{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T09:47:15Z","timestamp":1781084835041,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ANR","award":["ANR-20-CE23-0013"],"award-info":[{"award-number":["ANR-20-CE23-0013"]}]},{"DOI":"10.13039\/100009879","name":"FACE Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100009879","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3528535.3565240","type":"proceedings-article","created":{"date-parts":[[2022,12,20]],"date-time":"2022-12-20T13:40:01Z","timestamp":1671543601000},"page":"135-147","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["MixNN"],"prefix":"10.1145","author":[{"given":"Thomas","family":"Lebrun","sequence":"first","affiliation":[{"name":"Univ Lyon, Lyon, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Antoine","family":"Boutet","sequence":"additional","affiliation":[{"name":"Univ Lyon, Lyon, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jan","family":"Aalmoes","sequence":"additional","affiliation":[{"name":"Univ Lyon, Lyon, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adrien","family":"Baud","sequence":"additional","affiliation":[{"name":"Univ Lyon, Lyon, France"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,11,8]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_2_1","volume-title":"SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications. arXiv preprint arXiv:2009.03518","author":"Mubashwir Alam A K M","year":"2020","unstructured":"A K M Mubashwir Alam, Sagar Sharma, and Keke Chen. 2020. SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications. arXiv preprint arXiv:2009.03518 (2020)."},{"key":"e_1_3_2_1_4_1","volume-title":"Aaditya Kumar Singh, and Sunav Choudhary","author":"Arivazhagan Manoj Ghuhan","year":"2019","unstructured":"Manoj Ghuhan Arivazhagan, Vinay Aggarwal, Aaditya Kumar Singh, and Sunav Choudhary. 2019. Federated Learning with Personalization Layers. arXiv preprint arXiv:1912.00818 (2019)."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research","volume":"2948","author":"Bagdasaryan Eugene","year":"2020","unstructured":"Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How To Backdoor Federated Learning. In Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research, Vol. 108), Silvia Chiappa and Roberto Calandra (Eds.). PMLR, 2938--2948. https:\/\/proceedings.mlr.press\/v108\/bagdasaryan20a.html"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417885"},{"key":"e_1_3_2_1_7_1","volume-title":"David Petrou, Daniel Ramage, and Jason Roselander.","author":"Bonawitz Keith","year":"2019","unstructured":"Keith Bonawitz, Hubert Eichner, Wolfgang Grieskamp, Dzmitry Huba, Alex Ingerman, Vladimir Ivanov, Chlo\u00e9 Kiddon, Jakub Kone\u010dn\u00fd, Stefano Mazzocchi, Brendan McMahan, Timon Van Overveldt, David Petrou, Daniel Ramage, and Jason Roselander. 2019. Towards Federated Learning at Scale: System Design. In Proceedings of Machine Learning and Systems, A. Talwalkar, V. Smith, and M. Zaharia (Eds.), Vol. 1. 374--388. https:\/\/proceedings.mlsys.org\/paper\/2019\/file\/bd686fd640be98efaae0091fa301e613-Paper.pdf"},{"key":"e_1_3_2_1_8_1","volume-title":"Practical secure aggregation for federated learning on user-held data. arXiv preprint arXiv:1611.04482","author":"Bonawitz Keith","year":"2016","unstructured":"Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. 2016. Practical secure aggregation for federated learning on user-held data. arXiv preprint arXiv:1611.04482 (2016)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453095"},{"key":"e_1_3_2_1_11_1","volume-title":"Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17)","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC. https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/brasser"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/358549.358563"},{"key":"e_1_3_2_1_13_1","volume-title":"Md Nazmus Sadat, Cenk Sahinalp, Kristin Lauter, and Shuang Wang.","author":"Chen Feng","year":"2017","unstructured":"Feng Chen, Chenghong Wang, Wenrui Dai, Xiaoqian Jiang, Noman Mohammed, Md Momin Al Aziz, Md Nazmus Sadat, Cenk Sahinalp, Kristin Lauter, and Shuang Wang. 2017. PRESAGE: Privacy-preserving genetic testing via software guard extension. BMC medical genomics 10, 2 (2017), 48."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1093\/bioinformatics\/btw758"},{"key":"e_1_3_2_1_15_1","first-page":"1","article-title":"Intel SGX Explained","volume":"2016","author":"Costan Victor","year":"2016","unstructured":"Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016, 086 (2016), 1--118.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_1_16_1","volume-title":"An Overview of Privacy in Machine Learning. arXiv preprint arXiv:2005.08679","author":"Cristofaro Emiliano De","year":"2020","unstructured":"Emiliano De Cristofaro. 2020. An Overview of Privacy in Machine Learning. arXiv preprint arXiv:2005.08679 (2020)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2003.1199323"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2016.30"},{"key":"e_1_3_2_1_21_1","volume-title":"Federated learning for mobile keyboard prediction. arXiv preprint arXiv:1811.03604","author":"Hard Andrew","year":"2018","unstructured":"Andrew Hard, Kanishka Rao, Rajiv Mathews, Swaroop Ramaswamy, Fran\u00e7oise Beaufays, Sean Augenstein, Hubert Eichner, Chlo\u00e9 Kiddon, and Daniel Ramage. 2018. Federated learning for mobile keyboard prediction. arXiv preprint arXiv:1811.03604 (2018)."},{"key":"e_1_3_2_1_23_1","volume-title":"Auditing Differentially Private Machine Learning: How Private is Private SGD? arXiv preprint arXiv:2006.07709","author":"Jagielski Matthew","year":"2020","unstructured":"Matthew Jagielski, Jonathan Ullman, and Alina Oprea. 2020. Auditing Differentially Private Machine Learning: How Private is Private SGD? arXiv preprint arXiv:2006.07709 (2020)."},{"key":"e_1_3_2_1_24_1","volume-title":"Revisiting Membership Inference Under Realistic Assumptions. arXiv preprint arXiv:2005.10881","author":"Jayaraman Bargav","year":"2020","unstructured":"Bargav Jayaraman, Lingxiao Wang, David Evans, and Quanquan Gu. 2020. Revisiting Membership Inference Under Realistic Assumptions. arXiv preprint arXiv:2005.10881 (2020)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2016-0008"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2534169.2486002"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2948618.2954331"},{"key":"e_1_3_2_1_28_1","volume-title":"Communication-Efficient Learning of Deep Networks from Decentralized Data. arXiv preprint arXiv:1602.05629","author":"McMahan H. Brendan","year":"2017","unstructured":"H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Ag\u00fcera y Arcas. 2017. Communication-Efficient Learning of Deep Networks from Decentralized Data. arXiv preprint arXiv:1602.05629 (2017)."},{"key":"e_1_3_2_1_29_1","volume-title":"Emiliano De Cristofaro, and Vitaly Shmatikov","author":"Melis Luca","year":"2018","unstructured":"Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2018. Exploiting Unintended Feature Leakage in Collaborative Learning. arXiv preprint arXiv:1805.04049 (2018)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3458864.3466628"},{"key":"e_1_3_2_1_31_1","volume-title":"Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy. arXiv preprint arXiv:2009.03561","author":"Naseri Mohammad","year":"2021","unstructured":"Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro. 2021. Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy. arXiv preprint arXiv:2009.03561 (2021)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_1_33_1","volume-title":"Smartphone-based human activity recognition","author":"Reyes-Ortiz J. L.","unstructured":"J. L. Reyes-Ortiz. 2015. Smartphone-based human activity recognition. Springer."},{"key":"e_1_3_2_1_34_1","volume-title":"ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. arXiv:1806.01246","author":"Salem Ahmed","year":"2018","unstructured":"Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. 2018. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. arXiv:1806.01246 (2018)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23239"},{"key":"e_1_3_2_1_36_1","volume-title":"Clustered Federated Learning: Model-Agnostic Distributed Multi-Task Optimization under Privacy Constraints. arXiv preprint arXiv:1910.01991","author":"Sattler Felix","year":"2019","unstructured":"Felix Sattler, Klaus-Robert M\u00fcller, and Wojciech Samek. 2019. Clustered Federated Learning: Model-Agnostic Distributed Multi-Task Optimization under Privacy Constraints. arXiv preprint arXiv:1910.01991 (2019)."},{"key":"e_1_3_2_1_37_1","volume-title":"Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:1610.05820","author":"Shokri Reza","year":"2017","unstructured":"Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:1610.05820 (2017)."},{"key":"e_1_3_2_1_38_1","volume-title":"Overlearning Reveals Sensitive Attributes. arXiv preprint arXiv:1905.11742","author":"Song Congzheng","year":"2020","unstructured":"Congzheng Song and Vitaly Shmatikov. 2020. Overlearning Reveals Sensitive Attributes. arXiv preprint arXiv:1905.11742 (2020)."},{"key":"e_1_3_2_1_39_1","volume-title":"Systematic Evaluation of Privacy Risks of Machine Learning Models. arXiv preprint arXiv:2003.10595","author":"Song Liwei","year":"2020","unstructured":"Liwei Song and Prateek Mittal. 2020. Systematic Evaluation of Privacy Risks of Machine Learning Models. arXiv preprint arXiv:2003.10595 (2020)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2014.220"},{"key":"e_1_3_2_1_41_1","volume-title":"Differentially Private Learning Needs Better Features (or Much More Data). arXiv preprint arXiv:2011.11660","author":"Tram\u00e8r Florian","year":"2020","unstructured":"Florian Tram\u00e8r and Dan Boneh. 2020. Differentially Private Learning Needs Better Features (or Much More Data). arXiv preprint arXiv:2011.11660 (2020)."},{"key":"e_1_3_2_1_42_1","volume-title":"The Trade-Offs of Private Prediction. arXiv preprint arXiv:2007.05089","author":"van der Maaten Laurens","year":"2020","unstructured":"Laurens van der Maaten and Awni Hannun. 2020. The Trade-Offs of Private Prediction. arXiv preprint arXiv:2007.05089 (2020)."},{"key":"e_1_3_2_1_43_1","unstructured":"Stephan van Schaik Andrew Kwong Daniel Genkin and Yuval Yarom. 2020. SGAxe: How SGX Fails in Practice. https:\/\/sgaxeattack.com\/."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5220\/0005792401430151"},{"key":"e_1_3_2_1_45_1","volume-title":"31st computer security foundations symposium (CSF '18)","author":"Yeom Samuel","unstructured":"Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting. In 31st computer security foundations symposium (CSF '18). IEEE, 268--282."},{"key":"e_1_3_2_1_46_1","volume-title":"Salvaging Federated Learning by Local Adaptation. arXiv preprint arXiv:2002.04758","author":"Yu Tao","year":"2020","unstructured":"Tao Yu, Eugene Bagdasaryan, and Vitaly Shmatikov. 2020. Salvaging Federated Learning by Local Adaptation. arXiv preprint arXiv:2002.04758 (2020)."},{"key":"e_1_3_2_1_47_1","volume-title":"Dataset-Level Attribute Leakage in Collaborative Learning. arXiv preprint arXiv:2006.07267","author":"Zhang Wanrong","year":"2020","unstructured":"Wanrong Zhang, Shruti Tople, and Olga Ohrimenko. 2020. Dataset-Level Attribute Leakage in Collaborative Learning. arXiv preprint arXiv:2006.07267 (2020)."},{"key":"e_1_3_2_1_48_1","volume-title":"Raghav Bhaskar, Mohamed Ali Kaafar, Darren Webb, and Peter Dickinson.","author":"Hao Zhao Benjamin Zi","year":"2021","unstructured":"Benjamin Zi Hao Zhao, Aviral Agrawal, Catisha Coburn, Hassan Jameel Asghar, Raghav Bhaskar, Mohamed Ali Kaafar, Darren Webb, and Peter Dickinson. 2021. On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models. arXiv preprint arXiv:2103.07101 (2021)."},{"key":"e_1_3_2_1_49_1","volume-title":"Deep Leakage from Gradients. arXiv preprint arXiv:1906.08935","author":"Zhu Ligeng","year":"2019","unstructured":"Ligeng Zhu, Zhijian Liu, and Song Han. 2019. Deep Leakage from Gradients. arXiv preprint arXiv:1906.08935 (2019)."}],"event":{"name":"Middleware '22: 23rd International Middleware Conference","location":"Quebec QC Canada","acronym":"Middleware '22","sponsor":["ACM Association for Computing Machinery","IFIP"]},"container-title":["Proceedings of the 23rd ACM\/IFIP International Middleware Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3528535.3565240","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3528535.3565240","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:02:43Z","timestamp":1750186963000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3528535.3565240"}},"subtitle":["protection of federated learning against inference attacks by mixing neural network layers"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":47,"alternative-id":["10.1145\/3528535.3565240","10.1145\/3528535"],"URL":"https:\/\/doi.org\/10.1145\/3528535.3565240","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}