{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T18:38:56Z","timestamp":1770835136025,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3590333","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"136-148","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Data Privacy Examination against Semi-Supervised Learning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3810-7877","authenticated-orcid":false,"given":"Jiadong","family":"Lou","sequence":"first","affiliation":[{"name":"School of Computing and Informatics, University of Louisiana at Lafayette, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3775-3033","authenticated-orcid":false,"given":"Xu","family":"Yuan","sequence":"additional","affiliation":[{"name":"School of Computing and Informatics, University of Louisiana at Lafayette, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2138-4413","authenticated-orcid":false,"given":"Miao","family":"Pan","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering, University of Houston, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1444-2657","authenticated-orcid":false,"given":"Hao","family":"Wang","sequence":"additional","affiliation":[{"name":"Division of Computer Science and Engineering, Louisiana State University, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8357-6632","authenticated-orcid":false,"given":"Nian-Feng","family":"Tzeng","sequence":"additional","affiliation":[{"name":"School of Computing and Informatics, University of Louisiana at Lafayette, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. CIFAR-100. https:\/\/www.cs.toronto.edu\/\u00a0kriz\/cifar.html.  [n. d.]. CIFAR-100. https:\/\/www.cs.toronto.edu\/\u00a0kriz\/cifar.html."},{"key":"e_1_3_2_1_2_1","unstructured":"2020. Twitter demands AI company stops \u2019collecting faces\u2019. https:\/\/www.bbc.com\/news\/technology-51220654.  2020. Twitter demands AI company stops \u2019collecting faces\u2019. https:\/\/www.bbc.com\/news\/technology-51220654."},{"key":"e_1_3_2_1_3_1","unstructured":"2021. FTC settlement with Ever orders data and AIs deleted after facial recognition pivot. https:\/\/techcrunch.com\/2021\/01\/12\/ftc-settlement-with-ever-orders-data-and-ais-deleted-after-facial-recognition-pivot\/.  2021. FTC settlement with Ever orders data and AIs deleted after facial recognition pivot. https:\/\/techcrunch.com\/2021\/01\/12\/ftc-settlement-with-ever-orders-data-and-ais-deleted-after-facial-recognition-pivot\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 308\u2013318","author":"Abadi Martin","year":"2016","unstructured":"Martin Abadi , Andy Chu , Ian Goodfellow , H\u00a0Brendan McMahan , Ilya Mironov , Kunal Talwar , and Li Zhang . 2016 . Deep learning with differential privacy . In Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 308\u2013318 . Martin Abadi, Andy Chu, Ian Goodfellow, H\u00a0Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep learning with differential privacy. In Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 308\u2013318."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2014.56"},{"key":"e_1_3_2_1_6_1","volume-title":"ReMixMatch: Semi-Supervised Learning with Distribution Matching and Augmentation Anchoring. In International Conference on Learning Representations (ICLR).","author":"Berthelot David","year":"2019","unstructured":"David Berthelot , Nicholas Carlini , Ekin\u00a0 D Cubuk , Alex Kurakin , Kihyuk Sohn , Han Zhang , and Colin Raffel . 2019 . ReMixMatch: Semi-Supervised Learning with Distribution Matching and Augmentation Anchoring. In International Conference on Learning Representations (ICLR). David Berthelot, Nicholas Carlini, Ekin\u00a0D Cubuk, Alex Kurakin, Kihyuk Sohn, Han Zhang, and Colin Raffel. 2019. ReMixMatch: Semi-Supervised Learning with Distribution Matching and Augmentation Anchoring. In International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_1_7_1","volume-title":"Mixmatch: A holistic approach to semi-supervised learning. Advances in Neural Information Processing Systems (NIPS) 32","author":"Berthelot David","year":"2019","unstructured":"David Berthelot , Nicholas Carlini , Ian Goodfellow , Nicolas Papernot , Avital Oliver , and Colin\u00a0 A Raffel . 2019 . Mixmatch: A holistic approach to semi-supervised learning. Advances in Neural Information Processing Systems (NIPS) 32 (2019). David Berthelot, Nicholas Carlini, Ian Goodfellow, Nicolas Papernot, Avital Oliver, and Colin\u00a0A Raffel. 2019. Mixmatch: A holistic approach to semi-supervised learning. Advances in Neural Information Processing Systems (NIPS) 32 (2019)."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of USENIX Security Symposium. 1577\u20131592","author":"Carlini Nicholas","year":"2021","unstructured":"Nicholas Carlini . 2021 . Poisoning the Unlabeled Dataset of { Semi-Supervised} Learning . In Proceedings of USENIX Security Symposium. 1577\u20131592 . Nicholas Carlini. 2021. Poisoning the Unlabeled Dataset of { Semi-Supervised} Learning. In Proceedings of USENIX Security Symposium. 1577\u20131592."},{"key":"e_1_3_2_1_9_1","volume-title":"Membership Inference Attacks From First Principles. arXiv preprint arXiv:2112.03570","author":"Carlini Nicholas","year":"2021","unstructured":"Nicholas Carlini , Steve Chien , Milad Nasr , Shuang Song , Andreas Terzis , and Florian Tramer . 2021. Membership Inference Attacks From First Principles. arXiv preprint arXiv:2112.03570 ( 2021 ). Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramer. 2021. Membership Inference Attacks From First Principles. arXiv preprint arXiv:2112.03570 (2021)."},{"key":"e_1_3_2_1_10_1","volume-title":"IEEE Symposium on Security and Privacy. 1897\u20131914","author":"Carlini Nicholas","year":"2022","unstructured":"Nicholas Carlini , Steve Chien , Milad Nasr , Shuang Song , Andreas Terzis , and Florian Tramer . 2022 . Membership inference attacks from first principles . In IEEE Symposium on Security and Privacy. 1897\u20131914 . Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramer. 2022. Membership inference attacks from first principles. In IEEE Symposium on Security and Privacy. 1897\u20131914."},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of USENIX Security Symposium. 2633\u20132650","author":"Carlini Nicholas","year":"2021","unstructured":"Nicholas Carlini , Florian Tramer , Eric Wallace , Matthew Jagielski , Ariel Herbert-Voss , Katherine Lee , Adam Roberts , Tom Brown , Dawn Song , Ulfar Erlingsson , 2021 . Extracting training data from large language models . In Proceedings of USENIX Security Symposium. 2633\u20132650 . Nicholas Carlini, Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, 2021. Extracting training data from large language models. In Proceedings of USENIX Security Symposium. 2633\u20132650."},{"key":"e_1_3_2_1_12_1","volume-title":"International conference on machine learning. PMLR, 1597\u20131607","author":"Chen Ting","year":"2020","unstructured":"Ting Chen , Simon Kornblith , Mohammad Norouzi , and Geoffrey Hinton . 2020 . A simple framework for contrastive learning of visual representations . In International conference on machine learning. PMLR, 1597\u20131607 . Ting Chen, Simon Kornblith, Mohammad Norouzi, and Geoffrey Hinton. 2020. A simple framework for contrastive learning of visual representations. In International conference on machine learning. PMLR, 1597\u20131607."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of International Conference on Machine Learning (ICML). 1964\u20131974","author":"Choquette-Choo A","year":"2021","unstructured":"Christopher\u00a0 A Choquette-Choo , Florian Tramer , Nicholas Carlini , and Nicolas Papernot . 2021 . Label-only membership inference attacks . In Proceedings of International Conference on Machine Learning (ICML). 1964\u20131974 . Christopher\u00a0A Choquette-Choo, Florian Tramer, Nicholas Carlini, and Nicolas Papernot. 2021. Label-only membership inference attacks. In Proceedings of International Conference on Machine Learning (ICML). 1964\u20131974."},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the fourteenth international conference on artificial intelligence and statistics. 215\u2013223","author":"Coates Adam","year":"2011","unstructured":"Adam Coates , Andrew Ng , and Honglak Lee . 2011 . An analysis of single-layer networks in unsupervised feature learning . In Proceedings of the fourteenth international conference on artificial intelligence and statistics. 215\u2013223 . Adam Coates, Andrew Ng, and Honglak Lee. 2011. An analysis of single-layer networks in unsupervised feature learning. In Proceedings of the fourteenth international conference on artificial intelligence and statistics. 215\u2013223."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00975"},{"key":"e_1_3_2_1_16_1","volume-title":"Computer Vision\u2013ECCV 2022: 17th European Conference, Tel Aviv, Israel, October 23\u201327","author":"He Xinlei","year":"2022","unstructured":"Xinlei He , Hongbin Liu , Neil\u00a0Zhenqiang Gong , and Yang Zhang . 2022. Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning . In Computer Vision\u2013ECCV 2022: 17th European Conference, Tel Aviv, Israel, October 23\u201327 , 2022 , Proceedings, Part XXXI. Springer , 365\u2013381. Xinlei He, Hongbin Liu, Neil\u00a0Zhenqiang Gong, and Yang Zhang. 2022. Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning. In Computer Vision\u2013ECCV 2022: 17th European Conference, Tel Aviv, Israel, October 23\u201327, 2022, Proceedings, Part XXXI. Springer, 365\u2013381."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of International Joint Conference on Neural Networks (IJCNN). 1\u201310","author":"Hidano Seira","year":"2021","unstructured":"Seira Hidano , Takao Murakami , and Yusuke Kawamoto . 2021 . TransMIA: membership inference attacks using transfer shadow training . In Proceedings of International Joint Conference on Neural Networks (IJCNN). 1\u201310 . Seira Hidano, Takao Murakami, and Yusuke Kawamoto. 2021. TransMIA: membership inference attacks using transfer shadow training. In Proceedings of International Joint Conference on Neural Networks (IJCNN). 1\u201310."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of Network and Distributed Systems Security Symposium (NDSS).","author":"Hui Bo","year":"2021","unstructured":"Bo Hui , Yuchen Yang , Haolin Yuan , Philippe Burlina , Neil\u00a0Zhenqiang Gong , and Yinzhi Cao . 2021 . Practical Blind Membership Inference Attack via Differential Comparisons . In Proceedings of Network and Distributed Systems Security Symposium (NDSS). Bo Hui, Yuchen Yang, Haolin Yuan, Philippe Burlina, Neil\u00a0Zhenqiang Gong, and Yinzhi Cao. 2021. Practical Blind Membership Inference Attack via Differential Comparisons. In Proceedings of Network and Distributed Systems Security Symposium (NDSS)."},{"key":"e_1_3_2_1_19_1","volume-title":"2019 IEEE Symposium on Security and Privacy (S&P). IEEE, 299\u2013316","author":"Iyengar Roger","year":"2019","unstructured":"Roger Iyengar , Joseph\u00a0 P Near , Dawn Song , Om Thakkar , Abhradeep Thakurta , and Lun Wang . 2019 . Towards practical differentially private convex optimization . In 2019 IEEE Symposium on Security and Privacy (S&P). IEEE, 299\u2013316 . Roger Iyengar, Joseph\u00a0P Near, Dawn Song, Om Thakkar, Abhradeep Thakurta, and Lun Wang. 2019. Towards practical differentially private convex optimization. In 2019 IEEE Symposium on Security and Privacy (S&P). IEEE, 299\u2013316."},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 259\u2013274","author":"Jia Jinyuan","year":"2019","unstructured":"Jinyuan Jia , Ahmed Salem , Michael Backes , Yang Zhang , and Neil\u00a0Zhenqiang Gong . 2019 . Memguard: Defending against black-box membership inference attacks via adversarial examples . In Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 259\u2013274 . Jinyuan Jia, Ahmed Salem, Michael Backes, Yang Zhang, and Neil\u00a0Zhenqiang Gong. 2019. Memguard: Defending against black-box membership inference attacks via adversarial examples. In Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 259\u2013274."},{"key":"e_1_3_2_1_21_1","unstructured":"Alex Krizhevsky Geoffrey Hinton 2009. Learning multiple layers of features from tiny images. (2009).  Alex Krizhevsky Geoffrey Hinton 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_1_22_1","volume-title":"Temporal ensembling for semi-supervised learning. arXiv preprint arXiv:1610.02242","author":"Laine Samuli","year":"2016","unstructured":"Samuli Laine and Timo Aila . 2016. Temporal ensembling for semi-supervised learning. arXiv preprint arXiv:1610.02242 ( 2016 ). Samuli Laine and Timo Aila. 2016. Temporal ensembling for semi-supervised learning. arXiv preprint arXiv:1610.02242 (2016)."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of Workshop on challenges in representation learning, (ICML), Vol.\u00a03. 896","author":"Lee Dong-Hyun","year":"2013","unstructured":"Dong-Hyun Lee 2013 . Pseudo-label: The simple and efficient semi-supervised learning method for deep neural networks . In Proceedings of Workshop on challenges in representation learning, (ICML), Vol.\u00a03. 896 . Dong-Hyun Lee 2013. Pseudo-label: The simple and efficient semi-supervised learning method for deep neural networks. In Proceedings of Workshop on challenges in representation learning, (ICML), Vol.\u00a03. 896."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3422337.3447836"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484575"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS). 2081\u20132095","author":"Liu Hongbin","year":"2021","unstructured":"Hongbin Liu , Jinyuan Jia , Wenjie Qu , and Neil\u00a0Zhenqiang Gong . 2021 . EncoderMI: Membership Inference against Pre-trained Encoders in Contrastive Learning . In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS). 2081\u20132095 . Hongbin Liu, Jinyuan Jia, Wenjie Qu, and Neil\u00a0Zhenqiang Gong. 2021. EncoderMI: Membership Inference against Pre-trained Encoders in Contrastive Learning. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS). 2081\u20132095."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1975.10479874"},{"key":"e_1_3_2_1_28_1","volume-title":"Virtual adversarial training: a regularization method for supervised and semi-supervised learning","author":"Miyato Takeru","year":"2018","unstructured":"Takeru Miyato , Shin-ichi Maeda, Masanori Koyama , and Shin Ishii . 2018. Virtual adversarial training: a regularization method for supervised and semi-supervised learning . IEEE transactions on pattern analysis and machine intelligence 41, 8 ( 2018 ), 1979\u20131993. Takeru Miyato, Shin-ichi Maeda, Masanori Koyama, and Shin Ishii. 2018. Virtual adversarial training: a regularization method for supervised and semi-supervised learning. IEEE transactions on pattern analysis and machine intelligence 41, 8 (2018), 1979\u20131993."},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of IEEE symposium on security and privacy (S&P). 739\u2013753","author":"Nasr Milad","unstructured":"Milad Nasr , Reza Shokri , and Amir Houmansadr . [n. d.]. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning . In Proceedings of IEEE symposium on security and privacy (S&P). 739\u2013753 . Milad Nasr, Reza Shokri, and Amir Houmansadr. [n. d.]. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In Proceedings of IEEE symposium on security and privacy (S&P). 739\u2013753."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243855"},{"key":"e_1_3_2_1_31_1","unstructured":"Yuval Netzer Tao Wang Adam Coates Alessandro Bissacco Bo Wu and Andrew\u00a0Y Ng. 2011. Reading digits in natural images with unsupervised feature learning. (2011).  Yuval Netzer Tao Wang Adam Coates Alessandro Bissacco Bo Wu and Andrew\u00a0Y Ng. 2011. Reading digits in natural images with unsupervised feature learning. (2011)."},{"key":"e_1_3_2_1_32_1","volume-title":"Realistic evaluation of deep semi-supervised learning algorithms. Advances in neural information processing systems 31","author":"Oliver Avital","year":"2018","unstructured":"Avital Oliver , Augustus Odena , Colin\u00a0 A Raffel , Ekin\u00a0Dogus Cubuk , and Ian Goodfellow . 2018. Realistic evaluation of deep semi-supervised learning algorithms. Advances in neural information processing systems 31 ( 2018 ). Avital Oliver, Augustus Odena, Colin\u00a0A Raffel, Ekin\u00a0Dogus Cubuk, and Ian Goodfellow. 2018. Realistic evaluation of deep semi-supervised learning algorithms. Advances in neural information processing systems 31 (2018)."},{"key":"e_1_3_2_1_33_1","volume-title":"International Conference on Machine Learning. PMLR, 8748\u20138763","author":"Radford Alec","year":"2021","unstructured":"Alec Radford , Jong\u00a0Wook Kim , Chris Hallacy , Aditya Ramesh , Gabriel Goh , Sandhini Agarwal , Girish Sastry , Amanda Askell , Pamela Mishkin , Jack Clark , 2021 . Learning transferable visual models from natural language supervision . In International Conference on Machine Learning. PMLR, 8748\u20138763 . Alec Radford, Jong\u00a0Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agarwal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, 2021. Learning transferable visual models from natural language supervision. In International Conference on Machine Learning. PMLR, 8748\u20138763."},{"key":"e_1_3_2_1_34_1","volume-title":"Semi-supervised learning with ladder networks. Advances in neural information processing systems (NIPS) 28","author":"Rasmus Antti","year":"2015","unstructured":"Antti Rasmus , Mathias Berglund , Mikko Honkala , Harri Valpola , and Tapani Raiko . 2015. Semi-supervised learning with ladder networks. Advances in neural information processing systems (NIPS) 28 ( 2015 ). Antti Rasmus, Mathias Berglund, Mikko Honkala, Harri Valpola, and Tapani Raiko. 2015. Semi-supervised learning with ladder networks. Advances in neural information processing systems (NIPS) 28 (2015)."},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of International Conference on Machine Learning (ICML). 5558\u20135567","author":"Sablayrolles Alexandre","year":"2019","unstructured":"Alexandre Sablayrolles , Matthijs Douze , Cordelia Schmid , Yann Ollivier , and Herv\u00e9 J\u00e9gou . 2019 . White-box vs black-box: Bayes optimal strategies for membership inference . In Proceedings of International Conference on Machine Learning (ICML). 5558\u20135567 . Alexandre Sablayrolles, Matthijs Douze, Cordelia Schmid, Yann Ollivier, and Herv\u00e9 J\u00e9gou. 2019. White-box vs black-box: Bayes optimal strategies for membership inference. In Proceedings of International Conference on Machine Learning (ICML). 5558\u20135567."},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of 29th USENIX Security Symposium. 1291\u20131308","author":"Salem Ahmed","year":"2020","unstructured":"Ahmed Salem , Apratim Bhattacharya , Michael Backes , Mario Fritz , and Yang Zhang . 2020 . Updates-leak: Data set inference and reconstruction attacks in online learning . In Proceedings of 29th USENIX Security Symposium. 1291\u20131308 . Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, and Yang Zhang. 2020. Updates-leak: Data set inference and reconstruction attacks in online learning. In Proceedings of 29th USENIX Security Symposium. 1291\u20131308."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of Network and Distributed Systems Security Symposium (NDSS).","author":"Salem Ahmed","year":"2019","unstructured":"Ahmed Salem , Yang Zhang , Mathias Humbert , Mario Fritz , and Michael Backes . 2019 . ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models . In Proceedings of Network and Distributed Systems Security Symposium (NDSS). Ahmed Salem, Yang Zhang, Mathias Humbert, Mario Fritz, and Michael Backes. 2019. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Proceedings of Network and Distributed Systems Security Symposium (NDSS)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1965.1053799"},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 1310\u20131321","author":"Shokri Reza","year":"2015","unstructured":"Reza Shokri and Vitaly Shmatikov . 2015 . Privacy-preserving deep learning . In Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 1310\u20131321 . Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In Proceedings of the ACM SIGSAC conference on computer and communications security (CCS). 1310\u20131321."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of IEEE Symposium on Security and Privacy (S$P). 3\u201318","author":"Shokri Reza","year":"2017","unstructured":"Reza Shokri , Marco Stronati , Congzheng Song , and Vitaly Shmatikov . 2017 . Membership inference attacks against machine learning models . In Proceedings of IEEE Symposium on Security and Privacy (S$P). 3\u201318 . Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In Proceedings of IEEE Symposium on Security and Privacy (S$P). 3\u201318."},{"key":"e_1_3_2_1_41_1","volume-title":"Fixmatch: Simplifying semi-supervised learning with consistency and confidence. Advances in Neural Information Processing Systems (NIPS 33","author":"Sohn Kihyuk","year":"2020","unstructured":"Kihyuk Sohn , David Berthelot , Nicholas Carlini , Zizhao Zhang , Han Zhang , Colin\u00a0 A Raffel , Ekin\u00a0Dogus Cubuk , Alexey Kurakin , and Chun-Liang Li . 2020 . Fixmatch: Simplifying semi-supervised learning with consistency and confidence. Advances in Neural Information Processing Systems (NIPS 33 (2020), 596\u2013608. Kihyuk Sohn, David Berthelot, Nicholas Carlini, Zizhao Zhang, Han Zhang, Colin\u00a0A Raffel, Ekin\u00a0Dogus Cubuk, Alexey Kurakin, and Chun-Liang Li. 2020. Fixmatch: Simplifying semi-supervised learning with consistency and confidence. Advances in Neural Information Processing Systems (NIPS 33 (2020), 596\u2013608."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 377\u2013390","author":"Song Congzheng","year":"2020","unstructured":"Congzheng Song and Ananth Raghunathan . 2020 . Information leakage in embedding models . In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 377\u2013390 . Congzheng Song and Ananth Raghunathan. 2020. Information leakage in embedding models. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 377\u2013390."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of USENIX Security Symposium.","author":"Song Liwei","year":"2021","unstructured":"Liwei Song and Prateek Mittal . 2021 . Systematic evaluation of privacy risks of machine learning models . In Proceedings of USENIX Security Symposium. Liwei Song and Prateek Mittal. 2021. Systematic evaluation of privacy risks of machine learning models. In Proceedings of USENIX Security Symposium."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS). 241\u2013257","author":"Song Liwei","year":"2019","unstructured":"Liwei Song , Reza Shokri , and Prateek Mittal . 2019 . Privacy risks of securing machine learning models against adversarial examples . In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS). 241\u2013257 . Liwei Song, Reza Shokri, and Prateek Mittal. 2019. Privacy risks of securing machine learning models against adversarial examples. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS). 241\u2013257."},{"key":"e_1_3_2_1_45_1","volume-title":"Mean teachers are better role models: Weight-averaged consistency targets improve semi-supervised deep learning results. Advances in neural information processing systems (NIPS) 30","author":"Tarvainen Antti","year":"2017","unstructured":"Antti Tarvainen and Harri Valpola . 2017. Mean teachers are better role models: Weight-averaged consistency targets improve semi-supervised deep learning results. Advances in neural information processing systems (NIPS) 30 ( 2017 ). Antti Tarvainen and Harri Valpola. 2017. Mean teachers are better role models: Weight-averaged consistency targets improve semi-supervised deep learning results. Advances in neural information processing systems (NIPS) 30 (2017)."},{"key":"e_1_3_2_1_46_1","volume-title":"Differentially private empirical risk minimization revisited: Faster and more general. Advances in Neural Information Processing Systems 30","author":"Wang Di","year":"2017","unstructured":"Di Wang , Minwei Ye , and Jinhui Xu. 2017. Differentially private empirical risk minimization revisited: Faster and more general. Advances in Neural Information Processing Systems 30 ( 2017 ). Di Wang, Minwei Ye, and Jinhui Xu. 2017. Differentially private empirical risk minimization revisited: Faster and more general. Advances in Neural Information Processing Systems 30 (2017)."},{"key":"e_1_3_2_1_47_1","volume-title":"On the Importance of Difficulty Calibration in Membership Inference Attacks. arXiv preprint arXiv:2111.08440","author":"Watson Lauren","year":"2021","unstructured":"Lauren Watson , Chuan Guo , Graham Cormode , and Alex Sablayrolles . 2021. On the Importance of Difficulty Calibration in Membership Inference Attacks. arXiv preprint arXiv:2111.08440 ( 2021 ). Lauren Watson, Chuan Guo, Graham Cormode, and Alex Sablayrolles. 2021. On the Importance of Difficulty Calibration in Membership Inference Attacks. arXiv preprint arXiv:2111.08440 (2021)."},{"key":"e_1_3_2_1_48_1","first-page":"6256","article-title":"Unsupervised data augmentation for consistency training","volume":"33","author":"Xie Qizhe","year":"2020","unstructured":"Qizhe Xie , Zihang Dai , Eduard Hovy , Thang Luong , and Quoc Le . 2020 . Unsupervised data augmentation for consistency training . Advances in Neural Information Processing Systems (NIPS) 33 (2020), 6256 \u2013 6268 . Qizhe Xie, Zihang Dai, Eduard Hovy, Thang Luong, and Quoc Le. 2020. Unsupervised data augmentation for consistency training. Advances in Neural Information Processing Systems (NIPS) 33 (2020), 6256\u20136268.","journal-title":"Advances in Neural Information Processing Systems (NIPS)"},{"key":"e_1_3_2_1_49_1","volume-title":"Enhanced Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:2111.09679","author":"Ye Jiayuan","year":"2021","unstructured":"Jiayuan Ye , Aadyaa Maddi , Sasi\u00a0Kumar Murakonda , and Reza Shokri . 2021. Enhanced Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:2111.09679 ( 2021 ). Jiayuan Ye, Aadyaa Maddi, Sasi\u00a0Kumar Murakonda, and Reza Shokri. 2021. Enhanced Membership Inference Attacks against Machine Learning Models. arXiv preprint arXiv:2111.09679 (2021)."},{"key":"e_1_3_2_1_50_1","volume-title":"Privacy risk in machine learning: Analyzing the connection to overfitting. In computer security foundations symposium (CSF)","author":"Yeom Samuel","unstructured":"Samuel Yeom , Irene Giacomelli , Matt Fredrikson , and Somesh Jha . 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In computer security foundations symposium (CSF) . IEEE , 268\u2013282. Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In computer security foundations symposium (CSF). IEEE, 268\u2013282."},{"key":"e_1_3_2_1_51_1","volume-title":"2019 IEEE Symposium on Security and Privacy (S&P). IEEE, 332\u2013349","author":"Yu Lei","year":"2019","unstructured":"Lei Yu , Ling Liu , Calton Pu , Mehmet\u00a0Emre Gursoy , and Stacey Truex . 2019 . Differentially private model publishing for deep learning . In 2019 IEEE Symposium on Security and Privacy (S&P). IEEE, 332\u2013349 . Lei Yu, Ling Liu, Calton Pu, Mehmet\u00a0Emre Gursoy, and Stacey Truex. 2019. Differentially private model publishing for deep learning. In 2019 IEEE Symposium on Security and Privacy (S&P). IEEE, 332\u2013349."},{"key":"e_1_3_2_1_52_1","unstructured":"Xiaojin\u00a0Jerry Zhu. 2005. Semi-supervised learning literature survey. (2005).  Xiaojin\u00a0Jerry Zhu. 2005. Semi-supervised learning literature survey. (2005)."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590333","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:16Z","timestamp":1750183696000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590333"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":52,"alternative-id":["10.1145\/3579856.3590333","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3590333","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}