{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T04:59:56Z","timestamp":1764997196328},"reference-count":33,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"11","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. &amp; Syst."],"published-print":{"date-parts":[[2018,11,1]]},"DOI":"10.1587\/transinf.2017icp0013","type":"journal-article","created":{"date-parts":[[2018,10,31]],"date-time":"2018-10-31T22:46:52Z","timestamp":1541026012000},"page":"2665-2676","source":"Crossref","is-referenced-by-count":16,"title":["Model Inversion Attacks for Online Prediction Systems: Without Knowledge of Non-Sensitive Attributes"],"prefix":"10.1587","volume":"E101.D","author":[{"given":"Seira","family":"HIDANO","sequence":"first","affiliation":[{"name":"KDDI Research, Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takao","family":"MURAKAMI","sequence":"additional","affiliation":[{"name":"National Institute of Advanced Industrial Science and Technology (AIST)"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shuichi","family":"KATSUMATA","sequence":"additional","affiliation":[{"name":"National Institute of Advanced Industrial Science and Technology (AIST)"},{"name":"University of Tokyo"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shinsaku","family":"KIYOMOTO","sequence":"additional","affiliation":[{"name":"KDDI Research, Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Goichiro","family":"HANAOKA","sequence":"additional","affiliation":[{"name":"National Institute of Advanced Industrial Science and Technology (AIST)"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] S. Hidano, T. Murakami, S. Katsumata, S. Kiyomoto, and G. Hanaoka, \u201cModel inversion attacks for prediction systems: Without knowledge of non-sensitive attributes,\u201d Proc. 15th International Conference on Privacy, Security and Trust (PST 2017), pp.1-10, 2017.","DOI":"10.1109\/PST.2017.00023"},{"key":"2","doi-asserted-by":"publisher","unstructured":"[2] X. Su and T.M. Khoshgoftaar, \u201cA survey of collaborative filtering techniques,\u201d Advances in Artificial Intelligence, vol.2009, no.4, pp.1-19, 2009. 10.1155\/2009\/421425","DOI":"10.1155\/2009\/421425"},{"key":"3","doi-asserted-by":"crossref","unstructured":"[3] G. Linden, B. Smith, and J. York, \u201cAmazon.com recommendations: Item-to-item collaborative filtering,\u201d IEEE Internet Comput., vol.7, no.1, pp.76-80, 2003. 10.1109\/mic.2003.1167344","DOI":"10.1109\/MIC.2003.1167344"},{"key":"4","doi-asserted-by":"publisher","unstructured":"[4] Y. Koren, R. Bell, and C. Volinsky, \u201cMatrix factorization techniques for recommender systems,\u201d Computer, vol.42, no.8, pp.30-37, 2009. 10.1109\/mc.2009.263","DOI":"10.1109\/MC.2009.263"},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] A.Y. Xue, R. Zhang, Y. Zheng, X. Xie, J. Huang, and Z. Xu, \u201cDestination prediction by sub-trajectory synthesis and privacy protection against such prediction,\u201d Proc. 2013 IEEE International Conference on Data Engineering (ICDE 2013), pp.254-265, 2013. 10.1109\/icde.2013.6544830","DOI":"10.1109\/ICDE.2013.6544830"},{"key":"6","doi-asserted-by":"publisher","unstructured":"[6] L. Song, D. Kotz, R. Jain, and X. He, \u201cEvaluating next-cell predictors with extensive Wi-Fi mobility data,\u201d IEEE Trans. on Mobile Comput., vol.5, no.12, pp.1633-1649, 2006. 10.1109\/tmc.2006.185","DOI":"10.1109\/TMC.2006.185"},{"key":"7","doi-asserted-by":"publisher","unstructured":"[7] P.C. Besse, B. Guillouet, J.-M. Loubes, and F. Royer, \u201cDestination prediction by trajectory distribution based model,\u201d IEEE Trans. Intell. Transport. Syst., vol.19, no.8, pp.2470-2481, 2018. 10.1109\/tits.2017.2749413","DOI":"10.1109\/TITS.2017.2749413"},{"key":"8","doi-asserted-by":"crossref","unstructured":"[8] The International Warfarin Pharmacogenetics Consortium, \u201cEstimation of the Warfarin Dose with Clinical and Pharmacogenetic Data,\u201d New England Journal of Medicine, vol.360, no.8, pp.753-764, 2009. 10.1056\/nejmoa0809329","DOI":"10.1056\/NEJMoa0809329"},{"key":"9","unstructured":"[9] Academy of Medical Sciences, \u201cStratified, personalised or p4 medicine: A new direction for placing the patient at the centre of healthcare and health education,\u201d Tech. Rep., 2015."},{"key":"10","doi-asserted-by":"publisher","unstructured":"[10] J.C. Weiss, S. Natarajan, P.L. Peissig, C.A. McCarty, and D. Page, \u201cMachine learning for personalized medicine: Predicting primary myocardial infarction from electronic health records,\u201d AI Mag., vol.33, no.4, pp.33-45, 2012. 10.1609\/aimag.v33i4.2438","DOI":"10.1609\/aimag.v33i4.2438"},{"key":"11","doi-asserted-by":"crossref","unstructured":"[12] E. Hazan, \u201cIntroduction to Online Convex Optimization,\u201d Now Publishers Inc., 2016.","DOI":"10.1561\/9781680831719"},{"key":"12","doi-asserted-by":"crossref","unstructured":"[13] J.A. Calandrino, A. Kilzer, A. Narayanan, E.W. Felten, and V. Shmatikov, \u201c\u201cYou might also like:\u201d Privacy risks of collaborative filtering,\u201d Proc. 32nd IEEE Symposium on Security and Privacy (S&amp;P 2011), pp.231-246, 2011. 10.1109\/sp.2011.40","DOI":"10.1109\/SP.2011.40"},{"key":"13","doi-asserted-by":"crossref","unstructured":"[14] A. Friedman, B.P. Knijnenburg, K. Vanhecke, L. Martens, and S. Berkovsky, \u201cPrivacy aspects of recommender systems,\u201d in Recommender Systems Handbook, pp.649-688, Springer, 2015. 10.1007\/978-1-4899-7637-6_19","DOI":"10.1007\/978-1-4899-7637-6_19"},{"key":"14","unstructured":"[15] M. Fredrikson, E. Lantz, and S. Jha, \u201cPrivacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing,\u201d Proc. 23rd USENIX Security Symposium (USENIX 2014), pp.17-32, 2014."},{"key":"15","doi-asserted-by":"crossref","unstructured":"[16] M. Fredrikson, S. Jha, and T. Ristenpart, \u201cModel inversion attacks that exploit confidence information and basic countermeasures,\u201d Proc. 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pp.1322-1333, 2015. 10.1145\/2810103.2813677","DOI":"10.1145\/2810103.2813677"},{"key":"16","doi-asserted-by":"publisher","unstructured":"[17] M. Kearnsy and M. Liz, \u201cLearning in the presence of malicious errors,\u201d vol.22, no.4, pp.807-837, 2012. 10.1137\/0222052","DOI":"10.1137\/0222052"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[18] P. Auer and N. Cesa-Bianchi, \u201cOn-line learning with malicious noise and the closure algorithm,\u201d vol.23, no.1, pp.83-99, 1998.","DOI":"10.1023\/A:1018960107028"},{"key":"18","doi-asserted-by":"crossref","unstructured":"[19] N.H. Bshouty, N. Eiron, and E. Kushilevitz, \u201cPAC learning with nasty noise,\u201d Proc. 10th International Conference on Algorithmic Learning Theory (AAL 1999), pp.206-218, 1999. 10.1007\/3-540-46769-6_17","DOI":"10.1007\/3-540-46769-6_17"},{"key":"19","unstructured":"[20] B. Biggio, B. Nelson, and P. Laskov, \u201cPoisoning attacks against support vector machines,\u201d Proc. 29th International Conference on Machine Learning (ICML 2012), pp.1467-1474, 2012."},{"key":"20","doi-asserted-by":"publisher","unstructured":"[21] B. Biggio, G. Fumera, and F. Roli, \u201cSecurity evaluation of pattern classifiers under attack,\u201d IEEE Trans. Knowl. Data Eng., vol.26, no.4, pp.984-996, 2014. 10.1109\/tkde.2013.57","DOI":"10.1109\/TKDE.2013.57"},{"key":"21","doi-asserted-by":"crossref","unstructured":"[22] N. Dalvi, P. Domingos, Mausam, S. Sanghai, and D. Verma, \u201cAdversarial classification,\u201d Proc. 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2004), pp.99-108, 2004. 10.1145\/1014052.1014066","DOI":"10.1145\/1014052.1014066"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[23] D. Lowd and C. Meek, \u201cAdversarial learning,\u201d Proc. 11th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2005), pp.641-647, 2005. 10.1145\/1081870.1081950","DOI":"10.1145\/1081870.1081950"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[24] M. Barreno, B. Nelson, R. Sears, A.D. Joseph, and J.D. Tygar, \u201cCan machine learning be secure?,\u201d Proc. 2006 ACM Symposium on Information, computer and communications security (ASIACCS 2006), pp.16-25, 2006. 10.1145\/1128817.1128824","DOI":"10.1145\/1128817.1128824"},{"key":"24","doi-asserted-by":"crossref","unstructured":"[25] L. Huang, A.D. Joseph, B. Nelson, B.I.P. Rubinstein, and J.D. Tygar, \u201cAdversarial machine learning,\u201d Proc. 4th ACM Workshop on Artificial Intelligence and Security (AISec 2011), 2011. 10.1145\/2046684.2046692","DOI":"10.1145\/2046684.2046692"},{"key":"25","unstructured":"[26] B. Li and Y. Vorobeychik, \u201cFeature cross-substitution in adversarial classification,\u201d Proc. 27th International Conference on Neural Information Processing Systems, pp.2087-2095, 2014."},{"key":"26","unstructured":"[27] B. Li and Y. Vorobeychik, \u201cScalable optimization of randomized operational decisions in adversarial classification settings,\u201d Proc. 18th International Conference on Artificial Intelligenceand Statistics, pp.599-607, 2015."},{"key":"27","unstructured":"[28] B. Li, Y. Wang, A. Singh, and Y. Vorobeychik, \u201cData poisoning attacks on factorization-based collaborative filtering,\u201d Proc. 3rd Neural Information Processing Systems (NIPS 2016), pp.1-13, 2016."},{"key":"28","doi-asserted-by":"publisher","unstructured":"[29] B. Lika, K. Kolomvatsos, and S. Hadjiefthymiades, \u201cFacing the cold start problem in recommender systems,\u201d Expert Systems with Applications: An International Journal, vol.41, no.4, pp.2064-2073, 2014. 10.1016\/j.eswa.2013.09.005","DOI":"10.1016\/j.eswa.2013.09.005"},{"key":"29","unstructured":"[30] W. Hickey, \u201cFiveThirtyEight: How Americans Like Their Steak.\u201d http:\/\/fivethirtyeight.com\/datalab\/how-americans-like-their-steak\/, 2014."},{"key":"30","unstructured":"[31] GroupLens Research, \u201cMovieLens 1M Dataset.\u201d http:\/\/grouplens.org\/datasets\/movielens\/, 2003."},{"key":"31","doi-asserted-by":"crossref","unstructured":"[32] X. Wu, M. Fredrikson, S. Jha, and J.F. Naughton, \u201cA methodology for formalizing model-inversion attacks,\u201d Proc. 29th IEEE Computer Security Foundations Symposium (CSF 2016), pp.355-370, 2016. 10.1109\/csf.2016.32","DOI":"10.1109\/CSF.2016.32"},{"key":"32","doi-asserted-by":"crossref","unstructured":"[33] Y. Cao and J. Yang, \u201cTowards making systems forget with machine unlearning,\u201d Proc. 36th IEEE Symposium on Security and Privacy (S&amp;P 2015), pp.463-480, 2015. 10.1109\/sp.2015.35","DOI":"10.1109\/SP.2015.35"},{"key":"33","doi-asserted-by":"crossref","unstructured":"[34] C. Bishop, Pattern Recognition and Machine Learning, Springer, 2010. 10.1016\/c2009-0-22409-3","DOI":"10.1016\/C2009-0-22409-3"}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E101.D\/11\/E101.D_2017ICP0013\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,14]],"date-time":"2020-11-14T12:07:51Z","timestamp":1605355671000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E101.D\/11\/E101.D_2017ICP0013\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11,1]]},"references-count":33,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2018]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2017icp0013","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,11,1]]}}}