{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:00:50Z","timestamp":1773511250113,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Trustworthy Federated Data Analytic","award":["ZT-I-OO1 4"],"award-info":[{"award-number":["ZT-I-OO1 4"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560684","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"2085-2098","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":75,"title":["Membership Inference Attacks by Exploiting Loss Trajectory"],"prefix":"10.1145","author":[{"given":"Yiyong","family":"Liu","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Zhengyu","family":"Zhao","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Michael","family":"Backes","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Yang","family":"Zhang","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html.  https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html."},{"key":"e_1_3_2_1_2_1","unstructured":"http:\/\/benchmark.ini.rub.de\/'section=gtsrb.  http:\/\/benchmark.ini.rub.de\/'section=gtsrb."},{"key":"e_1_3_2_1_3_1","first-page":"308","volume-title":"Li Zhang. Deep Learning with Differential Privacy. In ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Abadi Martin","year":"2016","unstructured":"Martin Abadi , Andy Chu , Ian Goodfellow , Brendan McMahan , Ilya Mironov , Kunal Talwar , and Li Zhang. Deep Learning with Differential Privacy. In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 308 -- 318 . ACM, 2016 . Martin Abadi, Andy Chu, Ian Goodfellow, Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. Deep Learning with Differential Privacy. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 308-- 318. ACM, 2016."},{"key":"e_1_3_2_1_4_1","volume-title":"Membership Inference Attacks From First Principles. CoRR abs\/2112.03570","author":"Carlini Nicholas","year":"2021","unstructured":"Nicholas Carlini , Steve Chien , Milad Nasr , Shuang Song , Andreas Terzis , and Florian Tram\u00e8r . Membership Inference Attacks From First Principles. CoRR abs\/2112.03570 , 2021 . Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tram\u00e8r. Membership Inference Attacks From First Principles. CoRR abs\/2112.03570, 2021."},{"key":"e_1_3_2_1_5_1","first-page":"267","volume-title":"Dawn Song. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks. In USENIX Security Symposium (USENIX Security)","author":"Carlini Nicholas","year":"2019","unstructured":"Nicholas Carlini , Chang Liu , \u00dalfar Erlingsson , Jernej Kos , and Dawn Song. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks. In USENIX Security Symposium (USENIX Security) , pages 267 -- 284 . USENIX, 2019 . Nicholas Carlini, Chang Liu, \u00dalfar Erlingsson, Jernej Kos, and Dawn Song. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks. In USENIX Security Symposium (USENIX Security), pages 267--284. USENIX, 2019."},{"key":"e_1_3_2_1_6_1","volume-title":"Extracting Training Data from Large Language Models. CoRR abs\/2012.07805","author":"Carlini Nicholas","year":"2020","unstructured":"Nicholas Carlini , Florian Tram\u00e8r , Eric Wallace , Matthew Jagielski , Ariel HerbertVoss , Katherine Lee , Adam Roberts , Tom B. Brown , Dawn Song , \u00dalfar Erlingsson , Alina Oprea , and Colin Raffel . Extracting Training Data from Large Language Models. CoRR abs\/2012.07805 , 2020 . Nicholas Carlini, Florian Tram\u00e8r, Eric Wallace, Matthew Jagielski, Ariel HerbertVoss, Katherine Lee, Adam Roberts, Tom B. Brown, Dawn Song, \u00dalfar Erlingsson, Alina Oprea, and Colin Raffel. Extracting Training Data from Large Language Models. CoRR abs\/2012.07805, 2020."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417238"},{"key":"e_1_3_2_1_8_1","first-page":"1964","volume-title":"Nicolas Papernot. Label-Only Membership Inference Attacks. In International Conference on Machine Learning (ICML)","author":"Choquette Choo Christopher A.","year":"2021","unstructured":"Christopher A. Choquette Choo , Florian Tram\u00e8r , Nicholas Carlini , and Nicolas Papernot. Label-Only Membership Inference Attacks. In International Conference on Machine Learning (ICML) , pages 1964 -- 1974 . PMLR, 2021 . Christopher A. Choquette Choo, Florian Tram\u00e8r, Nicholas Carlini, and Nicolas Papernot. Label-Only Membership Inference Attacks. In International Conference on Machine Learning (ICML), pages 1964--1974. PMLR, 2021."},{"key":"e_1_3_2_1_9_1","volume-title":"CINIC-10 is not ImageNet or CIFAR-10. CoRR abs\/1810.03505","author":"Darlow Luke Nicholas","year":"2018","unstructured":"Luke Nicholas Darlow , Elliot J. Crowley , Antreas Antoniou , and Amos J. Storkey . CINIC-10 is not ImageNet or CIFAR-10. CoRR abs\/1810.03505 , 2018 . Luke Nicholas Darlow, Elliot J. Crowley, Antreas Antoniou, and Amos J. Storkey. CINIC-10 is not ImageNet or CIFAR-10. CoRR abs\/1810.03505, 2018."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_14"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_1_13_1","first-page":"1602","volume-title":"Anima Anandkumar. Born-Again Neural Networks. In International Conference on Machine Learning (ICML)","author":"Furlanello Tommaso","year":"2018","unstructured":"Tommaso Furlanello , Zachary Chase Lipton , Michael Tschannen , Laurent Itti , and Anima Anandkumar. Born-Again Neural Networks. In International Conference on Machine Learning (ICML) , pages 1602 -- 1611 . PMLR, 2018 . Tommaso Furlanello, Zachary Chase Lipton, Michael Tschannen, Laurent Itti, and Anima Anandkumar. Born-Again Neural Networks. In International Conference on Machine Learning (ICML), pages 1602--1611. PMLR, 2018."},{"key":"e_1_3_2_1_14_1","first-page":"2827","volume-title":"Jitendra Malik. Cross Modal Distillation for Supervision Transfer. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Gupta Saurabh","year":"2016","unstructured":"Saurabh Gupta , Judy Hoffman , and Jitendra Malik. Cross Modal Distillation for Supervision Transfer. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) , pages 2827 -- 2836 . IEEE, 2016 . Saurabh Gupta, Judy Hoffman, and Jitendra Malik. Cross Modal Distillation for Supervision Transfer. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 2827--2836. IEEE, 2016."},{"key":"e_1_3_2_1_15_1","first-page":"3950","volume-title":"Agree: Neural Networks Share Classification Order on Real Datasets. In International Conference on Machine Learning (ICML)","author":"Hacohen Guy","year":"2020","unstructured":"Guy Hacohen , Leshem Choshen , and Daphna Weinshall . Let's Agree to Agree: Neural Networks Share Classification Order on Real Datasets. In International Conference on Machine Learning (ICML) , pages 3950 -- 3960 . PMLR, 2020 . Guy Hacohen, Leshem Choshen, and Daphna Weinshall. Let's Agree to Agree: Neural Networks Share Classification Order on Real Datasets. In International Conference on Machine Learning (ICML), pages 3950--3960. PMLR, 2020."},{"key":"e_1_3_2_1_16_1","volume-title":"Emiliano De Cristofaro. LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. Privacy Enhancing Technologies Symposium","author":"Hayes Jamie","year":"2019","unstructured":"Jamie Hayes , Luca Melis , George Danezis , and Emiliano De Cristofaro. LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. Privacy Enhancing Technologies Symposium , 2019 . Jamie Hayes, Luca Melis, George Danezis, and Emiliano De Cristofaro. LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. Privacy Enhancing Technologies Symposium, 2019."},{"key":"e_1_3_2_1_17_1","first-page":"770","volume-title":"Jian Sun. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"He Kaiming","year":"2016","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) , pages 770 -- 778 . IEEE, 2016 . Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 770--778. IEEE, 2016."},{"key":"e_1_3_2_1_18_1","volume-title":"MembershipDoctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. CoRR abs\/2208.10445","author":"He Xinlei","year":"2022","unstructured":"Xinlei He , Zheng Li , Weilin Xu , Cory Cornelius , and Yang Zhang . MembershipDoctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. CoRR abs\/2208.10445 , 2022 . Xinlei He, Zheng Li, Weilin Xu, Cory Cornelius, and Yang Zhang. MembershipDoctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. CoRR abs\/2208.10445, 2022."},{"key":"e_1_3_2_1_19_1","volume-title":"NodeLevel Membership Inference Attacks Against Graph Neural Networks. CoRR abs\/2102.05429","author":"He Xinlei","year":"2021","unstructured":"Xinlei He , Rui Wen , Yixin Wu , Michael Backes , Yun Shen , and Yang Zhang . NodeLevel Membership Inference Attacks Against Graph Neural Networks. CoRR abs\/2102.05429 , 2021 . Xinlei He, Rui Wen, Yixin Wu, Michael Backes, Yun Shen, and Yang Zhang. NodeLevel Membership Inference Attacks Against Graph Neural Networks. CoRR abs\/2102.05429, 2021."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0067"},{"key":"e_1_3_2_1_21_1","volume-title":"Distilling the Knowledge in a Neural Network. CoRR abs\/1503.02531","author":"Hinton Geoffrey E.","year":"2015","unstructured":"Geoffrey E. Hinton , Oriol Vinyals , and Jeffrey Dean . Distilling the Knowledge in a Neural Network. CoRR abs\/1503.02531 , 2015 . Geoffrey E. Hinton, Oriol Vinyals, and Jeffrey Dean. Distilling the Knowledge in a Neural Network. CoRR abs\/1503.02531, 2015."},{"key":"e_1_3_2_1_22_1","first-page":"259","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Jia Jinyuan","year":"2019","unstructured":"Jinyuan Jia , Ahmed Salem , Michael Backes , Yang Zhang , and Neil Zhenqiang Gong . MemGuard : Defending against Black-Box Membership Inference Attacks via Adversarial Examples . In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 259 -- 274 . ACM, 2019 . Jinyuan Jia, Ahmed Salem, Michael Backes, Yang Zhang, and Neil Zhenqiang Gong. MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 259--274. ACM, 2019."},{"key":"e_1_3_2_1_23_1","first-page":"1317","volume-title":"Kim and Alexander M. Rush. Sequence-Level Knowledge Distillation. In Conference on Empirical Methods in Natural Language Processing (EMNLP)","author":"Yoon","year":"2016","unstructured":"Yoon Kim and Alexander M. Rush. Sequence-Level Knowledge Distillation. In Conference on Empirical Methods in Natural Language Processing (EMNLP) , pages 1317 -- 1327 . ACL, 2016 . Yoon Kim and Alexander M. Rush. Sequence-Level Knowledge Distillation. In Conference on Empirical Methods in Natural Language Processing (EMNLP), pages 1317--1327. ACL, 2016."},{"key":"e_1_3_2_1_24_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Krishna Kalpesh","year":"2020","unstructured":"Kalpesh Krishna , Gaurav Singh Tomar , Ankur P. Parikh , Nicolas Papernot , and Mohit Iyyer . Thieves on Sesame Street! Model Extraction of BERT-based APIs . In International Conference on Learning Representations (ICLR) , 2020 . Kalpesh Krishna, Gaurav Singh Tomar, Ankur P. Parikh, Nicolas Papernot, and Mohit Iyyer. Thieves on Sesame Street! Model Extraction of BERT-based APIs. In International Conference on Learning Representations (ICLR), 2020."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00044"},{"key":"e_1_3_2_1_26_1","first-page":"1605","volume-title":"Leino and Matt Fredrikson. Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference. In USENIX Security Symposium (USENIX Security)","author":"Klas","year":"2020","unstructured":"Klas Leino and Matt Fredrikson. Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference. In USENIX Security Symposium (USENIX Security) , pages 1605 -- 1622 . USENIX, 2020 . Klas Leino and Matt Fredrikson. Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference. In USENIX Security Symposium (USENIX Security), pages 1605--1622. USENIX, 2020."},{"key":"e_1_3_2_1_27_1","volume-title":"Auditing Membership Leakages of Multi-Exit Networks. CoRR abs\/2208.11180","author":"Li Zheng","year":"2022","unstructured":"Zheng Li , Yiyong Liu , Xinlei He , Ning Yu , Michael Backes , and Yang Zhang . Auditing Membership Leakages of Multi-Exit Networks. CoRR abs\/2208.11180 , 2022 . Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes, and Yang Zhang. Auditing Membership Leakages of Multi-Exit Networks. CoRR abs\/2208.11180, 2022."},{"key":"e_1_3_2_1_28_1","first-page":"880","volume-title":"Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Zheng","year":"2021","unstructured":"Zheng Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 880 -- 895 . ACM, 2021 . Zheng Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 880--895. ACM, 2021."},{"key":"e_1_3_2_1_29_1","volume-title":"Membership Inference Attacks by Exploiting Loss Trajectory. CoRR abs\/2208.14933","author":"Liu Yiyong","year":"2022","unstructured":"Yiyong Liu , Zhengyu Zhao , Michael Backes , and Yang Zhang . Membership Inference Attacks by Exploiting Loss Trajectory. CoRR abs\/2208.14933 , 2022 . Yiyong Liu, Zhengyu Zhao, Michael Backes, and Yang Zhang. Membership Inference Attacks by Exploiting Loss Trajectory. CoRR abs\/2208.14933, 2022."},{"key":"e_1_3_2_1_30_1","first-page":"497","volume-title":"Vitaly Shmatikov. Exploiting Unintended Feature Leakage in Collaborative Learning. In IEEE Symposium on Security and Privacy (S&P)","author":"Melis Luca","year":"2019","unstructured":"Luca Melis , Congzheng Song , Emiliano De Cristofaro , and Vitaly Shmatikov. Exploiting Unintended Feature Leakage in Collaborative Learning. In IEEE Symposium on Security and Privacy (S&P) , pages 497 -- 512 . IEEE, 2019 . Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. Exploiting Unintended Feature Leakage in Collaborative Learning. In IEEE Symposium on Security and Privacy (S&P), pages 497--512. IEEE, 2019."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_1_32_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Papernot Nicolas","year":"2017","unstructured":"Nicolas Papernot , Martin Abadi , Ulfar Erlingsson , Ian Goodfellow , and Kunal Talwar . Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data . In International Conference on Learning Representations (ICLR) , 2017 . Nicolas Papernot, Martin Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data. In International Conference on Learning Representations (ICLR), 2017."},{"key":"e_1_3_2_1_33_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Pereyra Gabriel","year":"2017","unstructured":"Gabriel Pereyra , George Tucker , Jan Chorowski , Lukasz Kaiser , and Geoffrey E. Hinton . Regularizing Neural Networks by Penalizing Confident Output Distributions . In International Conference on Learning Representations (ICLR) , 2017 . Gabriel Pereyra, George Tucker, Jan Chorowski, Lukasz Kaiser, and Geoffrey E. Hinton. Regularizing Neural Networks by Penalizing Confident Output Distributions. In International Conference on Learning Representations (ICLR), 2017."},{"key":"e_1_3_2_1_34_1","volume-title":"Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries. CoRR abs\/2009.00395","author":"Rahimian Shadi","year":"2020","unstructured":"Shadi Rahimian , Tribhuvanesh Orekondy , and Mario Fritz . Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries. CoRR abs\/2009.00395 , 2020 . Shadi Rahimian, Tribhuvanesh Orekondy, and Mario Fritz. Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries. CoRR abs\/2009.00395, 2020."},{"key":"e_1_3_2_1_35_1","volume-title":"Yoshua Bengio. FitNets: Hints for Thin Deep Nets. In International Conference on Learning Representations (ICLR)","author":"Romero Adriana","year":"2015","unstructured":"Adriana Romero , Nicolas Ballas , Samira Ebrahimi Kahou , Antoine Chassang , Carlo Gatta , and Yoshua Bengio. FitNets: Hints for Thin Deep Nets. In International Conference on Learning Representations (ICLR) , 2015 . Adriana Romero, Nicolas Ballas, Samira Ebrahimi Kahou, Antoine Chassang, Carlo Gatta, and Yoshua Bengio. FitNets: Hints for Thin Deep Nets. In International Conference on Learning Representations (ICLR), 2015."},{"key":"e_1_3_2_1_36_1","first-page":"5558","volume-title":"International Conference on Machine Learning (ICML)","author":"Sablayrolles Alexandre","year":"2019","unstructured":"Alexandre Sablayrolles , Matthijs Douze , Cordelia Schmid , Yann Ollivier , and Herv\u00e9 J\u00e9gou . White-box vs Black-box: Bayes Optimal Strategies for Membership Inference . In International Conference on Machine Learning (ICML) , pages 5558 -- 5567 . PMLR, 2019 . Alexandre Sablayrolles, Matthijs Douze, Cordelia Schmid, Yann Ollivier, and Herv\u00e9 J\u00e9gou. White-box vs Black-box: Bayes Optimal Strategies for Membership Inference. In International Conference on Machine Learning (ICML), pages 5558-- 5567. PMLR, 2019."},{"key":"e_1_3_2_1_37_1","volume-title":"Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium (NDSS). Internet Society","author":"Salem Ahmed","year":"2019","unstructured":"Ahmed Salem , Yang Zhang , Mathias Humbert , Pascal Berrang , Mario Fritz , and Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium (NDSS). Internet Society , 2019 . Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium (NDSS). Internet Society, 2019."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00474"},{"key":"e_1_3_2_1_39_1","first-page":"9549","volume-title":"Shejwalkar and Amir Houmansadr. Membership Privacy for Machine Learning Models Through Knowledge Transfer. In AAAI Conference on Artificial Intelligence (AAAI)","author":"Virat","year":"2021","unstructured":"Virat Shejwalkar and Amir Houmansadr. Membership Privacy for Machine Learning Models Through Knowledge Transfer. In AAAI Conference on Artificial Intelligence (AAAI) , pages 9549 -- 9557 . AAAI, 2021 . Virat Shejwalkar and Amir Houmansadr. Membership Privacy for Machine Learning Models Through Knowledge Transfer. In AAAI Conference on Artificial Intelligence (AAAI), pages 9549--9557. AAAI, 2021."},{"key":"e_1_3_2_1_40_1","first-page":"3","volume-title":"Vitaly Shmatikov. Membership Inference Attacks Against Machine Learning Models. In IEEE Symposium on Security and Privacy (S&P)","author":"Shokri Reza","year":"2017","unstructured":"Reza Shokri , Marco Stronati , Congzheng Song , and Vitaly Shmatikov. Membership Inference Attacks Against Machine Learning Models. In IEEE Symposium on Security and Privacy (S&P) , pages 3 -- 18 . IEEE, 2017 . Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. Membership Inference Attacks Against Machine Learning Models. In IEEE Symposium on Security and Privacy (S&P), pages 3--18. IEEE, 2017."},{"key":"e_1_3_2_1_41_1","volume-title":"Simonyan and Andrew Zisserman. Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations (ICLR)","author":"Karen","year":"2015","unstructured":"Karen Simonyan and Andrew Zisserman. Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations (ICLR) , 2015 . Karen Simonyan and Andrew Zisserman. Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations (ICLR), 2015."},{"key":"e_1_3_2_1_42_1","first-page":"196","volume-title":"Song and Vitaly Shmatikov. Auditing Data Provenance in TextGeneration Models. In ACM Conference on Knowledge Discovery and Data Mining (KDD)","author":"Congzheng","year":"2019","unstructured":"Congzheng Song and Vitaly Shmatikov. Auditing Data Provenance in TextGeneration Models. In ACM Conference on Knowledge Discovery and Data Mining (KDD) , pages 196 -- 206 . ACM, 2019 . Congzheng Song and Vitaly Shmatikov. Auditing Data Provenance in TextGeneration Models. In ACM Conference on Knowledge Discovery and Data Mining (KDD), pages 196--206. ACM, 2019."},{"key":"e_1_3_2_1_43_1","volume-title":"Song and Prateek Mittal. Systematic Evaluation of Privacy Risks of Machine Learning Models. In USENIX Security Symposium (USENIX Security). USENIX","author":"Liwei","year":"2021","unstructured":"Liwei Song and Prateek Mittal. Systematic Evaluation of Privacy Risks of Machine Learning Models. In USENIX Security Symposium (USENIX Security). USENIX , 2021 . Liwei Song and Prateek Mittal. Systematic Evaluation of Privacy Risks of Machine Learning Models. In USENIX Security Symposium (USENIX Security). USENIX, 2021."},{"key":"e_1_3_2_1_44_1","volume-title":"Journal of Machine Learning Research","author":"Srivastava Nitish","year":"2014","unstructured":"Nitish Srivastava , Geoffrey Hinton , Alex Krizhevsky , Ilya Sutskever , and Ruslan Salakhutdinov. Dropout : A Simple Way to Prevent Neural Networks from Overfitting . Journal of Machine Learning Research , 2014 . Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. Dropout: A Simple Way to Prevent Neural Networks from Overfitting. Journal of Machine Learning Research, 2014."},{"key":"e_1_3_2_1_45_1","first-page":"1195","volume-title":"Annual Conference on Neural Information Processing Systems (NIPS)","author":"Tarvainen Antti","year":"2017","unstructured":"Antti Tarvainen and Harri Valpola . Mean teachers are better role models: Weightaveraged consistency targets improve semi-supervised deep learning results . In Annual Conference on Neural Information Processing Systems (NIPS) , pages 1195 -- 1204 . NIPS, 2017 . Antti Tarvainen and Harri Valpola. Mean teachers are better role models: Weightaveraged consistency targets improve semi-supervised deep learning results. In Annual Conference on Neural Information Processing Systems (NIPS), pages 1195--1204. NIPS, 2017."},{"key":"e_1_3_2_1_46_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Toneva Mariya","year":"2019","unstructured":"Mariya Toneva , Alessandro Sordoni , Remi Tachet des Combes , Adam Trischler , Yoshua Bengio , and Geoffrey J. Gordon . An Empirical Study of Example Forgetting during Deep Neural Network Learning . In International Conference on Learning Representations (ICLR) , 2019 . Mariya Toneva, Alessandro Sordoni, Remi Tachet des Combes, Adam Trischler, Yoshua Bengio, and Geoffrey J. Gordon. An Empirical Study of Example Forgetting during Deep Neural Network Learning. In International Conference on Learning Representations (ICLR), 2019."},{"key":"e_1_3_2_1_47_1","first-page":"601","volume-title":"USENIX Security Symposium (USENIX Security)","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r , Fan Zhang , Ari Juels , Michael K. Reiter , and Thomas Ristenpart . Stealing Machine Learning Models via Prediction APIs . In USENIX Security Symposium (USENIX Security) , pages 601 -- 618 . USENIX, 2016 . Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing Machine Learning Models via Prediction APIs. In USENIX Security Symposium (USENIX Security), pages 601--618. USENIX, 2016."},{"key":"e_1_3_2_1_48_1","volume-title":"On the Importance of Difficulty Calibration in Membership Inference Attacks. CoRR abs\/2111.08440","author":"Watson Lauren","year":"2021","unstructured":"Lauren Watson , Chuan Guo , Graham Cormode , and Alexandre Sablayrolles . On the Importance of Difficulty Calibration in Membership Inference Attacks. CoRR abs\/2111.08440 , 2021 . Lauren Watson, Chuan Guo, Graham Cormode, and Alexandre Sablayrolles. On the Importance of Difficulty Calibration in Membership Inference Attacks. CoRR abs\/2111.08440, 2021."},{"key":"e_1_3_2_1_49_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Xu Zheng","year":"2018","unstructured":"Zheng Xu , Yen-Chang Hsu , and Jiawei Huang . Training Shallow and Thin Networks for Acceleration via Knowledge Distillation with Conditional Adversarial Networks . In International Conference on Learning Representations (ICLR) , 2018 . Zheng Xu, Yen-Chang Hsu, and Jiawei Huang. Training Shallow and Thin Networks for Acceleration via Knowledge Distillation with Conditional Adversarial Networks. In International Conference on Learning Representations (ICLR), 2018."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2814575"},{"key":"e_1_3_2_1_51_1","volume-title":"Sasi Kumar Murakonda, and Reza Shokri. Enhanced Membership Inference Attacks against Machine Learning Models. CoRR abs\/2111.09679","author":"Ye Jiayuan","year":"2021","unstructured":"Jiayuan Ye , Aadyaa Maddi , Sasi Kumar Murakonda, and Reza Shokri. Enhanced Membership Inference Attacks against Machine Learning Models. CoRR abs\/2111.09679 , 2021 . Jiayuan Ye, Aadyaa Maddi, Sasi Kumar Murakonda, and Reza Shokri. Enhanced Membership Inference Attacks against Machine Learning Models. CoRR abs\/2111.09679, 2021."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_1_53_1","first-page":"7130","volume-title":"Network Minimization and Transfer Learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Yim Junho","year":"2017","unstructured":"Junho Yim , Donggyu Joo , Ji-Hoon Bae , and Junmo Kim . A Gift from Knowledge Distillation: Fast Optimization , Network Minimization and Transfer Learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) , pages 7130 -- 7138 . IEEE, 2017 . Junho Yim, Donggyu Joo, Ji-Hoon Bae, and Junmo Kim. A Gift from Knowledge Distillation: Fast Optimization, Network Minimization and Transfer Learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 7130--7138. IEEE, 2017."},{"key":"e_1_3_2_1_54_1","volume-title":"Zagoruyko and Nikos Komodakis. Wide Residual Networks. In Proceedings of the British Machine Vision Conference (BMVC). BMVA Press","author":"Sergey","year":"2016","unstructured":"Sergey Zagoruyko and Nikos Komodakis. Wide Residual Networks. In Proceedings of the British Machine Vision Conference (BMVC). BMVA Press , 2016 . Sergey Zagoruyko and Nikos Komodakis. Wide Residual Networks. In Proceedings of the British Machine Vision Conference (BMVC). BMVA Press, 2016."},{"key":"e_1_3_2_1_55_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Zagoruyko Sergey","year":"2017","unstructured":"Sergey Zagoruyko and Nikos Komodakis . Paying More Attention to Attention: Improving the Performance of Convolutional Neural Networks via Attention Transfer . In International Conference on Learning Representations (ICLR) , 2017 . Sergey Zagoruyko and Nikos Komodakis. Paying More Attention to Attention: Improving the Performance of Convolutional Neural Networks via Attention Transfer. In International Conference on Learning Representations (ICLR), 2017."},{"key":"e_1_3_2_1_56_1","first-page":"864","volume-title":"Yang Zhang. Membership Inference Attacks Against Recommender Systems. In ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Zhang Minxing","year":"2021","unstructured":"Minxing Zhang , Zhaochun Ren , Zihan Wang , Pengjie Ren , Zhumin Chen , Pengfei Hu , and Yang Zhang. Membership Inference Attacks Against Recommender Systems. In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 864 -- 879 . ACM, 2021 . Minxing Zhang, Zhaochun Ren, Zihan Wang, Pengjie Ren, Zhumin Chen, Pengfei Hu, and Yang Zhang. Membership Inference Attacks Against Recommender Systems. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 864--879. ACM, 2021."}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560684","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560684","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:59Z","timestamp":1750182539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560684"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":56,"alternative-id":["10.1145\/3548606.3560684","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560684","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}