{"id":"https://openalex.org/W3092447531","doi":"https://doi.org/10.1109/dac18072.2020.9218633","title":"Stealing Your Data from Compressed Machine Learning Models","display_name":"Stealing Your Data from Compressed Machine Learning Models","publication_year":2020,"publication_date":"2020-07-01","ids":{"openalex":"https://openalex.org/W3092447531","doi":"https://doi.org/10.1109/dac18072.2020.9218633","mag":"3092447531"},"language":"en","primary_location":{"id":"doi:10.1109/dac18072.2020.9218633","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dac18072.2020.9218633","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 57th ACM/IEEE Design Automation Conference (DAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048064145","display_name":"Nuo Xu","orcid":"https://orcid.org/0000-0001-6148-2830"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nuo Xu","raw_affiliation_strings":["Lehigh University"],"affiliations":[{"raw_affiliation_string":"Lehigh University","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100453144","display_name":"Qi Liu","orcid":"https://orcid.org/0000-0001-5378-6404"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qi Liu","raw_affiliation_strings":["Lehigh University"],"affiliations":[{"raw_affiliation_string":"Lehigh University","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100702495","display_name":"Tao Liu","orcid":"https://orcid.org/0000-0002-7535-444X"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tao Liu","raw_affiliation_strings":["Lehigh University"],"affiliations":[{"raw_affiliation_string":"Lehigh University","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100323067","display_name":"Zihao Liu","orcid":"https://orcid.org/0000-0001-5306-6626"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zihao Liu","raw_affiliation_strings":["Lehigh University"],"affiliations":[{"raw_affiliation_string":"Lehigh University","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028757963","display_name":"Xiaochen Guo","orcid":"https://orcid.org/0000-0001-7704-0412"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaochen Guo","raw_affiliation_strings":["Lehigh University"],"affiliations":[{"raw_affiliation_string":"Lehigh University","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067226050","display_name":"Wujie Wen","orcid":"https://orcid.org/0000-0003-0011-0675"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wujie Wen","raw_affiliation_strings":["Lehigh University"],"affiliations":[{"raw_affiliation_string":"Lehigh University","institution_ids":["https://openalex.org/I186143895"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5048064145"],"corresponding_institution_ids":["https://openalex.org/I186143895"],"apc_list":null,"apc_paid":null,"fwci":0.2651,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.63744815,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8143264055252075},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.719104528427124},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5160958170890808},{"id":"https://openalex.org/keywords/edge-device","display_name":"Edge device","score":0.484222412109375},{"id":"https://openalex.org/keywords/quantization","display_name":"Quantization (signal processing)","score":0.4690692126750946},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.44030192494392395},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.43928900361061096},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4376237690448761},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.4353655278682709},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41320428252220154},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39484772086143494},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.19775396585464478},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.17806211113929749},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.1394929587841034}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8143264055252075},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.719104528427124},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5160958170890808},{"id":"https://openalex.org/C138236772","wikidata":"https://www.wikidata.org/wiki/Q25098575","display_name":"Edge device","level":3,"score":0.484222412109375},{"id":"https://openalex.org/C28855332","wikidata":"https://www.wikidata.org/wiki/Q198099","display_name":"Quantization (signal processing)","level":2,"score":0.4690692126750946},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.44030192494392395},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.43928900361061096},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4376237690448761},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.4353655278682709},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41320428252220154},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39484772086143494},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.19775396585464478},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.17806211113929749},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.1394929587841034},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/dac18072.2020.9218633","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dac18072.2020.9218633","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 57th ACM/IEEE Design Automation Conference (DAC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W2024922353","https://openalex.org/W2051267297","https://openalex.org/W2096733369","https://openalex.org/W2119144962","https://openalex.org/W2133665775","https://openalex.org/W2193413348","https://openalex.org/W2194775991","https://openalex.org/W2300242332","https://openalex.org/W2535690855","https://openalex.org/W2566079294","https://openalex.org/W2748818695","https://openalex.org/W2757528734","https://openalex.org/W2919115771","https://openalex.org/W2964299589","https://openalex.org/W3137695714","https://openalex.org/W6677580257","https://openalex.org/W6687566353","https://openalex.org/W6787972765"],"related_works":["https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W4237162029","https://openalex.org/W2367268135","https://openalex.org/W2385701518","https://openalex.org/W4237464767","https://openalex.org/W2068562251","https://openalex.org/W4252295672","https://openalex.org/W4386245174","https://openalex.org/W4200132709"],"abstract_inverted_index":{"Machine":[0],"learning":[1,22],"models":[2,92,116],"have":[3],"been":[4],"widely":[5],"deployed":[6],"in":[7,51,71,97],"many":[8],"real-world":[9],"tasks.":[10],"When":[11],"a":[12,19,52,55,100,134,161],"non-expert":[13],"data":[14,60,107,147,202],"holder":[15,61],"wants":[16],"to":[17,30,78,159],"use":[18],"third-party":[20],"machine":[21],"service":[23],"for":[24,42,120],"model":[25,66,143],"training,":[26],"it":[27],"is":[28,69,76],"critical":[29],"preserve":[31,195],"the":[32,35,43,47,80,85,142,196],"confidentiality":[33],"of":[34,200],"training":[36,63,81,106],"data.":[37],"In":[38],"this":[39,152],"paper,":[40],"we":[41,154],"first":[44],"time":[45],"explore":[46],"potential":[48],"privacy":[49],"leakage":[50],"scenario":[53],"that":[54,117,126,191],"malicious":[56],"ML":[57],"provider":[58,75],"offers":[59],"customized":[62],"code":[64],"including":[65],"compression":[67],"which":[68],"essential":[70],"practical":[72],"deployment":[73],"The":[74],"unable":[77],"access":[79],"process":[82],"hosted":[83],"by":[84,140],"secured":[86],"third":[87],"party,":[88],"but":[89,163],"could":[90],"inquire":[91],"when":[93],"they":[94],"are":[95,118,184],"released":[96],"public.":[98],"As":[99],"result,":[101],"adversary":[102,172],"can":[103,131,194],"extract":[104],"sensitive":[105],"with":[108],"high":[109],"quality":[110,148],"even":[111],"from":[112,170,203],"these":[113],"deeply":[114],"compressed":[115,204],"tailored":[119],"resource-limited":[121],"devices.":[122],"Our":[123],"investigation":[124],"shows":[125],"existing":[127],"compressions":[128],"like":[129],"quantization,":[130,183],"serve":[132],"as":[133],"defense":[135],"against":[136],"such":[137],"an":[138,156,171],"attack,":[139],"degrading":[141],"accuracy":[144],"and":[145,198],"memorized":[146],"simultaneously.":[149],"To":[150],"overcome":[151],"defense,":[153],"take":[155],"initial":[157],"attempt":[158],"design":[160],"simple":[162],"stealthy":[164],"quantized":[165],"correlation":[166,180],"encoding":[167],"attack":[168],"flow":[169],"perspective.":[173],"Three":[174],"integrated":[175],"components-data":[176],"pre-processing,":[177],"layer-wise":[178],"data-weight":[179],"regularization,":[181],"data-aware":[182],"developed":[185],"accordingly.":[186],"Extensive":[187],"experimental":[188],"results":[189],"show":[190],"our":[192],"framework":[193],"evasiveness":[197],"effectiveness":[199],"stealing":[201],"models.":[205]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}