{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:59:39Z","timestamp":1750309179326,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3652892.3700762","type":"proceedings-article","created":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T19:36:13Z","timestamp":1732736173000},"page":"238-251","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Amalgam: A Framework for Obfuscated Neural Network Training on the Cloud"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1709-4723","authenticated-orcid":false,"given":"Sifat Ut","family":"Taki","sequence":"first","affiliation":[{"name":"Computer Science and Engineering, University of Notre Dame, Notre Dame, IN, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8498-4718","authenticated-orcid":false,"given":"Spyridon","family":"Mastorakis","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering, University of Notre Dame, Notre Dame, IN, United States"}]}],"member":"320","published-online":{"date-parts":[[2024,12,2]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2018.e00938"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339819"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2018.2888775"},{"key":"e_1_3_2_2_4_1","first-page":"747","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Avent Brendan","year":"2017","unstructured":"Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, and Benjamin Livshits. {BLENDER}: Enabling local search with a hybrid differential privacy model. In 26th USENIX Security Symposium (USENIX Security 17), pages 747--764, 2017."},{"key":"e_1_3_2_2_5_1","volume-title":"Differential privacy has disparate impact on model accuracy. Advances in neural information processing systems, 32","author":"Bagdasaryan Eugene","year":"2019","unstructured":"Eugene Bagdasaryan, Omid Poursaeed, and Vitaly Shmatikov. Differential privacy has disparate impact on model accuracy. Advances in neural information processing systems, 32, 2019."},{"key":"e_1_3_2_2_6_1","volume-title":"Private summation in the multi-message shuffle model. CoRR, abs\/2002.00817","author":"Balle Borja","year":"2020","unstructured":"Borja Balle, James Bell, Adri\u00e0 Gasc\u00f3n, and Kobbi Nissim. Private summation in the multi-message shuffle model. CoRR, abs\/2002.00817, 2020."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39077-7_5"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.2211477"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN48605.2020.9207619"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2013.53"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_14"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1561\/3300000019"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3679275"},{"key":"e_1_3_2_2_15_1","first-page":"300","volume-title":"Proceedings of the Tenth International Conference on Language Resources and Evaluation (LREC'16)","author":"Ghannay Sahar","year":"2016","unstructured":"Sahar Ghannay, Benoit Favre, Yannick Esteve, and Nathalie Camelin. Word embedding evaluation and combination. In Proceedings of the Tenth International Conference on Language Resources and Evaluation (LREC'16), pages 300--305, 2016."},{"key":"e_1_3_2_2_16_1","first-page":"201","volume-title":"International conference on machine learning","author":"Gilad-Bachrach Ran","year":"2016","unstructured":"Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International conference on machine learning, pages 201--210. PMLR, 2016."},{"key":"e_1_3_2_2_17_1","volume-title":"Explaining and harnessing adversarial examples","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples, 2015."},{"key":"e_1_3_2_2_18_1","volume-title":"Deep residual learning for image recognition. CoRR, abs\/1512.03385","author":"He Kaiming","year":"2015","unstructured":"Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Deep residual learning for image recognition. CoRR, abs\/1512.03385, 2015."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140649.3140655"},{"key":"e_1_3_2_2_20_1","volume-title":"Mobilenets: Efficient convolutional neural networks for mobile vision applications. CoRR, abs\/1704.04861","author":"Howard Andrew G.","year":"2017","unstructured":"Andrew G. Howard, Menglong Zhu, Bo Chen, Dmitry Kalenichenko, Weijun Wang, Tobias Weyand, Marco Andreetto, and Hartwig Adam. Mobilenets: Efficient convolutional neural networks for mobile vision applications. CoRR, abs\/1704.04861, 2017."},{"key":"e_1_3_2_2_21_1","volume-title":"https:\/\/github.com\/fastai\/imagenette\/","author":"Howard Jeremy","year":"2023","unstructured":"Jeremy Howard. Imagenette. https:\/\/github.com\/fastai\/imagenette\/, 2023."},{"key":"e_1_3_2_2_22_1","volume-title":"Densely connected convolutional networks. CoRR, abs\/1608.06993","author":"Huang Gao","year":"2016","unstructured":"Gao Huang, Zhuang Liu, and Kilian Q. Weinberger. Densely connected convolutional networks. CoRR, abs\/1608.06993, 2016."},{"key":"e_1_3_2_2_23_1","first-page":"4961","volume-title":"Advances in Neural Information Processing Systems","volume":"34","author":"Knott Brian","year":"2021","unstructured":"Brian Knott, Shobha Venkataraman, Awni Hannun, Shubho Sengupta, Mark Ibrahim, and Laurens van der Maaten. Crypten: Secure multiparty computation meets machine learning. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P.S. Liang, and J. Wortman Vaughan, editors, Advances in Neural Information Processing Systems, volume 34, pages 4961--4973. Curran Associates, Inc., 2021."},{"key":"e_1_3_2_2_24_1","volume-title":"Learning multiple layers of features from tiny images","author":"Krizhevsky Alex","year":"2009","unstructured":"Alex Krizhevsky, Geoffrey Hinton, et al. Learning multiple layers of features from tiny images. 2009."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00092"},{"key":"e_1_3_2_2_26_1","volume-title":"Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. Tensorscone: A secure tensorflow framework using intel sgx. arXiv preprint arXiv:1902.04413","author":"Kunkel Roland","year":"2019","unstructured":"Roland Kunkel, Do Le Quoc, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. Tensorscone: A secure tensorflow framework using intel sgx. arXiv preprint arXiv:1902.04413, 2019."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3159694"},{"key":"e_1_3_2_2_29_1","first-page":"4765","volume-title":"Advances in Neural Information Processing Systems 30","author":"Lundberg Scott M","year":"2017","unstructured":"Scott M Lundberg and Su-In Lee. A unified approach to interpreting model predictions. In I. Guyon, U. V. Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett, editors, Advances in Neural Information Processing Systems 30, pages 4765--4774. Curran Associates, Inc., 2017."},{"key":"e_1_3_2_2_30_1","volume-title":"International Conference on Learning Representations","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations, 2018."},{"key":"e_1_3_2_2_31_1","volume-title":"A general approach to adding differential privacy to iterative training procedures. CoRR, abs\/1812.06210","author":"McMahan H. Brendan","year":"2018","unstructured":"H. Brendan McMahan and Galen Andrew. A general approach to adding differential privacy to iterative training procedures. CoRR, abs\/1812.06210, 2018."},{"key":"e_1_3_2_2_32_1","volume-title":"Federated learning of deep networks using model averaging. CoRR, abs\/1602.05629","author":"McMahan H. Brendan","year":"2016","unstructured":"H. Brendan McMahan, Eider Moore, Daniel Ramage, and Blaise Ag\u00fcera y Arcas. Federated learning of deep networks using model averaging. CoRR, abs\/1602.05629, 2016."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3090959"},{"key":"e_1_3_2_2_34_1","unstructured":"Stephen Merity Caiming Xiong James Bradbury and Richard Socher. Wikitext 2016."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3340531.3412771"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW.2019.00011"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/FPT.2016.7929192"},{"key":"e_1_3_2_2_38_1","first-page":"1501","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Riazi M. Sadegh","year":"2019","unstructured":"M. Sadegh Riazi, Mohammad Samragh, Hao Chen, Kim Laine, Kristin Lauter, and Farinaz Koushanfar. XONN: XNOR-based oblivious deep neural network inference. In 28th USENIX Security Symposium (USENIX Security 19), pages 1501--1518, Santa Clara, CA, August 2019. USENIX Association."},{"key":"e_1_3_2_2_39_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, 2014."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.01195"},{"key":"e_1_3_2_2_41_1","first-page":"304","volume-title":"Proceedings of the 2022 5th International Conference on Artificial Intelligence and Pattern Recognition, AIPR '22","author":"Sun Jiaze","year":"2023","unstructured":"Jiaze Sun, Siyuan Long, Xianyan Ma, and Yanmei Tang. A model robustness optimization method based on adversarial sample detection. In Proceedings of the 2022 5th International Conference on Artificial Intelligence and Pattern Recognition, AIPR '22, page 304--310, New York, NY, USA, 2023. Association for Computing Machinery."},{"key":"e_1_3_2_2_42_1","volume-title":"Sequence to sequence learning with neural networks. Advances in neural information processing systems, 27","author":"Sutskever Ilya","year":"2014","unstructured":"Ilya Sutskever, Oriol Vinyals, and Quoc V Le. Sequence to sequence learning with neural networks. Advances in neural information processing systems, 27, 2014."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2015.09.040"},{"key":"e_1_3_2_2_44_1","volume-title":"Attention is all you need. CoRR, abs\/1706.03762","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Lukasz Kaiser, and Illia Polosukhin. Attention is all you need. CoRR, abs\/1706.03762, 2017."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0035"},{"key":"e_1_3_2_2_46_1","volume-title":"Learning deep transformer models for machine translation. arXiv preprint arXiv:1906.01787","author":"Wang Qiang","year":"2019","unstructured":"Qiang Wang, Bei Li, Tong Xiao, Jingbo Zhu, Changliang Li, Derek F Wong, and Lidia S Chao. Learning deep transformer models for machine translation. arXiv preprint arXiv:1906.01787, 2019."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01234-2_1"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSII.2020.2973007"},{"key":"e_1_3_2_2_49_1","volume-title":"Privacy-preserving machine learning: Methods, challenges and directions. arXiv preprint arXiv:2108.04417","author":"Xu Runhua","year":"2021","unstructured":"Runhua Xu, Nathalie Baracaldo, and James Joshi. Privacy-preserving machine learning: Methods, challenges and directions. arXiv preprint arXiv:2108.04417, 2021."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-12229-8_2"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00022"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.00564"},{"key":"e_1_3_2_2_53_1","volume-title":"NIPS","author":"Zhang Xiang","year":"2015","unstructured":"Xiang Zhang, Junbo Jake Zhao, and Yann LeCun. Character-level convolutional networks for text classification. In NIPS, 2015."},{"key":"e_1_3_2_2_54_1","volume-title":"Kbnet: Kernel basis network for image restoration. arXiv preprint arXiv:2303.02881","author":"Zhang Yi","year":"2023","unstructured":"Yi Zhang, Dasong Li, Xiaoyu Shi, Dailan He, Kangning Song, Xiaogang Wang, Honwei Qin, and Hongsheng Li. Kbnet: Kernel basis network for image restoration. arXiv preprint arXiv:2303.02881, 2023."},{"key":"e_1_3_2_2_55_1","volume-title":"Konda Reddy Mopuri, and Hakan Bilen. idlg: Improved deep leakage from gradients. CoRR, abs\/2001.02610","author":"Zhao Bo","year":"2020","unstructured":"Bo Zhao, Konda Reddy Mopuri, and Hakan Bilen. idlg: Improved deep leakage from gradients. CoRR, abs\/2001.02610, 2020."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909559"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598113"},{"key":"e_1_3_2_2_58_1","volume-title":"H. Wallach, H. Larochelle, A. Beygelzimer, F. d'Alch\u00e9-Buc","author":"Zhu Ligeng","year":"2019","unstructured":"Ligeng Zhu, Zhijian Liu, and Song Han. Deep leakage from gradients. In H. Wallach, H. Larochelle, A. Beygelzimer, F. d'Alch\u00e9-Buc, E. Fox, and R. Garnett, editors, Advances in Neural Information Processing Systems, volume 32. Curran Associates, Inc., 2019."},{"key":"e_1_3_2_2_59_1","volume-title":"Hermes attack: Steal {DNN} models with lossless inference accuracy","author":"Zhu Yuankun","year":"2021","unstructured":"Yuankun Zhu, Yueqiang Cheng, Husheng Zhou, and Yantao Lu. Hermes attack: Steal {DNN} models with lossless inference accuracy. 2021."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2020.3004555"}],"event":{"name":"Middleware '24: 25th International Middleware Conference","sponsor":["IFIP","Usenix"],"location":"Hong Kong Hong Kong","acronym":"Middleware '24"},"container-title":["Proceedings of the 25th International Middleware Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3652892.3700762","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3652892.3700762","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:53:57Z","timestamp":1750287237000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3652892.3700762"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":60,"alternative-id":["10.1145\/3652892.3700762","10.1145\/3652892"],"URL":"https:\/\/doi.org\/10.1145\/3652892.3700762","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-02","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}