: Side channels that reveal factory floor secrets. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS\u201916). ACM, 883\u2013894."},{"key":"e_1_2_2_44_1","volume-title":"Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43\u201358","author":"Huang Ling","unstructured":"Ling Huang , Anthony D. Joseph , Blaine Nelson , Benjamin I. P. Rubinstein , and J. D. Tygar . 2011. Adversarial machine learning . In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43\u201358 . Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43\u201358."},{"key":"e_1_2_2_45_1","unstructured":"Kaggle Inc. 2014. Acquire valued shoppers challenge. Retrieved from https:\/\/www.kaggle.com\/c\/acquire-valued-shoppers-challenge\/data.  Kaggle Inc. 2014. Acquire valued shoppers challenge. Retrieved from https:\/\/www.kaggle.com\/c\/acquire-valued-shoppers-challenge\/data."},{"key":"e_1_2_2_46_1","unstructured":"Kaggle Inc. 2017. 20 Newsgroups. Retrieved from https:\/\/www.kaggle.com\/crawford\/20-newsgroups.  Kaggle Inc. 2017. 20 Newsgroups. Retrieved from https:\/\/www.kaggle.com\/crawford\/20-newsgroups."},{"key":"e_1_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2673239"},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2017.31"},{"key":"e_1_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"e_1_2_2_50_1","volume-title":"A Cognitive and Concurrent Cyber Kill Chain Model","author":"Khan Muhammad Salman","unstructured":"Muhammad Salman Khan , Sana Siddiqui , and Ken Ferens . 2018. A Cognitive and Concurrent Cyber Kill Chain Model . Springer , Cham . Muhammad Salman Khan, Sana Siddiqui, and Ken Ferens. 2018. A Cognitive and Concurrent Cyber Kill Chain Model. Springer, Cham."},{"key":"e_1_2_2_51_1","volume-title":"Glossary of Key Information Security Terms","author":"Kissel Richard","unstructured":"Richard Kissel . 2013. Glossary of Key Information Security Terms . National Institute of Standards and Technology (NIST) \u2014 Computer Security Resource Center , Gaithersburg, MD. Richard Kissel. 2013. Glossary of Key Information Security Terms. National Institute of Standards and Technology (NIST) \u2014 Computer Security Resource Center, Gaithersburg, MD."},{"key":"e_1_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jocs.2017.10.020"},{"key":"e_1_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-39555-5_17"},{"key":"e_1_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230820.3230829"},{"key":"e_1_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2010.5560598"},{"key":"e_1_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2030112.2030160"},{"key":"e_1_2_2_59_1","volume-title":"Haoxiang Li, and Gang Hua.","author":"Learned-Miller Erik","year":"2016","unstructured":"Erik Learned-Miller , Gary B. Huang , Aruni Roy Chowdhury , Haoxiang Li, and Gang Hua. 2016 . Labeled faces in the wild: A survey. In Advances in Face Detection and Facial Image Analysis. Springer , New York, NY, 189\u2013248. Erik Learned-Miller, Gary B. Huang, Aruni Roy Chowdhury, Haoxiang Li, and Gang Hua. 2016. Labeled faces in the wild: A survey. In Advances in Face Detection and Facial Image Analysis. Springer, New York, NY, 189\u2013248."},{"key":"e_1_2_2_60_1","volume-title":"Burges","author":"LeCun Yann","year":"2011","unstructured":"Yann LeCun , Corinna Cortes , and Christopher J. C . Burges . 2011 . The MNIST database of handwritten digits. Retrieved from http:\/\/yann.lecun.com\/exdb\/mnist\/. Yann LeCun, Corinna Cortes, and Christopher J. C. Burges. 2011. The MNIST database of handwritten digits. Retrieved from http:\/\/yann.lecun.com\/exdb\/mnist\/."},{"key":"e_1_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.60"},{"key":"e_1_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516686"},{"key":"e_1_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524583"},{"key":"e_1_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2821768"},{"key":"e_1_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02279-1_33"},{"key":"e_1_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3436755"},{"key":"e_1_2_2_67_1","volume-title":"Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA\u201916)","author":"Liu Fangfei","unstructured":"Fangfei Liu , Qian Ge , Yuval Yarom , Frank Mckeen , Carlos Rozas , Gernot Heiser , and Ruby B. Lee . 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing . In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA\u201916) . IEEE, 406\u2013418. Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA\u201916). IEEE, 406\u2013418."},{"key":"e_1_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2800740"},{"key":"e_1_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/TFUZZ.2017.2754998"},{"key":"e_1_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813668"},{"key":"e_1_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2015.425"},{"key":"e_1_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081870.1081950"},{"key":"e_1_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.50"},{"key":"e_1_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.3390\/s131217292"},{"key":"e_1_2_2_75_1","volume-title":"Manning and Hinrich Sch\u00fctze","author":"Christopher","year":"1999","unstructured":"Christopher D. Manning and Hinrich Sch\u00fctze . 1999 . Foundations of Statistical Natural Language Processing. The MIT Press , London, UK. Christopher D. Manning and Hinrich Sch\u00fctze. 1999. Foundations of Statistical Natural Language Processing. The MIT Press, London, UK."},{"key":"e_1_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516726"},{"key":"e_1_2_2_77_1","volume-title":"Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS\u201917)","author":"McMahan H. Brendan","year":"2017","unstructured":"H. Brendan McMahan , Eider Moore , Daniel Ramage , Seth Hampson , and Blaise Arcas . 2017 . Communication-efficient learning of deep networks from decentralized data . In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS\u201917) . PMLR, 1273\u20131282. H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS\u201917). PMLR, 1273\u20131282."},{"key":"e_1_2_2_78_1","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916)","author":"Melicher William","year":"2016","unstructured":"William Melicher , Blase Ur , Sean M. Segreti , Saranga Komanduri , Lujo Bauer , Nicolas Christin , and Lorrie Faith Cranor . 2016 . Fast, lean, and accurate: Modeling password guessability using neural networks . In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916) . USENIX Association, 175\u2013191. William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916). USENIX Association, 175\u2013191."},{"key":"e_1_2_2_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_2_2_80_1","unstructured":"Microsoft. 2019. Azure machine learning studio. Retrieved from https:\/\/azure.microsoft.com\/en-au\/services\/machine-learning-studio\/.  Microsoft. 2019. Azure machine learning studio. Retrieved from https:\/\/azure.microsoft.com\/en-au\/services\/machine-learning-studio\/."},{"key":"e_1_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307666"},{"key":"e_1_2_2_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"e_1_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP.2014.7025068"},{"key":"e_1_2_2_84_1","unstructured":"Wale Ogunwale. 2016. Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS. Retrieved from https:\/\/gitlab.tubit.tu-berlin.de\/justus.beyer\/streamagame_platform_frame works_base\/commit\/9dbaa54f6834e013a63f18bd51ace554de811d80.  Wale Ogunwale. 2016. Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS. Retrieved from https:\/\/gitlab.tubit.tu-berlin.de\/justus.beyer\/streamagame_platform_frame works_base\/commit\/9dbaa54f6834e013a63f18bd51ace554de811d80."},{"key":"e_1_2_2_85_1","volume-title":"Proceedings of the 6th International Conference on Learning Representations (ICLR\u201918)","author":"Oh Seong Joon","year":"2018","unstructured":"Seong Joon Oh , Max Augustin , Bernt Schiele , and Mario Fritz . 2018 . Towards reverse-engineering black-box neural networks . In Proceedings of the 6th International Conference on Learning Representations (ICLR\u201918) . OpenReview.net, 1\u201320. Seong Joon Oh, Max Augustin, Bernt Schiele, and Mario Fritz. 2018. Towards reverse-engineering black-box neural networks. In Proceedings of the 6th International Conference on Learning Representations (ICLR\u201918). OpenReview.net, 1\u201320."},{"key":"e_1_2_2_86_1","volume-title":"Proceedings of the 5th International Conference on Learning Representations (ICLR\u201917)","author":"Papernot Nicolas","year":"2017","unstructured":"Nicolas Papernot , Mart\u00edn Abadi , Ulfar Erlingsson , Ian Goodfellow , and Kunal Talwar . 2017 . Semi-supervised knowledge transfer for deep learning from private training data . In Proceedings of the 5th International Conference on Learning Representations (ICLR\u201917) . OpenReview.net, 1\u201316. Nicolas Papernot, Mart\u00edn Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. 2017. Semi-supervised knowledge transfer for deep learning from private training data. In Proceedings of the 5th International Conference on Learning Representations (ICLR\u201917). OpenReview.net, 1\u201316."},{"key":"e_1_2_2_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_2_2_88_1","volume-title":"Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP\u201918)","author":"Papernot Nicolas","unstructured":"Nicolas Papernot , Patrick McDaniel , Arunesh Sinha , and Michael P. Wellman . 2018. SoK: Security and privacy in machine learning . In Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP\u201918) . IEEE, 399\u2013414. Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael P. Wellman. 2018. SoK: Security and privacy in machine learning. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP\u201918). IEEE, 399\u2013414."},{"key":"e_1_2_2_89_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20998-7_52"},{"key":"e_1_2_2_90_1","doi-asserted-by":"publisher","DOI":"10.5555\/844380.844710"},{"key":"e_1_2_2_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2015.7120016"},{"key":"e_1_2_2_92_1","first-page":"2825","article-title":"Scikit-learn: Machine learning in Python","author":"Pedregosa Fabian","year":"2011","unstructured":"Fabian Pedregosa , Ga\u00ebl Varoquaux , Alexandre Gramfort , Vincent Michel , Bertrand Thirion , Olivier Grisel , Mathieu Blondel , Peter Prettenhofer , Ron Weiss , Vincent Dubourg , et\u00a0al. 2011 . Scikit-learn: Machine learning in Python . J. Mach. Learn. Res. 12 , Oct. (2011), 2825 \u2013 2830 . Fabian Pedregosa, Ga\u00ebl Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et\u00a0al. 2011. Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, Oct. (2011), 2825\u20132830.","journal-title":"J. Mach. Learn. Res. 12"},{"key":"e_1_2_2_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655019"},{"key":"e_1_2_2_94_1","volume-title":"Proceedings of the IEEE 14th International Conference on Machine Learning and Applications (ICMLA\u201915)","author":"Ribeiro Mauro","unstructured":"Mauro Ribeiro , Katarina Grolinger , and Miriam A. M. Capretz . 2015. MLaaS: Machine learning as a service . In Proceedings of the IEEE 14th International Conference on Machine Learning and Applications (ICMLA\u201915) . IEEE, 896\u2013902. Mauro Ribeiro, Katarina Grolinger, and Miriam A. M. Capretz. 2015. MLaaS: Machine learning as a service. In Proceedings of the IEEE 14th International Conference on Machine Learning and Applications (ICMLA\u201915). IEEE, 896\u2013902."},{"key":"e_1_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23119"},{"key":"e_1_2_2_96_1","volume-title":"Proceedings of the 2nd IEEE Workshop on Applications of Computer Vision. IEEE, 138\u2013142","author":"Ferdinando","unstructured":"Ferdinando S. Samaria and Andy C. Harter. 1994. Parameterisation of a stochastic model for human face identification . In Proceedings of the 2nd IEEE Workshop on Applications of Computer Vision. IEEE, 138\u2013142 . Ferdinando S. Samaria and Andy C. Harter. 1994. Parameterisation of a stochastic model for human face identification. In Proceedings of the 2nd IEEE Workshop on Applications of Computer Vision. IEEE, 138\u2013142."},{"key":"e_1_2_2_97_1","unstructured":"Amazon ML Services. 2019. Amazon AWS Machine Learning. Retrieved from https:\/\/aws.amazon.com\/machine-learning\/.  Amazon ML Services. 2019. Amazon AWS Machine Learning. Retrieved from https:\/\/aws.amazon.com\/machine-learning\/."},{"key":"e_1_2_2_98_1","volume-title":"Proceedings of the IEEE International Conference on Management of Data. IEEE, 1\u20139.","author":"Shahani Snehkumar","unstructured":"Snehkumar Shahani , Jibi Abraham , and R. Venkateswaran . 2017. Distributed data aggregation with privacy preservation at endpoint . In Proceedings of the IEEE International Conference on Management of Data. IEEE, 1\u20139. Snehkumar Shahani, Jibi Abraham, and R. Venkateswaran. 2017. Distributed data aggregation with privacy preservation at endpoint. In Proceedings of the IEEE International Conference on Management of Data. IEEE, 1\u20139."},{"key":"e_1_2_2_99_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557377"},{"key":"e_1_2_2_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813687"},{"key":"e_1_2_2_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_2_2_102_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917)","author":"Sikder Amit Kumar","unstructured":"Amit Kumar Sikder , Hidayet Aksu , and A. Selcuk Uluagac . 2017. 6thSense: A context-aware sensor-based attack detector for smart devices . In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917) . USENIX Association, 397\u2013414. Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917). USENIX Association, 397\u2013414."},{"key":"e_1_2_2_104_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196510"},{"key":"e_1_2_2_105_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"},{"key":"e_1_2_2_106_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2012.02.016"},{"key":"e_1_2_2_107_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23060"},{"key":"e_1_2_2_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2885561"},{"key":"e_1_2_2_109_1","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916)","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r , Fan Zhang , Ari Juels , Michael K. Reiter , and Thomas Ristenpart . 2016 . Stealing machine learning models via prediction APIs . In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916) . USENIX Association, 601\u2013618. Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction APIs. In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916). USENIX Association, 601\u2013618."},{"key":"e_1_2_2_110_1","unstructured":"UCIdataset. 2018. UCI Machine Learning Repository. Retrieved from https:\/\/archive.ics.uci.edu\/ml\/datasets.html.  UCIdataset. 2018. UCI Machine Learning Repository. Retrieved from https:\/\/archive.ics.uci.edu\/ml\/datasets.html."},{"key":"e_1_2_2_111_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831173"},{"key":"e_1_2_2_112_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23103"},{"key":"e_1_2_2_113_1","volume-title":"Proceedings of the 9th International Conference on Language Resources and Evaluation (LREC\u201914)","author":"Verhoeven Ben","year":"2014","unstructured":"Ben Verhoeven and Walter Daelemans . 2014 . CLiPS stylometry investigation (CSI) corpus: A Dutch corpus for the detection of age, gender, personality, sentiment and deception in text . In Proceedings of the 9th International Conference on Language Resources and Evaluation (LREC\u201914) . European Languages Resources Association (ELRA), 3081\u20133085. Ben Verhoeven and Walter Daelemans. 2014. CLiPS stylometry investigation (CSI) corpus: A Dutch corpus for the detection of age, gender, personality, sentiment and deception in text. In Proceedings of the 9th International Conference on Language Resources and Evaluation (LREC\u201914). European Languages Resources Association (ELRA), 3081\u20133085."},{"key":"e_1_2_2_114_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP\u201918)","author":"Wang B.","unstructured":"B. Wang and N. Z. Gong . 2018. Stealing hyperparameters in machine learning . In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201918) . IEEE, 36\u201352. B. Wang and N. Z. Gong. 2018. Stealing hyperparameters in machine learning. In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201918). IEEE, 36\u201352."},{"key":"e_1_2_2_115_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978339"},{"key":"e_1_2_2_116_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.8"},{"key":"e_1_2_2_117_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2016.2590472"},{"key":"e_1_2_2_118_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813645"},{"key":"e_1_2_2_119_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185465"},{"key":"e_1_2_2_120_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"e_1_2_2_121_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2014.2347259"},{"key":"e_1_2_2_122_1","doi-asserted-by":"publisher","DOI":"10.1145\/2814575"},{"key":"e_1_2_2_123_1","unstructured":"Yelp. 2014. Yelp Open Dataset. Retrieved from https:\/\/www.yelp.com\/dataset.  Yelp. 2014. Yelp Open Dataset. Retrieved from https:\/\/www.yelp.com\/dataset."},{"key":"e_1_2_2_124_1","volume-title":"Proceedings of the 4th International Conference on Distance Learning and Education (ICDLE\u201910)","author":"Yu Yan","year":"2010","unstructured":"Yan Yu , Jianhua Wang , and Guohui Zhou . 2010 . The exploration in the education of professionals in applied internet of things engineering . In Proceedings of the 4th International Conference on Distance Learning and Education (ICDLE\u201910) . IEEE, 74\u201377. Yan Yu, Jianhua Wang, and Guohui Zhou. 2010. The exploration in the education of professionals in applied internet of things engineering. In Proceedings of the 4th International Conference on Distance Learning and Education (ICDLE\u201910). IEEE, 74\u201377."},{"key":"e_1_2_2_125_1","volume-title":"Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS\u201917)","author":"Zaheer Manzil","unstructured":"Manzil Zaheer , Satwik Kottur , Siamak Ravanbakhsh , Barnabas Poczos , Ruslan R. Salakhutdinov , and Alexander J. Smola . 2017. Deep sets . In Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS\u201917) . Curran Associates, Inc., 3391\u20133401. Manzil Zaheer, Satwik Kottur, Siamak Ravanbakhsh, Barnabas Poczos, Ruslan R. Salakhutdinov, and Alexander J. Smola. 2017. Deep sets. In Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS\u201917). Curran Associates, Inc., 3391\u20133401."},{"key":"e_1_2_2_126_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2016.7472059"},{"key":"e_1_2_2_127_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2223675"},{"key":"e_1_2_2_128_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2014.2320577"},{"key":"e_1_2_2_129_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2012.98"},{"key":"e_1_2_2_130_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2015.7299113"},{"key":"e_1_2_2_131_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.61"},{"key":"e_1_2_2_132_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23260"},{"key":"e_1_2_2_133_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978324"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465171","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3465171","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:11Z","timestamp":1750191431000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465171"}},"subtitle":["A Survey"],"short-title":[],"issued":{"date-parts":[[2021,7,18]]},"references-count":129,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2022,9,30]]}},"alternative-id":["10.1145\/3465171"],"URL":"https:\/\/doi.org\/10.1145\/3465171","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,18]]},"assertion":[{"value":"2019-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-07-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}