{"id":"https://openalex.org/W3136120147","doi":"https://doi.org/10.1109/bigdata50022.2020.9378274","title":"Broadening Differential Privacy for Deep Learning Against Model Inversion Attacks","display_name":"Broadening Differential Privacy for Deep Learning Against Model Inversion Attacks","publication_year":2020,"publication_date":"2020-12-10","ids":{"openalex":"https://openalex.org/W3136120147","doi":"https://doi.org/10.1109/bigdata50022.2020.9378274","mag":"3136120147"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata50022.2020.9378274","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata50022.2020.9378274","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027539408","display_name":"Qiuchen Zhang","orcid":"https://orcid.org/0000-0002-7054-1983"},"institutions":[{"id":"https://openalex.org/I150468666","display_name":"Emory University","ror":"https://ror.org/03czfpz43","country_code":"US","type":"education","lineage":["https://openalex.org/I150468666"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qiuchen Zhang","raw_affiliation_strings":["Department of Computer Science, Emory University, Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Emory University, Atlanta, GA","institution_ids":["https://openalex.org/I150468666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101635720","display_name":"Jing Ma","orcid":"https://orcid.org/0009-0002-8966-9554"},"institutions":[{"id":"https://openalex.org/I150468666","display_name":"Emory University","ror":"https://ror.org/03czfpz43","country_code":"US","type":"education","lineage":["https://openalex.org/I150468666"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jing Ma","raw_affiliation_strings":["Department of Computer Science, Emory University, Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Emory University, Atlanta, GA","institution_ids":["https://openalex.org/I150468666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062535903","display_name":"Yonghui Xiao","orcid":"https://orcid.org/0000-0002-9705-3525"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yonghui Xiao","raw_affiliation_strings":["Google Inc, Montain View, CA"],"affiliations":[{"raw_affiliation_string":"Google Inc, Montain View, CA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041918034","display_name":"Jian Lou","orcid":"https://orcid.org/0000-0002-4110-2068"},"institutions":[{"id":"https://openalex.org/I150468666","display_name":"Emory University","ror":"https://ror.org/03czfpz43","country_code":"US","type":"education","lineage":["https://openalex.org/I150468666"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jian Lou","raw_affiliation_strings":["Department of Computer Science, Emory University, Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Emory University, Atlanta, GA","institution_ids":["https://openalex.org/I150468666"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078394535","display_name":"Li Xiong","orcid":"https://orcid.org/0000-0001-7354-0428"},"institutions":[{"id":"https://openalex.org/I150468666","display_name":"Emory University","ror":"https://ror.org/03czfpz43","country_code":"US","type":"education","lineage":["https://openalex.org/I150468666"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Li Xiong","raw_affiliation_strings":["Department of Computer Science, Emory University, Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Emory University, Atlanta, GA","institution_ids":["https://openalex.org/I150468666"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5027539408"],"corresponding_institution_ids":["https://openalex.org/I150468666"],"apc_list":null,"apc_paid":null,"fwci":1.193,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.84147938,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1061","last_page":"1070"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9726999998092651,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.9327218532562256},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8228287696838379},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.7163267135620117},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6823623180389404},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5827152729034424},{"id":"https://openalex.org/keywords/inversion","display_name":"Inversion (geology)","score":0.5505670309066772},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.5099679231643677},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4649931490421295},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4597625136375427},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.44909390807151794},{"id":"https://openalex.org/keywords/data-publishing","display_name":"Data publishing","score":0.43331485986709595},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4111177921295166},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35162800550460815},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.29515889286994934},{"id":"https://openalex.org/keywords/publishing","display_name":"Publishing","score":0.12490791082382202},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.10103258490562439}],"concepts":[{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.9327218532562256},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8228287696838379},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.7163267135620117},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6823623180389404},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5827152729034424},{"id":"https://openalex.org/C1893757","wikidata":"https://www.wikidata.org/wiki/Q3653001","display_name":"Inversion (geology)","level":3,"score":0.5505670309066772},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.5099679231643677},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4649931490421295},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4597625136375427},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.44909390807151794},{"id":"https://openalex.org/C2781396290","wikidata":"https://www.wikidata.org/wiki/Q17051824","display_name":"Data publishing","level":3,"score":0.43331485986709595},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4111177921295166},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35162800550460815},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.29515889286994934},{"id":"https://openalex.org/C151719136","wikidata":"https://www.wikidata.org/wiki/Q3972943","display_name":"Publishing","level":2,"score":0.12490791082382202},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.10103258490562439},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C109007969","wikidata":"https://www.wikidata.org/wiki/Q749565","display_name":"Structural basin","level":2,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata50022.2020.9378274","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata50022.2020.9378274","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7200000286102295}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332161","display_name":"National Institutes of Health","ror":"https://ror.org/01cwqze88"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":57,"referenced_works":["https://openalex.org/W1505855572","https://openalex.org/W1658920975","https://openalex.org/W2027595342","https://openalex.org/W2051267297","https://openalex.org/W2082894754","https://openalex.org/W2112796928","https://openalex.org/W2119874464","https://openalex.org/W2133665775","https://openalex.org/W2152305589","https://openalex.org/W2165939075","https://openalex.org/W2167372639","https://openalex.org/W2473418344","https://openalex.org/W2520442116","https://openalex.org/W2532781556","https://openalex.org/W2535690855","https://openalex.org/W2591882872","https://openalex.org/W2757528734","https://openalex.org/W2777914285","https://openalex.org/W2784621220","https://openalex.org/W2787891697","https://openalex.org/W2798657499","https://openalex.org/W2809414288","https://openalex.org/W2809607392","https://openalex.org/W2917133166","https://openalex.org/W2927692314","https://openalex.org/W2950943617","https://openalex.org/W2950947818","https://openalex.org/W2963857521","https://openalex.org/W2964162474","https://openalex.org/W2967985550","https://openalex.org/W2970408908","https://openalex.org/W2988916019","https://openalex.org/W3019166713","https://openalex.org/W3048684575","https://openalex.org/W3085279751","https://openalex.org/W3087053033","https://openalex.org/W3102360395","https://openalex.org/W3145505541","https://openalex.org/W3177170788","https://openalex.org/W4288328346","https://openalex.org/W4288563649","https://openalex.org/W4288567374","https://openalex.org/W4297799122","https://openalex.org/W4298221930","https://openalex.org/W6657138077","https://openalex.org/W6677855611","https://openalex.org/W6682306957","https://openalex.org/W6728897251","https://openalex.org/W6746720608","https://openalex.org/W6748474921","https://openalex.org/W6750182894","https://openalex.org/W6759531683","https://openalex.org/W6760759230","https://openalex.org/W6763736615","https://openalex.org/W6763882619","https://openalex.org/W6764838729","https://openalex.org/W6783371370"],"related_works":["https://openalex.org/W2923234599","https://openalex.org/W2961912854","https://openalex.org/W2915559073","https://openalex.org/W3094463742","https://openalex.org/W2884294946","https://openalex.org/W2951798800","https://openalex.org/W3209392453","https://openalex.org/W4241535341","https://openalex.org/W4311074414","https://openalex.org/W4234819362"],"abstract_inverted_index":{"Deep":[0],"learning":[1,45,63,86,139],"models":[2],"have":[3],"achieved":[4],"great":[5],"success":[6],"in":[7,32],"many":[8,33],"real-world":[9],"tasks":[10],"such":[11],"as":[12],"image":[13,131],"recognition,":[14],"machine":[15],"translation,":[16],"and":[17,31,157,161,182],"self-driving":[18],"cars.":[19],"A":[20],"large":[21],"amount":[22],"of":[23,71],"data":[24,37,73],"are":[25,38],"needed":[26],"to":[27,67,75,81,122,164],"train":[28],"a":[29,43,76,166],"model,":[30],"cases,":[34],"the":[35,57,69,82,116,141],"training":[36,72,93,125],"private.":[39],"Publishing":[40],"or":[41],"sharing":[42],"deep":[44,62,85,138],"model":[46,58,103,118,191],"trained":[47],"on":[48,173],"private":[49],"datasets":[50,175],"could":[51],"pose":[52],"privacy":[53,89,145,160,168,180],"concerns.":[54],"We":[55],"study":[56],"inversion":[59,104,119],"attacks":[60,105,120],"against":[61,102,151,170,187],"models,":[64,95],"which":[65],"attempt":[66],"reconstruct":[68,124],"features":[70],"corresponding":[74],"given":[77,79],"class":[78],"access":[80],"model.":[83],"While":[84],"with":[87,140],"differential":[88,144,159],"is":[90],"state-of-the-art":[91],"for":[92],"privacy-preserving":[94],"whether":[96],"they":[97],"can":[98,184],"provide":[99,148,165],"meaningful":[100],"protection":[101,150],"remains":[106],"an":[107],"open":[108],"question.":[109],"In":[110],"this":[111],"paper,":[112],"we":[113,135,154],"first":[114],"improve":[115],"existing":[117],"(MIA)":[121],"successfully":[123],"images":[126],"from":[127],"neural":[128],"network":[129],"based":[130],"recognition":[132],"models.":[133],"Then,":[134],"demonstrate":[136,176],"that":[137,177],"standard":[142],"record-level":[143],"does":[146],"not":[147],"quantifiable":[149,167],"MIA.":[152,171],"Subsequently,":[153],"propose":[155],"class-level":[156],"subclass-level":[158],"develop":[162],"algorithms":[163],"guarantee":[169],"Experiments":[172],"real":[174],"our":[178],"proposed":[179],"notions":[181],"mechanisms":[183],"effectively":[185],"defend":[186],"MIA":[188],"while":[189],"maintaining":[190],"accuracy.":[192]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":7}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}