{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T00:02:29Z","timestamp":1755993749496,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3605764.3623904","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:12:17Z","timestamp":1700568737000},"page":"23-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Probing the Transition to Dataset-Level Privacy in ML Models Using an Output-Specific and Data-Resolved Privacy Profile"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0652-9485","authenticated-orcid":false,"given":"Tyler","family":"LeBlond","sequence":"first","affiliation":[{"name":"Booz Allen Hamilton, Annapolis Junction, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4573-3879","authenticated-orcid":false,"given":"Joseph","family":"Munoz","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Annapolis Junction, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1026-5734","authenticated-orcid":false,"given":"Fred","family":"Lu","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Annapolis Junction, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0771-2647","authenticated-orcid":false,"given":"Maya","family":"Fuchs","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Annapolis Junction, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4023-3880","authenticated-orcid":false,"given":"Elliot","family":"Zaresky-Williams","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Annapolis Junction, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9900-1972","authenticated-orcid":false,"given":"Edward","family":"Raff","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Jamesville, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2349-9564","authenticated-orcid":false,"given":"Brian","family":"Testa","sequence":"additional","affiliation":[{"name":"Air Force Research Laboratory, Rome, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_2_1","first-page":"15479","article-title":"Differential privacy has disparate impact on model accuracy","volume":"32","author":"Bagdasaryan Eugene","year":"2019","unstructured":"Eugene Bagdasaryan, Omid Poursaeed, and Vitaly Shmatikov. 2019. Differential privacy has disparate impact on model accuracy. Advances in Neural Information Processing Systems, Vol. 32 (2019), 15479--15488.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","unstructured":"Benjamin Bichsel Samuel Steffen Ilija Bogunovic and Martin Vechev. 2021. DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers. (2021) 391--409. https:\/\/doi.org\/10.1109\/SP40001.2021.00081","DOI":"10.1109\/SP40001.2021.00081"},{"key":"e_1_3_2_1_4_1","volume-title":"Machine Unlearning. In IEEE Symposium of Security and Privacy.","author":"Bourtoule Lucas","year":"2021","unstructured":"Lucas Bourtoule, Varun Chandrasekaran, Christopher A Choquette-choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot. 2021. Machine Unlearning. In IEEE Symposium of Security and Privacy."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 38th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"1104","author":"Brophy Jonathan","year":"2021","unstructured":"Jonathan Brophy and Daniel Lowd. 2021. Machine Unlearning for Random Forests. In Proceedings of the 38th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 139), , Marina Meila and Tong Zhang (Eds.). PMLR, 1092--1104. https:\/\/proceedings.mlr.press\/v139\/brophy21a.html"},{"key":"e_1_3_2_1_6_1","article-title":"Differentially private empirical risk minimization","volume":"12","author":"Chaudhuri Kamalika","year":"2011","unstructured":"Kamalika Chaudhuri, Claire Monteleoni, and Anand D Sarwate. 2011. Differentially private empirical risk minimization. Journal of Machine Learning Research , Vol. 12, 3 (2011).","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978308"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243818"},{"key":"e_1_3_2_1_9_1","first-page":"3","article-title":"The algorithmic foundations of differential privacy","volume":"9","author":"Dwork Cynthia","year":"2014","unstructured":"Cynthia Dwork, Aaron Roth, et al. 2014. The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. , Vol. 9, 3--4 (2014), 211--407.","journal-title":"Found. Trends Theor. Comput. Sci."},{"key":"e_1_3_2_1_10_1","volume-title":"Concentrated differential privacy. arXiv preprint arXiv:1603.01887","author":"Dwork Cynthia","year":"2016","unstructured":"Cynthia Dwork and Guy N Rothblum. 2016. Concentrated differential privacy. arXiv preprint arXiv:1603.01887 (2016)."},{"key":"e_1_3_2_1_11_1","volume-title":"That which we call private. arXiv preprint arXiv:1908.03566","author":"Erlingsson \u00dalfar","year":"2019","unstructured":"\u00dalfar Erlingsson, Ilya Mironov, Ananth Raghunathan, and Shuang Song. 2019. That which we call private. arXiv preprint arXiv:1908.03566 (2019)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23047"},{"key":"e_1_3_2_1_13_1","volume-title":"arXiv preprint arXiv:2012.13573","author":"He Fengxiang","year":"2020","unstructured":"Fengxiang He, Shaopeng Fu, Bohan Wang, and Dacheng Tao. 2020. Robustness, Privacy, and Generalization of Adversarial Training. arXiv preprint arXiv:2012.13573 (2020)."},{"key":"e_1_3_2_1_14_1","volume-title":"P\u00f3l Mac Aonghusa, and Killian Levacher","author":"Holohan Naoise","year":"2019","unstructured":"Naoise Holohan, Stefano Braghin, P\u00f3l Mac Aonghusa, and Killian Levacher. 2019. Diffprivlib: the IBM differential privacy library. arXiv preprint arXiv:1907.02444 (2019)."},{"key":"e_1_3_2_1_15_1","volume-title":"Differential Privacy: An Economic Method for Choosing Epsilon. CoRR","author":"Hsu Justin","year":"2014","unstructured":"Justin Hsu, Marco Gaboardi, Andreas Haeberlen, Sanjeev Khanna, Arjun Narayan, Benjamin C. Pierce, and Aaron Roth. 2014. Differential Privacy: An Economic Method for Choosing Epsilon. CoRR , Vol. abs\/1402.3329 (2014). showeprint[arXiv]1402.3329 http:\/\/arxiv.org\/abs\/1402.3329"},{"key":"e_1_3_2_1_16_1","volume-title":"Differentially Private Learning Does Not Bound Membership Inference. CoRR","author":"Humphries Thomas","year":"2020","unstructured":"Thomas Humphries, Matthew Rafuse, Lindsey Tulloch, Simon Oya, Ian Goldberg, and Florian Kerschbaum. 2020. Differentially Private Learning Does Not Bound Membership Inference. CoRR , Vol. abs\/2010.12112 (2020). showeprint[arXiv]2010.12112 https:\/\/arxiv.org\/abs\/2010.12112"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of The 24th International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research","volume":"2016","author":"Izzo Zachary","year":"2021","unstructured":"Zachary Izzo, Mary Anne Smart, Kamalika Chaudhuri, and James Zou. 2021. Approximate Data Deletion from Machine Learning Models. In Proceedings of The 24th International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research, Vol. 130), Arindam Banerjee and Kenji Fukumizu (Eds.). PMLR, 2008--2016. http:\/\/proceedings.mlr.press\/v130\/izzo21a.html"},{"key":"e_1_3_2_1_18_1","volume-title":"Sparse Private LASSO Logistic Regression. ArXiv","author":"Khanna Amol","year":"2023","unstructured":"Amol Khanna, Fred Lu, and Edward Raff. 2023. Sparse Private LASSO Logistic Regression. ArXiv , Vol. abs\/2304.12429 (2023)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/PAC.2018.00009"},{"key":"e_1_3_2_1_20_1","volume-title":"A General Framework for Auditing Differentially Private Machine Learning. NeurIPS","author":"Lu Fred","year":"2022","unstructured":"Fred Lu, Joseph Munoz, Maya Fuchs, Tyler LeBlond, Elliott Zaresky-Williams, Edward Raff, Francis Ferraro, and Brian Testa. 2022. A General Framework for Auditing Differentially Private Machine Learning. NeurIPS (2022)."},{"key":"e_1_3_2_1_21_1","volume-title":"ML Privacy Meter: Aiding regulatory compliance by quantifying the privacy risks of machine learning. arXiv preprint arXiv:2007.09339","author":"Murakonda Sasi Kumar","year":"2020","unstructured":"Sasi Kumar Murakonda and Reza Shokri. 2020. ML Privacy Meter: Aiding regulatory compliance by quantifying the privacy risks of machine learning. arXiv preprint arXiv:2007.09339 (2020)."},{"key":"e_1_3_2_1_22_1","volume-title":"Beat Buesser, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Nathalie Baracaldo, Bryant Chen, Heiko Ludwig, Ian Molloy, and Ben Edwards.","author":"Nicolae Maria-Irina","year":"2018","unstructured":"Maria-Irina Nicolae, Mathieu Sinn, Minh Ngoc Tran, Beat Buesser, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Nathalie Baracaldo, Bryant Chen, Heiko Ludwig, Ian Molloy, and Ben Edwards. 2018. Adversarial Robustness Toolbox v1.2.0. CoRR , Vol. 1807.01069 (2018). https:\/\/arxiv.org\/pdf\/1807.01069"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2783258.2783347"},{"key":"e_1_3_2_1_24_1","first-page":"61","article-title":"Membership Inference Attack against Differentially Private Deep Learning","volume":"11","author":"Rahman Md Atiqur","year":"2018","unstructured":"Md Atiqur Rahman, Tanzila Rahman, Robert Lagani\u00e8re, Noman Mohammed, and Yang Wang. 2018. Membership Inference Attack against Differentially Private Deep Learning Model. Trans. Data Priv. , Vol. 11, 1 (2018), 61--79.","journal-title":"Model. Trans. Data Priv."},{"key":"e_1_3_2_1_25_1","volume-title":"Advances in Neural Information Processing Systems","volume":"34","author":"Redberg Rachel","year":"2021","unstructured":"Rachel Redberg and Yu-Xiang Wang. 2021. Privately Publishable Per-instance Privacy. Advances in Neural Information Processing Systems , Vol. 34 (2021)."},{"volume-title":"ECML\/PKDD,","author":"Sivan Hadar","key":"e_1_3_2_1_26_1","unstructured":"Hadar Sivan, Moshe Gabel, and Assaf Schuster. 2021. Incremental Sensitivity Analysis for Kernelized Models. In ECML\/PKDD, , Frank Hutter, Kristian Kersting, Jefrey Lijffijt, and Isabel Valera (Eds.). Springer International Publishing, Cham, 383--398."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2663337"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00012"},{"key":"e_1_3_2_1_29_1","volume-title":"RoD: Evaluating the risk of data disclosure using noise estimation for differential privacy","author":"Tsou Yao-Tung","year":"2019","unstructured":"Yao-Tung Tsou, Hung-Li Chen, and Yu-Hsiang Chang. 2019. RoD: Evaluating the risk of data disclosure using noise estimation for differential privacy. IEEE Transactions on Big Data (2019)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.29012\/jpc.662"},{"key":"e_1_3_2_1_31_1","volume-title":"Disparate Vulnerability: on the Unfairness of Privacy Attacks Against Machine Learning. CoRR","author":"Yaghini Mohammad","year":"2019","unstructured":"Mohammad Yaghini, Bogdan Kulynych, and Carmela Troncoso. 2019. Disparate Vulnerability: on the Unfairness of Privacy Attacks Against Machine Learning. CoRR , Vol. abs\/1906.00389 (2019). showeprint[arXiv]1906.00389 http:\/\/arxiv.org\/abs\/1906.00389"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-18579-4_15"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_1_34_1","volume-title":"Tighter Bound Estimation of Sensitivity Analysis for Incremental and Decremental Data Modification. arXiv preprint arXiv:2003.03351","author":"Zhou Kaichen","year":"2020","unstructured":"Kaichen Zhou, Shiji Song, Gao Huang, Wu Cheng, and Quan Zhou. 2020. Tighter Bound Estimation of Sensitivity Analysis for Incremental and Decremental Data Modification. arXiv preprint arXiv:2003.03351 (2020)."},{"key":"e_1_3_2_1_35_1","unstructured":"Kaichen Zhou Shiji Song Gao Huang Wu Cheng and Quan Zhou. 2021. Tighter Bound Estimation of Sensitivity Analysis for Incremental and Decremental Data Modification. (2021). io"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Copenhagen Denmark","acronym":"CCS '23"},"container-title":["Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605764.3623904","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605764.3623904","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T01:36:03Z","timestamp":1755912963000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605764.3623904"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":35,"alternative-id":["10.1145\/3605764.3623904","10.1145\/3605764"],"URL":"https:\/\/doi.org\/10.1145\/3605764.3623904","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}