{"id":"https://openalex.org/W4415524174","doi":"https://doi.org/10.1109/mlsp62443.2025.11204331","title":"Demem: Privacy-Enhanced Robust Adversarial Learning via De-Memorization","display_name":"Demem: Privacy-Enhanced Robust Adversarial Learning via De-Memorization","publication_year":2025,"publication_date":"2025-08-31","ids":{"openalex":"https://openalex.org/W4415524174","doi":"https://doi.org/10.1109/mlsp62443.2025.11204331"},"language":"en","primary_location":{"id":"doi:10.1109/mlsp62443.2025.11204331","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mlsp62443.2025.11204331","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 35th International Workshop on Machine Learning for Signal Processing (MLSP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.1109/MLSP62443.2025.11204331","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081780695","display_name":"Xiaoyu Luo","orcid":"https://orcid.org/0000-0002-8753-4210"},"institutions":[{"id":"https://openalex.org/I891191580","display_name":"Aalborg University","ror":"https://ror.org/04m5j1k67","country_code":"DK","type":"education","lineage":["https://openalex.org/I891191580"]}],"countries":["DK"],"is_corresponding":true,"raw_author_name":"Xiaoyu Luo","raw_affiliation_strings":["Aalborg University,Department of Electronic Systems,Copenhagen,Denmark"],"affiliations":[{"raw_affiliation_string":"Aalborg University,Department of Electronic Systems,Copenhagen,Denmark","institution_ids":["https://openalex.org/I891191580"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062097625","display_name":"Qiongxiu Li","orcid":"https://orcid.org/0000-0002-2487-5149"},"institutions":[{"id":"https://openalex.org/I891191580","display_name":"Aalborg University","ror":"https://ror.org/04m5j1k67","country_code":"DK","type":"education","lineage":["https://openalex.org/I891191580"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Qiongxiu Li","raw_affiliation_strings":["Aalborg University,Department of Electronic Systems,Copenhagen,Denmark"],"affiliations":[{"raw_affiliation_string":"Aalborg University,Department of Electronic Systems,Copenhagen,Denmark","institution_ids":["https://openalex.org/I891191580"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5081780695"],"corresponding_institution_ids":["https://openalex.org/I891191580"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.16666705,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10775","display_name":"Generative Adversarial Networks and Image Synthesis","score":0.977400004863739,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.967199981212616,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9333999752998352},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5979999899864197},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.5389000177383423},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.484499990940094},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.47110000252723694},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.375900000333786},{"id":"https://openalex.org/keywords/leakage","display_name":"Leakage (economics)","score":0.36149999499320984}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9333999752998352},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7271000146865845},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5979999899864197},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.5389000177383423},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5354999899864197},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4932999908924103},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.484499990940094},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.47110000252723694},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4498000144958496},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.375900000333786},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.36149999499320984},{"id":"https://openalex.org/C3017597292","wikidata":"https://www.wikidata.org/wiki/Q25052250","display_name":"Privacy protection","level":2,"score":0.33799999952316284},{"id":"https://openalex.org/C2779545769","wikidata":"https://www.wikidata.org/wiki/Q5135364","display_name":"Closeness","level":2,"score":0.33000001311302185},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3102000057697296},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3068000078201294},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2944999933242798},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.2793000042438507},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.27379998564720154},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.2508000135421753}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/mlsp62443.2025.11204331","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mlsp62443.2025.11204331","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 35th International Workshop on Machine Learning for Signal Processing (MLSP)","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.atira.dk:publications/41cb687b-37c8-406f-a893-9bae7110cd84","is_oa":false,"landing_page_url":"https://vbn.aau.dk/da/publications/41cb687b-37c8-406f-a893-9bae7110cd84","pdf_url":null,"source":{"id":"https://openalex.org/S4306401731","display_name":"VBN Forskningsportal (Aalborg Universitet)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I891191580","host_organization_name":"Aalborg University","host_organization_lineage":["https://openalex.org/I891191580"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Luo, X & Li, Q 2025, Demem : Privacy-Enhanced Robust Adversarial Learning via De-Memorization. in 2025 IEEE 35th International Workshop on Machine Learning for Signal Processing (MLSP) : Signal Processing in the Age of Lorge Language Models, MLSP 2025., 11204331, IEEE (Institute of Electrical and Electronics Engineers), IEEE Workshop on Machine Learning for Signal Processing, 35th IEEE International Workshop on Machine Learning for Signal Processing, Istanbul, Turkey, 31/08/2025. https://doi.org/10.1109/MLSP62443.2025.11204331","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:zenodo.org:17861802","is_oa":true,"landing_page_url":"https://doi.org/10.1109/MLSP62443.2025.11204331","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"MLSP, International Workshop on Machine Learning for Signal Processing, Istanbul, 31 August - 03 September 2025","raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:17861802","is_oa":true,"landing_page_url":"https://doi.org/10.1109/MLSP62443.2025.11204331","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"MLSP, International Workshop on Machine Learning for Signal Processing, Istanbul, 31 August - 03 September 2025","raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W2194775991","https://openalex.org/W2473418344","https://openalex.org/W2535690855","https://openalex.org/W2795435272","https://openalex.org/W2798302089","https://openalex.org/W2911978475","https://openalex.org/W2913083933","https://openalex.org/W2946363484","https://openalex.org/W2963378725","https://openalex.org/W3035261884","https://openalex.org/W3170237968","https://openalex.org/W3211490561","https://openalex.org/W4225369406","https://openalex.org/W4288057780","https://openalex.org/W4312449667","https://openalex.org/W4393140557","https://openalex.org/W4402727210"],"related_works":[],"abstract_inverted_index":{"Balancing":[0],"adversarial":[1,20,23,60,159,178,196],"robustness":[2,21],"and":[3,105,158,177,195,216,225],"privacy":[4,29,42,55,103,156,167,186,206],"in":[5,44,59,228],"machine":[6,234],"learning":[7,235],"models":[8,46],"is":[9],"essential":[10,126],"yet":[11],"particularly":[12],"challenging.":[13],"Previous":[14],"studies":[15],"have":[16],"shown":[17],"that":[18,86,124,145,182],"enhancing":[19,229],"through":[22],"training":[24,94,179],"often":[25,120],"increases":[26],"vulnerability":[27],"to":[28,40,75,98,131,150],"attacks,":[30],"revealing":[31],"a":[32,81,142,152],"fundamental":[33],"tension":[34],"between":[35,155],"these":[36],"two":[37],"attributes.":[38],"How":[39],"reduce":[41],"leakage":[43,168,187,207],"robust":[45,190,217],"has":[47],"received":[48],"little":[49],"attention.":[50],"Existing":[51],"approaches":[52],"like":[53],"differential":[54],"(DP)":[56],"remain":[57],"ineffective":[58],"training,":[61],"as":[62],"it":[63],"can":[64],"severely":[65],"degrade":[66],"performance":[67,133,191],"(e.g.,":[68,198],"test":[69],"accuracy":[70],"dropping":[71],"from":[72],"50.87":[73],"%":[74,77,211],"20.35":[76],"on":[78,203],"CIFAR-100).":[79],"Through":[80],"detailed":[82],"analysis,":[83],"we":[84,139],"find":[85],"such":[87],"limitation":[88],"arises":[89],"because":[90],"DP":[91],"treats":[92],"all":[93],"samples":[95,117,123,149],"uniformly,":[96],"failing":[97],"account":[99],"for":[100,127],"the":[101,121,230],"diverse":[102],"risks":[104],"generalization":[106],"abilities":[107],"of":[108,233],"individual":[109],"samples.":[110,197],"This":[111],"oversight":[112],"disproportionately":[113],"impacts":[114],"relatively":[115],"low-risk":[116],"which":[118],"are":[119,125],"typical":[122],"model":[128],"robustness,":[129],"leading":[130],"undesired":[132],"degradation.":[134],"To":[135],"address":[136],"this":[137],"limitation,":[138],"propose":[140],"DeMem,":[141],"novel":[143],"method":[144],"selectively":[146],"targets":[147],"high-risk":[148],"achieve":[151],"better":[153],"balance":[154],"protection":[157],"robustness.":[160,171],"By":[161],"leveraging":[162],"sample-wise":[163],"granularity,":[164],"DeMem":[165,183,200],"minimizes":[166],"without":[169,212],"compromising":[170,213],"Extensive":[172],"evaluations":[173],"across":[174],"multiple":[175],"datasets":[176],"methods":[180],"demonstrate":[181],"significantly":[184],"reduces":[185,205],"while":[188],"maintaining":[189],"against":[192],"both":[193,214],"natural":[194],"implementing":[199],"with":[201],"PGD-AT":[202],"CIFAR-10":[204],"risk":[208],"by":[209],"8":[210],"nature":[215],"accuracy).":[218],"These":[219],"results":[220],"highlight":[221],"DeMem's":[222],"versatility,":[223],"effectiveness,":[224],"broad":[226],"applicability":[227],"trustworthy":[231],"attributes":[232],"models.":[236]},"counts_by_year":[],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-24T00:00:00"}