{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:13:40Z","timestamp":1750220020889,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-20-1-0074"],"award-info":[{"award-number":["FA9550-20-1-0074"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2153136"],"award-info":[{"award-number":["CNS-2153136"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-20-1-2636"],"award-info":[{"award-number":["N00014-20-1-2636"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3582821","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"95-108","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["LDL: A Defense for Label-Based Membership Inference Attacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9050-0129","authenticated-orcid":false,"given":"Arezoo","family":"Rajabi","sequence":"first","affiliation":[{"name":"University of Washington, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7776-7865","authenticated-orcid":false,"given":"Dinuka","family":"Sahabandu","sequence":"additional","affiliation":[{"name":"University of Washington, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8591-5522","authenticated-orcid":false,"given":"Luyao","family":"Niu","sequence":"additional","affiliation":[{"name":"University of Washington, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2166-7838","authenticated-orcid":false,"given":"Bhaskar","family":"Ramasubramanian","sequence":"additional","affiliation":[{"name":"Western Washington University, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0269-8097","authenticated-orcid":false,"given":"Radha","family":"Poovendran","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, University of Washington, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_2_1","volume-title":"IEEE 55th Annual Symposium on Foundations of Computer Science","author":"Bassily Raef","year":"2014","unstructured":"Raef Bassily , Adam Smith , and Abhradeep Thakurta . 2014 . Private empirical risk minimization: Efficient algorithms and tight error bounds . In IEEE 55th Annual Symposium on Foundations of Computer Science . New York, NY, USA, 464\u2013473. Raef Bassily, Adam Smith, and Abhradeep Thakurta. 2014. Private empirical risk minimization: Efficient algorithms and tight error bounds. In IEEE 55th Annual Symposium on Foundations of Computer Science. New York, NY, USA, 464\u2013473."},{"key":"e_1_3_2_1_3_1","article-title":"Deep learning with Gaussian differential privacy","volume":"2020","author":"Bu Zhiqi","year":"2020","unstructured":"Zhiqi Bu , Jinshuo Dong , Qi Long , and Weijie\u00a0 J Su . 2020 . Deep learning with Gaussian differential privacy . Harvard Data Science Review 2020 , 23 (2020). Zhiqi Bu, Jinshuo Dong, Qi Long, and Weijie\u00a0J Su. 2020. Deep learning with Gaussian differential privacy. Harvard Data Science Review 2020, 23 (2020).","journal-title":"Harvard Data Science Review"},{"key":"e_1_3_2_1_4_1","first-page":"15676","article-title":"The discrete gaussian for differential privacy","volume":"33","author":"Canonne L","year":"2020","unstructured":"Cl\u00e9ment\u00a0 L Canonne , Gautam Kamath , and Thomas Steinke . 2020 . The discrete gaussian for differential privacy . Advances in Neural Information Processing Systems 33 (2020), 15676 \u2013 15688 . Cl\u00e9ment\u00a0L Canonne, Gautam Kamath, and Thomas Steinke. 2020. The discrete gaussian for differential privacy. Advances in Neural Information Processing Systems 33 (2020), 15676\u201315688.","journal-title":"Advances in Neural Information Processing Systems"},{"volume-title":"USENIX Security","author":"Carlini Nicholas","unstructured":"Nicholas Carlini , Chang Liu , \u00dalfar Erlingsson , Jernej Kos , and Dawn Song . 2019. The secret sharer: Evaluating and testing unintended memorization in neural networks . In USENIX Security . USENIX Association , Berkeley, CA, USA , 267\u2013284. Nicholas Carlini, Chang Liu, \u00dalfar Erlingsson, Jernej Kos, and Dawn Song. 2019. The secret sharer: Evaluating and testing unintended memorization in neural networks. In USENIX Security. USENIX Association, Berkeley, CA, USA, 267\u2013284.","key":"e_1_3_2_1_5_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1145\/3128572.3140444"},{"key":"e_1_3_2_1_7_1","article-title":"Differentially private empirical risk minimization","volume":"12","author":"Chaudhuri Kamalika","year":"2011","unstructured":"Kamalika Chaudhuri , Claire Monteleoni , and Anand\u00a0 D Sarwate . 2011 . Differentially private empirical risk minimization . Journal of Machine Learning Research 12 , 3 (2011). Kamalika Chaudhuri, Claire Monteleoni, and Anand\u00a0D Sarwate. 2011. Differentially private empirical risk minimization. Journal of Machine Learning Research 12, 3 (2011).","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_8_1","volume-title":"IEEE Symposium on Security and Privacy. IEEE","author":"Chen Jianbo","year":"2020","unstructured":"Jianbo Chen , Michael\u00a0 I Jordan , and Martin\u00a0 J Wainwright . 2020 . HopSkipJumpAttack: A query-efficient decision-based attack . In IEEE Symposium on Security and Privacy. IEEE , New York, NY, USA, 1277\u20131294. Jianbo Chen, Michael\u00a0I Jordan, and Martin\u00a0J Wainwright. 2020. HopSkipJumpAttack: A query-efficient decision-based attack. In IEEE Symposium on Security and Privacy. IEEE, New York, NY, USA, 1277\u20131294."},{"key":"e_1_3_2_1_9_1","volume-title":"International Conference on Machine Learning. PMLR","author":"Choquette-Choo A","year":"2021","unstructured":"Christopher\u00a0 A Choquette-Choo , Florian Tramer , Nicholas Carlini , and Nicolas Papernot . 2021 . Label-only membership inference attacks . In International Conference on Machine Learning. PMLR , 1964\u20131974. Christopher\u00a0A Choquette-Choo, Florian Tramer, Nicholas Carlini, and Nicolas Papernot. 2021. Label-only membership inference attacks. In International Conference on Machine Learning. PMLR, 1964\u20131974."},{"key":"e_1_3_2_1_10_1","volume-title":"International Conference on Machine Learning. PMLR, 1310\u20131320","author":"Cohen Jeremy","year":"2019","unstructured":"Jeremy Cohen , Elan Rosenfeld , and Zico Kolter . 2019 . Certified adversarial robustness via randomized smoothing . In International Conference on Machine Learning. PMLR, 1310\u20131320 . Jeremy Cohen, Elan Rosenfeld, and Zico Kolter. 2019. Certified adversarial robustness via randomized smoothing. In International Conference on Machine Learning. PMLR, 1310\u20131320."},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. Int. Conf. on Learning Representations.","author":"Goodfellow Ian","year":"2015","unstructured":"Ian Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and Harnessing Adversarial Examples . In Proc. Int. Conf. on Learning Representations. Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In Proc. Int. Conf. on Learning Representations."},{"volume-title":"The elements of statistical learning: Data mining, inference, and prediction. Vol.\u00a02","author":"Hastie Trevor","unstructured":"Trevor Hastie , Robert Tibshirani , Jerome\u00a0 H Friedman , and Jerome\u00a0 H Friedman . 2009. The elements of statistical learning: Data mining, inference, and prediction. Vol.\u00a02 . Springer . Trevor Hastie, Robert Tibshirani, Jerome\u00a0H Friedman, and Jerome\u00a0H Friedman. 2009. The elements of statistical learning: Data mining, inference, and prediction. Vol.\u00a02. Springer.","key":"e_1_3_2_1_12_1"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the ACM Conference on Data and Application Security and Privacy. ACM","author":"Hesamifard Ehsan","year":"2019","unstructured":"Ehsan Hesamifard , Hassan Takabi , and Mehdi Ghasemi . 2019 . Deep neural networks classification over encrypted data . In Proceedings of the ACM Conference on Data and Application Security and Privacy. ACM , New York, NY, USA, 97\u2013108. Ehsan Hesamifard, Hassan Takabi, and Mehdi Ghasemi. 2019. Deep neural networks classification over encrypted data. In Proceedings of the ACM Conference on Data and Application Security and Privacy. ACM, New York, NY, USA, 97\u2013108."},{"key":"e_1_3_2_1_14_1","volume-title":"Detection of Traffic Signs in Real-World Images: The German Traffic Sign Detection Benchmark. In International Joint Conference on Neural Networks. IEEE","author":"Houben Sebastian","year":"2013","unstructured":"Sebastian Houben , Johannes Stallkamp , Jan Salmen , Marc Schlipsing , and Christian Igel . 2013 . Detection of Traffic Signs in Real-World Images: The German Traffic Sign Detection Benchmark. In International Joint Conference on Neural Networks. IEEE , New York, NY, USA. Sebastian Houben, Johannes Stallkamp, Jan Salmen, Marc Schlipsing, and Christian Igel. 2013. Detection of Traffic Signs in Real-World Images: The German Traffic Sign Detection Benchmark. In International Joint Conference on Neural Networks. IEEE, New York, NY, USA."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.1109\/TVT.2020.3034800"},{"volume-title":"Advances in Neural Information Processing Systems, Vol.\u00a025. Curran Associates","author":"Huang B.","unstructured":"Gary\u00a0 B. Huang , Marwan Mattar , Honglak Lee , and Erik Learned-Miller . 2012. Learning to Align from Scratch . In Advances in Neural Information Processing Systems, Vol.\u00a025. Curran Associates , Red Hook, NY, USA . Gary\u00a0B. Huang, Marwan Mattar, Honglak Lee, and Erik Learned-Miller. 2012. Learning to Align from Scratch. In Advances in Neural Information Processing Systems, Vol.\u00a025. Curran Associates, Red Hook, NY, USA.","key":"e_1_3_2_1_16_1"},{"key":"e_1_3_2_1_17_1","volume-title":"IEEE Symposium on Security and Privacy (SP)","author":"Iyengar Roger","year":"2019","unstructured":"Roger Iyengar , Joseph\u00a0 P Near , Dawn Song , Om Thakkar , Abhradeep Thakurta , and Lun Wang . 2019 . Towards practical differentially private convex optimization . In IEEE Symposium on Security and Privacy (SP) . New York, NY, USA, 299\u2013316. Roger Iyengar, Joseph\u00a0P Near, Dawn Song, Om Thakkar, Abhradeep Thakurta, and Lun Wang. 2019. Towards practical differentially private convex optimization. In IEEE Symposium on Security and Privacy (SP). New York, NY, USA, 299\u2013316."},{"key":"e_1_3_2_1_18_1","volume-title":"Privacy Enhancing Technology Symposium (PETS) 2021","author":"Jayaraman Bargav","year":"2021","unstructured":"Bargav Jayaraman , Lingxiao Wang , Katherine Knipmeyer , Quanquan Gu , and David Evans . 2021 . Revisiting membership inference under realistic assumptions . Privacy Enhancing Technology Symposium (PETS) 2021 (2021), 348\u2013468. Bargav Jayaraman, Lingxiao Wang, Katherine Knipmeyer, Quanquan Gu, and David Evans. 2021. Revisiting membership inference under realistic assumptions. Privacy Enhancing Technology Symposium (PETS) 2021 (2021), 348\u2013468."},{"key":"e_1_3_2_1_19_1","volume-title":"Attriguard: A practical defense against attribute inference attacks via adversarial machine learning. In USENIX Security","author":"Jia Jinyuan","year":"2018","unstructured":"Jinyuan Jia and Neil\u00a0Zhenqiang Gong . 2018 . Attriguard: A practical defense against attribute inference attacks via adversarial machine learning. In USENIX Security . USENIX Association , Berkeley, CA, USA , 513\u2013529. Jinyuan Jia and Neil\u00a0Zhenqiang Gong. 2018. Attriguard: A practical defense against attribute inference attacks via adversarial machine learning. In USENIX Security. USENIX Association, Berkeley, CA, USA, 513\u2013529."},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM","author":"Jia Jinyuan","year":"2019","unstructured":"Jinyuan Jia , Ahmed Salem , Michael Backes , Yang Zhang , and Neil\u00a0Zhenqiang Gong . 2019 . Memguard: Defending against black-box membership inference attacks via adversarial examples . In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM , New York, NY, USA, 259\u2013274. Jinyuan Jia, Ahmed Salem, Michael Backes, Yang Zhang, and Neil\u00a0Zhenqiang Gong. 2019. Memguard: Defending against black-box membership inference attacks via adversarial examples. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 259\u2013274."},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the ACM Conference on Data and Application Security and Privacy. ACM","author":"Li Jiacheng","year":"2021","unstructured":"Jiacheng Li , Ninghui Li , and Bruno Ribeiro . 2021 . Membership Inference Attacks and Defenses in Classification Models . In Proceedings of the ACM Conference on Data and Application Security and Privacy. ACM , New York, NY, USA, 5\u201316. Jiacheng Li, Ninghui Li, and Bruno Ribeiro. 2021. Membership Inference Attacks and Defenses in Classification Models. In Proceedings of the ACM Conference on Data and Application Security and Privacy. ACM, New York, NY, USA, 5\u201316."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM","author":"Li Zheng","year":"2021","unstructured":"Zheng Li and Yang Zhang . 2021 . Membership leakage in label-only exposures . In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM , New York, NY, USA, 880\u2013895. Zheng Li and Yang Zhang. 2021. Membership leakage in label-only exposures. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 880\u2013895."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1145\/3436755"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1109\/ACCESS.2018.2805680"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1109\/ACCESS.2020.3045078"},{"unstructured":"H\u00a0Brendan McMahan Daniel Ramage Kunal Talwar and Li Zhang. 2017. Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963.  H\u00a0Brendan McMahan Daniel Ramage Kunal Talwar and Li Zhang. 2017. Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963.","key":"e_1_3_2_1_27_1"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM","author":"McSherry D","year":"2009","unstructured":"Frank\u00a0 D McSherry . 2009 . Privacy integrated queries: An extensible platform for privacy-preserving data analysis . In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM , New York, NY, USA, 19\u201330. Frank\u00a0D McSherry. 2009. Privacy integrated queries: An extensible platform for privacy-preserving data analysis. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM, New York, NY, USA, 19\u201330."},{"volume-title":"Machine learning: A probabilistic perspective","author":"Murphy P","unstructured":"Kevin\u00a0 P Murphy . 2012. Machine learning: A probabilistic perspective . MIT Press , Cambridge, MA, USA . Kevin\u00a0P Murphy. 2012. Machine learning: A probabilistic perspective. MIT Press, Cambridge, MA, USA.","key":"e_1_3_2_1_29_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/3243734.3243855"},{"unstructured":"Nicolas Papernot Shuang Song Ilya Mironov Ananth Raghunathan Kunal Talwar and \u00dalfar Erlingsson. 2018. Scalable private learning with PATE. arXiv preprint arXiv:1802.08908.  Nicolas Papernot Shuang Song Ilya Mironov Ananth Raghunathan Kunal Talwar and \u00dalfar Erlingsson. 2018. Scalable private learning with PATE. arXiv preprint arXiv:1802.08908.","key":"e_1_3_2_1_31_1"},{"unstructured":"Maria Rigaki and Sebastian Garcia. 2020. A survey of privacy attacks in machine learning. arXiv preprint arXiv:2007.07646.  Maria Rigaki and Sebastian Garcia. 2020. A survey of privacy attacks in machine learning. arXiv preprint arXiv:2007.07646.","key":"e_1_3_2_1_32_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1109\/SP.2017.41"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.5555\/2627435.2670313"},{"key":"e_1_3_2_1_35_1","article-title":"Visualizing data using t-SNE","volume":"9","author":"Maaten Laurens Van\u00a0der","year":"2008","unstructured":"Laurens Van\u00a0der Maaten and Geoffrey Hinton . 2008 . Visualizing data using t-SNE . Journal of Machine Learning Research 9 , 11 (2008). Laurens Van\u00a0der Maaten and Geoffrey Hinton. 2008. Visualizing data using t-SNE. Journal of Machine Learning Research 9, 11 (2008).","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_36_1","article-title":"Algorithms that remember: Model inversion attacks and data protection law","volume":"376","author":"Veale Michael","year":"2018","unstructured":"Michael Veale , Reuben Binns , and Lilian Edwards . 2018 . Algorithms that remember: Model inversion attacks and data protection law . Philosophical Transactions of the Royal Society A 376 , 2133 (2018). Michael Veale, Reuben Binns, and Lilian Edwards. 2018. Algorithms that remember: Model inversion attacks and data protection law. Philosophical Transactions of the Royal Society A 376, 2133 (2018).","journal-title":"Philosophical Transactions of the Royal Society A"},{"unstructured":"Ziqi Yang Bin Shao Bohan Xuan Ee-Chien Chang and Fan Zhang. 2020. Defending model inversion and membership inference attacks via prediction purification. arXiv preprint arXiv:2005.03915.  Ziqi Yang Bin Shao Bohan Xuan Ee-Chien Chang and Fan Zhang. 2020. Defending model inversion and membership inference attacks via prediction purification. arXiv preprint arXiv:2005.03915.","key":"e_1_3_2_1_37_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_38_1","DOI":"10.1109\/TIFS.2022.3163591"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_39_1","DOI":"10.1109\/TIFS.2022.3163591"},{"unstructured":"Jiayuan Ye Aadyaa Maddi Sasi\u00a0Kumar Murakonda and Reza Shokri. 2021. Enhanced Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:2111.09679.  Jiayuan Ye Aadyaa Maddi Sasi\u00a0Kumar Murakonda and Reza Shokri. 2021. Enhanced Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:2111.09679.","key":"e_1_3_2_1_40_1"},{"key":"e_1_3_2_1_41_1","volume-title":"IEEE Computer Security Foundations Symposium. IEEE","author":"Yeom Samuel","year":"2018","unstructured":"Samuel Yeom , Irene Giacomelli , Matt Fredrikson , and Somesh Jha . 2018 . Privacy risk in machine learning: Analyzing the connection to overfitting . In IEEE Computer Security Foundations Symposium. IEEE , New York, NY, USA, 268\u2013282. Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In IEEE Computer Security Foundations Symposium. IEEE, New York, NY, USA, 268\u2013282."}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"ASIA CCS '23","name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia"},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582821","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3579856.3582821","content-type":"text\/html","content-version":"vor","intended-application":"syndication"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:27Z","timestamp":1750182687000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582821"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":40,"alternative-id":["10.1145\/3579856.3582821","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3582821","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}