{"id":"https://openalex.org/W3134600863","doi":"https://doi.org/10.1109/asianhost51057.2020.9358254","title":"MIDAS: Model Inversion Defenses Using an Approximate Memory System","display_name":"MIDAS: Model Inversion Defenses Using an Approximate Memory System","publication_year":2020,"publication_date":"2020-12-15","ids":{"openalex":"https://openalex.org/W3134600863","doi":"https://doi.org/10.1109/asianhost51057.2020.9358254","mag":"3134600863"},"language":"en","primary_location":{"id":"doi:10.1109/asianhost51057.2020.9358254","is_oa":false,"landing_page_url":"https://doi.org/10.1109/asianhost51057.2020.9358254","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015070751","display_name":"Qian Xu","orcid":"https://orcid.org/0000-0001-6143-9787"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qian Xu","raw_affiliation_strings":["University of Maryland College Park, Maryland, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland College Park, Maryland, USA","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077280198","display_name":"Md Tanvir Arafin","orcid":"https://orcid.org/0000-0002-5179-5216"},"institutions":[{"id":"https://openalex.org/I83909951","display_name":"Morgan State University","ror":"https://ror.org/017d8gk22","country_code":"US","type":"education","lineage":["https://openalex.org/I83909951"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Md Tanvir Arafin","raw_affiliation_strings":["Morgan State University, Baltimore, Maryland"],"affiliations":[{"raw_affiliation_string":"Morgan State University, Baltimore, Maryland","institution_ids":["https://openalex.org/I83909951"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012474783","display_name":"Gang Qu","orcid":"https://orcid.org/0000-0001-6759-8949"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gang Qu","raw_affiliation_strings":["University of Maryland College Park, Maryland, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland College Park, Maryland, USA","institution_ids":["https://openalex.org/I66946132"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015070751"],"corresponding_institution_ids":["https://openalex.org/I66946132"],"apc_list":null,"apc_paid":null,"fwci":0.3977,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.70578083,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"1","issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8173292875289917},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6659258604049683},{"id":"https://openalex.org/keywords/inversion","display_name":"Inversion (geology)","score":0.5750777125358582},{"id":"https://openalex.org/keywords/dram","display_name":"Dram","score":0.4630468189716339},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4182206988334656},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4126172959804535},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3407447934150696},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.33445483446121216},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.3280470371246338},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28025054931640625},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22738438844680786}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8173292875289917},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6659258604049683},{"id":"https://openalex.org/C1893757","wikidata":"https://www.wikidata.org/wiki/Q3653001","display_name":"Inversion (geology)","level":3,"score":0.5750777125358582},{"id":"https://openalex.org/C7366592","wikidata":"https://www.wikidata.org/wiki/Q1255620","display_name":"Dram","level":2,"score":0.4630468189716339},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4182206988334656},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4126172959804535},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3407447934150696},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.33445483446121216},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.3280470371246338},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28025054931640625},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22738438844680786},{"id":"https://openalex.org/C109007969","wikidata":"https://www.wikidata.org/wiki/Q749565","display_name":"Structural basin","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/asianhost51057.2020.9358254","is_oa":false,"landing_page_url":"https://doi.org/10.1109/asianhost51057.2020.9358254","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1473189865","https://openalex.org/W1480376833","https://openalex.org/W2051267297","https://openalex.org/W2163691366","https://openalex.org/W2565435739","https://openalex.org/W2588907924","https://openalex.org/W2615368515","https://openalex.org/W2624299682","https://openalex.org/W2626519144","https://openalex.org/W2794842046","https://openalex.org/W2949493305","https://openalex.org/W2979754840","https://openalex.org/W2998041822","https://openalex.org/W3035616549","https://openalex.org/W4252290681","https://openalex.org/W6628547770"],"related_works":["https://openalex.org/W3120961607","https://openalex.org/W4401568740","https://openalex.org/W2098207691","https://openalex.org/W3148568549","https://openalex.org/W1648516568","https://openalex.org/W361036515","https://openalex.org/W2269474412","https://openalex.org/W4211178602","https://openalex.org/W2433923775","https://openalex.org/W2537599394"],"abstract_inverted_index":{"Private":[0],"data":[1,165],"constitute":[2],"a":[3,47,75,95,101,156],"significant":[4],"share":[5],"of":[6,110,117,127],"the":[7,32,38,107,115,163],"training":[8,33,164],"information":[9,30],"for":[10,159],"machine":[11],"learning":[12],"(ML)":[13],"algorithms.":[14],"Recent":[15],"works":[16],"on":[17],"model":[18,27,128,147],"inversion":[19,40,148],"attacks":[20,41],"(MIA)":[21],"have":[22,36],"demonstrated":[23],"that":[24,61,81,105,155],"an":[25,53,62,111,118,169],"ML":[26,63,112],"can":[28,70,161],"leak":[29],"about":[31],"dataset.":[34],"We":[35],"examined":[37],"existing":[39],"in":[42,67,91,94,125,145,168],"this":[43],"work":[44],"and":[45,131,139,142,172],"proposed":[46],"hardware-oriented":[48],"security":[49,138],"solution":[50,158],"to":[51,73],"defend":[52],"AI":[54],"system":[55],"from":[56],"MIA.":[57],"First,":[58],"we":[59,79,99,122,135,153],"demonstrate":[60],"algorithm's":[64],"execution":[65,109],"flow":[66],"physical":[68],"hardware":[69,171],"be":[71],"leveraged":[72],"secure":[74,102],"trained":[76],"model.":[77,97],"Then,":[78],"find":[80,154],"approximate":[82],"main":[83],"memory,":[84],"such":[85],"as":[86],"undervolted":[87],"DRAMs,":[88],"are":[89],"useful":[90],"adding":[92],"noise":[93],"loaded":[96],"Next,":[98],"design":[100],"algorithm":[103,113],"MIDAS":[104,124],"ensures":[106],"safe":[108],"under":[114],"presence":[116],"adversary.":[119],"After":[120],"that,":[121],"evaluate":[123],"terms":[126],"accuracy":[129],"degradation":[130],"similarity":[132],"metrics.":[133],"Finally,":[134],"examine":[136],"MIDAS's":[137],"privacy":[140],"implication":[141],"its":[143],"effectiveness":[144],"thwarting":[146],"attacks.":[149],"From":[150],"our":[151],"evaluations,":[152],"hardware-dependent":[157],"MIA":[160],"ensure":[162],"privacy,":[166],"even":[167],"untrusted":[170],"software":[173],"stack.":[174]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}