{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T17:59:12Z","timestamp":1764784752867,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,15]],"date-time":"2021-11-15T00:00:00Z","timestamp":1636934400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,15]]},"DOI":"10.1145\/3474369.3486876","type":"proceedings-article","created":{"date-parts":[[2021,10,28]],"date-time":"2021-10-28T11:13:28Z","timestamp":1635419608000},"page":"193-202","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Differential Privacy Defenses and Sampling Attacks for Membership Inference"],"prefix":"10.1145","author":[{"given":"Shadi","family":"Rahimian","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tribhuvanesh","family":"Orekondy","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mario","family":"Fritz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,11,15]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978355"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2017-0045"},{"key":"e_1_3_2_1_4_1","unstructured":"Dingfan Chen Ning Yu Yang Zhang and Mario Fritz. 2019. GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs. arXiv:1909.03935. https:\/\/arxiv.org\/abs\/1909.03935 https:\/\/arxiv.org\/pdf\/1909.03935.pdf  Dingfan Chen Ning Yu Yang Zhang and Mario Fritz. 2019. GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs. arXiv:1909.03935. https:\/\/arxiv.org\/abs\/1909.03935 https:\/\/arxiv.org\/pdf\/1909.03935.pdf"},{"key":"e_1_3_2_1_5_1","volume-title":"Label-Only Membership Inference Attacks. arXiv preprint arXiv:2007.14321","author":"Choquette Choo Christopher A","year":"2020","unstructured":"Christopher A Choquette Choo , Florian Tramer , Nicholas Carlini , and Nicolas Papernot . 2020. Label-Only Membership Inference Attacks. arXiv preprint arXiv:2007.14321 ( 2020 ). Christopher A Choquette Choo, Florian Tramer, Nicholas Carlini, and Nicolas Papernot. 2020. Label-Only Membership Inference Attacks. arXiv preprint arXiv:2007.14321 (2020)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133978"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866739.1866758"},{"volume-title":"Theory of cryptography conference","author":"Dwork Cynthia","key":"e_1_3_2_1_8_1","unstructured":"Cynthia Dwork , Frank McSherry , Kobbi Nissim , and Adam Smith . 2006. Calibrating noise to sensitivity in private data analysis . In Theory of cryptography conference . Springer , 265--284. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. Springer, 265--284."},{"key":"e_1_3_2_1_9_1","volume-title":"et almbox","author":"Dwork Cynthia","year":"2014","unstructured":"Cynthia Dwork , Aaron Roth , et almbox . 2014 . The algorithmic foundations of differential privacy. Foundations and Trends\u00ae in Theoretical Computer Science , Vol. 9 , 3-4 (2014), 211--407. Cynthia Dwork, Aaron Roth, et almbox. 2014. The algorithmic foundations of differential privacy. Foundations and Trends\u00ae in Theoretical Computer Science, Vol. 9, 3-4 (2014), 211--407."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2015.46"},{"key":"e_1_3_2_1_11_1","volume-title":"International Conference on Machine Learning. PMLR, 2280--2289","author":"Gilmer Justin","year":"2019","unstructured":"Justin Gilmer , Nicolas Ford , Nicholas Carlini , and Ekin Cubuk . 2019 . Adversarial examples are a natural consequence of test error in noise . In International Conference on Machine Learning. PMLR, 2280--2289 . Justin Gilmer, Nicolas Ford, Nicholas Carlini, and Ekin Cubuk. 2019. Adversarial examples are a natural consequence of test error in noise. In International Conference on Machine Learning. PMLR, 2280--2289."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0008"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0067"},{"key":"e_1_3_2_1_14_1","volume-title":"Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics","author":"Homer Nils","year":"2008","unstructured":"Nils Homer , Szabolcs Szelinger , Margot Redman , David Duggan , Waibhav Tembe , Jill Muehling , John V Pearson , Dietrich A Stephan , Stanley F Nelson , and David W Craig . 2008. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics , Vol. 4 , 8 ( 2008 ). Nils Homer, Szabolcs Szelinger, Margot Redman, David Duggan, Waibhav Tembe, Jill Muehling, John V Pearson, Dietrich A Stephan, Stanley F Nelson, and David W Craig. 2008. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS genetics, Vol. 4, 8 (2008)."},{"volume-title":"28th $$USENIX$$ Security Symposium ({USENIX} Security 19). 1895--1912.","author":"Jayaraman Bargav","key":"e_1_3_2_1_15_1","unstructured":"Bargav Jayaraman and David Evans . 2019. Evaluating differentially private machine learning in practice . In 28th $$USENIX$$ Security Symposium ({USENIX} Security 19). 1895--1912. Bargav Jayaraman and David Evans. 2019. Evaluating differentially private machine learning in practice. In 28th $$USENIX$$ Security Symposium ({USENIX} Security 19). 1895--1912."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363201"},{"key":"e_1_3_2_1_17_1","unstructured":"Peter Kairouz Sewoong Oh and Pramod Viswanath. 2014. Extremal mechanisms for local differential privacy. In Advances in neural information processing systems. 2879--2887.  Peter Kairouz Sewoong Oh and Pramod Viswanath. 2014. Extremal mechanisms for local differential privacy. In Advances in neural information processing systems. 2879--2887."},{"key":"e_1_3_2_1_18_1","volume-title":"Label-Leaks: Membership Inference Attack with Label. arXiv preprint arXiv:2007.15528","author":"Li Zheng","year":"2020","unstructured":"Zheng Li and Yang Zhang . 2020. Label-Leaks: Membership Inference Attack with Label. arXiv preprint arXiv:2007.15528 ( 2020 ). Zheng Li and Yang Zhang. 2020. Label-Leaks: Membership Inference Attack with Label. arXiv preprint arXiv:2007.15528 (2020)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2019.2916086"},{"key":"e_1_3_2_1_20_1","volume-title":"Generative model: Membership attack, generalization and diversity. CoRR, abs\/1805.09898","author":"Liu Kin Sum","year":"2018","unstructured":"Kin Sum Liu , Bo Li , and Jie Gao . 2018. Generative model: Membership attack, generalization and diversity. CoRR, abs\/1805.09898 ( 2018 ). Kin Sum Liu, Bo Li, and Jie Gao. 2018. Generative model: Membership attack, generalization and diversity. CoRR, abs\/1805.09898 (2018)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1982.1056489"},{"key":"e_1_3_2_1_22_1","volume-title":"Understanding Membership Inferences on Well-Generalized Learning Models. CoRR","author":"Long Yunhui","year":"2018","unstructured":"Yunhui Long , Vincent Bindschaedler , Lei Wang , Diyue Bu , Xiaofeng Wang , Haixu Tang , Carl A. Gunter , and Kai Chen . 2018. Understanding Membership Inferences on Well-Generalized Learning Models. CoRR , Vol. abs\/ 1802 .04889 ( 2018 ). arxiv: 1802.04889 http:\/\/arxiv.org\/abs\/1802.04889 Yunhui Long, Vincent Bindschaedler, Lei Wang, Diyue Bu, Xiaofeng Wang, Haixu Tang, Carl A. Gunter, and Kai Chen. 2018. Understanding Membership Inferences on Well-Generalized Learning Models. CoRR, Vol. abs\/1802.04889 (2018). arxiv: 1802.04889 http:\/\/arxiv.org\/abs\/1802.04889"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3144457.3144494"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2007.66"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_2_1_26_1","volume-title":"Minhui Xue, Chao Chen, Lei Pan, Jun Zhang, Dali Kaafar, and Yang Xiang.","author":"Miao Yuantian","year":"2019","unstructured":"Yuantian Miao , Ben Zi Hao Zhao , Minhui Xue, Chao Chen, Lei Pan, Jun Zhang, Dali Kaafar, and Yang Xiang. 2019 . The audio auditor: Participant-level membership inference in voice-based iot. arXiv preprint arXiv:1905.07082 (2019). Yuantian Miao, Ben Zi Hao Zhao, Minhui Xue, Chao Chen, Lei Pan, Jun Zhang, Dali Kaafar, and Yang Xiang. 2019. The audio auditor: Participant-level membership inference in voice-based iot. arXiv preprint arXiv:1905.07082 (2019)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.33"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_1_30_1","volume-title":"Knock knock, who's there\" Membership inference on aggregate location data. arXiv preprint arXiv:1708.06145","author":"Pyrgelis Apostolos","year":"2017","unstructured":"Apostolos Pyrgelis , Carmela Troncoso , and Emiliano De Cristofaro . 2017. Knock knock, who's there\" Membership inference on aggregate location data. arXiv preprint arXiv:1708.06145 ( 2017 ). Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro. 2017. Knock knock, who's there\" Membership inference on aggregate location data. arXiv preprint arXiv:1708.06145 (2017)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978409"},{"key":"e_1_3_2_1_32_1","first-page":"61","article-title":"Membership Inference Attack against Differentially Private Deep Learning Model","volume":"11","author":"Rahman Md Atiqur","year":"2018","unstructured":"Md Atiqur Rahman , Tanzila Rahman , Robert Lagani\u00e8re , Noman Mohammed , and Yang Wang . 2018 . Membership Inference Attack against Differentially Private Deep Learning Model . Transactions on Data Privacy , Vol. 11 , 1 (2018), 61 -- 79 . Md Atiqur Rahman, Tanzila Rahman, Robert Lagani\u00e8re, Noman Mohammed, and Yang Wang. 2018. Membership Inference Attack against Differentially Private Deep Learning Model. Transactions on Data Privacy, Vol. 11, 1 (2018), 61--79.","journal-title":"Transactions on Data Privacy"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1559795.1559812"},{"key":"e_1_3_2_1_34_1","volume-title":"ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. Annual Network and Distributed System Security Symposium (NDSS) (2018","author":"Salem Ahmed","year":"2018","unstructured":"Ahmed Salem , Yang Zhang , Mathias Humbert , Mario Fritz , and Michael Backes . 2018 . ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. Annual Network and Distributed System Security Symposium (NDSS) (2018 ). arxiv: 1806.01246 http:\/\/arxiv.org\/abs\/1806.01246 Ahmed Salem, Yang Zhang, Mathias Humbert, Mario Fritz, and Michael Backes. 2018. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. Annual Network and Distributed System Security Symposium (NDSS) (2018). arxiv: 1806.01246 http:\/\/arxiv.org\/abs\/1806.01246"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_1_36_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman . 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 ( 2014 ). Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134077"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292500.3330885"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354211"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653726"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653703"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1965.10480775"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_1_44_1","volume-title":"Functional mechanism: regression analysis under differential privacy. arXiv preprint arXiv:1208.0219","author":"Zhang Jun","year":"2012","unstructured":"Jun Zhang , Zhenjie Zhang , Xiaokui Xiao , Yin Yang , and Marianne Winslett . 2012. Functional mechanism: regression analysis under differential privacy. arXiv preprint arXiv:1208.0219 ( 2012 ). Jun Zhang, Zhenjie Zhang, Xiaokui Xiao, Yin Yang, and Marianne Winslett. 2012. Functional mechanism: regression analysis under differential privacy. arXiv preprint arXiv:1208.0219 (2012)."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486876","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3474369.3486876","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:26Z","timestamp":1750188626000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486876"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,15]]},"references-count":44,"alternative-id":["10.1145\/3474369.3486876","10.1145\/3474369"],"URL":"https:\/\/doi.org\/10.1145\/3474369.3486876","relation":{},"subject":[],"published":{"date-parts":[[2021,11,15]]},"assertion":[{"value":"2021-11-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}