{"id":"https://openalex.org/W3197399603","doi":"https://doi.org/10.1109/csr51186.2021.9527945","title":"Defending Against Model Inversion Attack by Adversarial Examples","display_name":"Defending Against Model Inversion Attack by Adversarial Examples","publication_year":2021,"publication_date":"2021-07-26","ids":{"openalex":"https://openalex.org/W3197399603","doi":"https://doi.org/10.1109/csr51186.2021.9527945","mag":"3197399603"},"language":"en","primary_location":{"id":"doi:10.1109/csr51186.2021.9527945","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527945","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101872607","display_name":"Jing Wen","orcid":"https://orcid.org/0000-0003-4721-5327"},"institutions":[{"id":"https://openalex.org/I889458895","display_name":"University of Hong Kong","ror":"https://ror.org/02zhqgq86","country_code":"HK","type":"education","lineage":["https://openalex.org/I889458895"]}],"countries":["HK"],"is_corresponding":true,"raw_author_name":"Jing Wen","raw_affiliation_strings":["The University of Hong Kong,Dept. of Computer Science"],"affiliations":[{"raw_affiliation_string":"The University of Hong Kong,Dept. of Computer Science","institution_ids":["https://openalex.org/I889458895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071765286","display_name":"Siu-Ming Yiu","orcid":null},"institutions":[{"id":"https://openalex.org/I889458895","display_name":"University of Hong Kong","ror":"https://ror.org/02zhqgq86","country_code":"HK","type":"education","lineage":["https://openalex.org/I889458895"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Siu-Ming Yiu","raw_affiliation_strings":["The University of Hong Kong,Dept. of Computer Science"],"affiliations":[{"raw_affiliation_string":"The University of Hong Kong,Dept. of Computer Science","institution_ids":["https://openalex.org/I889458895"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109853326","display_name":"Lucas C. K. Hui","orcid":null},"institutions":[{"id":"https://openalex.org/I146617529","display_name":"Applied Science and Technology Research Institute","ror":"https://ror.org/03xmkea05","country_code":"CN","type":"facility","lineage":["https://openalex.org/I146617529"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lucas C.K. Hui","raw_affiliation_strings":["Hong Kong Applied Science and Technology Research Institute (ASTRI)"],"affiliations":[{"raw_affiliation_string":"Hong Kong Applied Science and Technology Research Institute (ASTRI)","institution_ids":["https://openalex.org/I146617529"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101872607"],"corresponding_institution_ids":["https://openalex.org/I889458895"],"apc_list":null,"apc_paid":null,"fwci":1.6317,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.86681871,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"551","last_page":"556"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9492999911308289,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.930899977684021,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8659288287162781},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7803280353546143},{"id":"https://openalex.org/keywords/inversion","display_name":"Inversion (geology)","score":0.6909400224685669},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.536588728427887},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5252537131309509},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.4957486093044281},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.4852907359600067},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.47917500138282776},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4318996071815491},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4170655906200409},{"id":"https://openalex.org/keywords/noise-measurement","display_name":"Noise measurement","score":0.4125574231147766},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.41047540307044983},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2165060043334961},{"id":"https://openalex.org/keywords/noise-reduction","display_name":"Noise reduction","score":0.17238852381706238}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8659288287162781},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7803280353546143},{"id":"https://openalex.org/C1893757","wikidata":"https://www.wikidata.org/wiki/Q3653001","display_name":"Inversion (geology)","level":3,"score":0.6909400224685669},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.536588728427887},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5252537131309509},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.4957486093044281},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.4852907359600067},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.47917500138282776},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4318996071815491},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4170655906200409},{"id":"https://openalex.org/C29265498","wikidata":"https://www.wikidata.org/wiki/Q7047719","display_name":"Noise measurement","level":3,"score":0.4125574231147766},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.41047540307044983},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2165060043334961},{"id":"https://openalex.org/C163294075","wikidata":"https://www.wikidata.org/wiki/Q581861","display_name":"Noise reduction","level":2,"score":0.17238852381706238},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C109007969","wikidata":"https://www.wikidata.org/wiki/Q749565","display_name":"Structural basin","level":2,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr51186.2021.9527945","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527945","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6000000238418579}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W1473189865","https://openalex.org/W1673923490","https://openalex.org/W1834627138","https://openalex.org/W1945616565","https://openalex.org/W2024922353","https://openalex.org/W2051267297","https://openalex.org/W2180612164","https://openalex.org/W2461943168","https://openalex.org/W2535690855","https://openalex.org/W2557579533","https://openalex.org/W2607219512","https://openalex.org/W2884277299","https://openalex.org/W2946086434","https://openalex.org/W2963207607","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964153729","https://openalex.org/W2964253222","https://openalex.org/W2964318098","https://openalex.org/W2971225054","https://openalex.org/W2983140679","https://openalex.org/W2985580374","https://openalex.org/W3023716276","https://openalex.org/W3035616549","https://openalex.org/W3085279751","https://openalex.org/W3102720581","https://openalex.org/W3177170788","https://openalex.org/W4293469690","https://openalex.org/W4293846201","https://openalex.org/W6628547770","https://openalex.org/W6637162671","https://openalex.org/W6640425456","https://openalex.org/W6729906282","https://openalex.org/W6739868092","https://openalex.org/W6762682940","https://openalex.org/W6776993083","https://openalex.org/W6783371370"],"related_works":["https://openalex.org/W4320018150","https://openalex.org/W4239582170","https://openalex.org/W3048732067","https://openalex.org/W2918664383","https://openalex.org/W106056076","https://openalex.org/W4320855730","https://openalex.org/W4383468834","https://openalex.org/W2135200719","https://openalex.org/W4283221438","https://openalex.org/W2900159906"],"abstract_inverted_index":{"Model":[0],"inversion":[1,58,93,122],"(MI)":[2],"attacks":[3,39,194],"aim":[4],"to":[5,24,44,65,73,97,106,135,165,196],"infer":[6],"and":[7,60,101,179,202,217],"reconstruct":[8],"the":[9,13,25,45,57,66,89,99,108,117,121,132,141,150,155,197],"input":[10,28],"data":[11],"from":[12],"output":[14,109],"of":[15,27,88,91,120,140,199],"a":[16,21,52,103,127],"neural":[17,168],"network,":[18],"which":[19,78],"poses":[20],"severe":[22],"threat":[23],"privacy":[26],"data.":[29],"Inspired":[30],"by":[31,40],"adversarial":[32,42,112,200],"examples,":[33],"we":[34,95,125],"propose":[35,70],"defending":[36],"against":[37,191],"MI":[38,193],"adding":[41],"noise":[43,53,76,104],"output.":[46],"The":[47],"critical":[48],"challenge":[49],"is":[50,189],"finding":[51],"vector":[54,105],"that":[55,114,130],"maximizes":[56],"error":[59,119],"introduces":[61],"negligible":[62],"utility":[63],"loss":[64,139,216],"target":[67,142],"model.":[68,123,143],"We":[69,172],"an":[71,92,111],"algorithm":[72,85],"craft":[74],"such":[75],"vectors,":[77],"also":[79],"incorporates":[80],"utility-loss":[81],"constraints.":[82],"Specifically,":[83],"our":[84,174,187],"takes":[86],"advantage":[87],"gradient":[90],"model":[94],"train":[96],"mimic":[98],"adversary":[100],"compute":[102],"turn":[107],"into":[110],"example":[113],"can":[115,161],"maximize":[116],"reconstruction":[118,210],"Then":[124],"apply":[126],"label":[128,133],"modifier":[129],"keeps":[131],"unchanged":[134],"achieve":[136],"zero":[137,214],"accuracy":[138,215],"Our":[144,183],"defense":[145],"does":[146],"not":[147],"tamper":[148],"with":[149],"training":[151,157],"process":[152],"or":[153,170],"need":[154],"private":[156],"dataset.":[158],"Thus":[159],"it":[160,207],"be":[162],"easily":[163],"applied":[164],"any":[166],"current":[167],"networks":[169],"APIs.":[171],"evaluate":[173],"method":[175],"under":[176],"both":[177],"standard":[178],"adaptive":[180],"attack":[181],"settings.":[182],"empirical":[184],"results":[185],"show":[186],"approach":[188],"effective":[190],"state-of-the-art":[192],"due":[195],"transferability":[198],"examples":[201],"outperforms":[203],"existing":[204,221],"defenses.":[205,222],"Furthermore,":[206],"causes":[208],"more":[209],"errors":[211],"while":[212],"introducing":[213],"less":[218],"distortion":[219],"than":[220]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}