{"id":"https://openalex.org/W4285555619","doi":"https://doi.org/10.1109/tifs.2021.3139777","title":"Gradient Leakage Attack Resilient Deep Learning","display_name":"Gradient Leakage Attack Resilient Deep Learning","publication_year":2021,"publication_date":"2021-12-30","ids":{"openalex":"https://openalex.org/W4285555619","doi":"https://doi.org/10.1109/tifs.2021.3139777"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2021.3139777","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3139777","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069331320","display_name":"Wenqi Wei","orcid":"https://orcid.org/0000-0001-9177-114X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Wenqi Wei","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100343991","display_name":"Ling Liu","orcid":"https://orcid.org/0000-0002-4138-3082"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ling Liu","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5069331320"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":6.5782,"has_fulltext":false,"cited_by_count":73,"citation_normalized_percentile":{"value":0.97240549,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":"17","issue":null,"first_page":"303","last_page":"316"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9900000095367432,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.9045401811599731},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8125976324081421},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.7100884914398193},{"id":"https://openalex.org/keywords/leakage","display_name":"Leakage (economics)","score":0.5924124121665955},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5450357794761658},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.5096900463104248},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.5090870261192322},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.44919490814208984},{"id":"https://openalex.org/keywords/stochastic-gradient-descent","display_name":"Stochastic gradient descent","score":0.4100077152252197},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3443140387535095},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.31554603576660156},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.23298552632331848},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.18916508555412292}],"concepts":[{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.9045401811599731},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8125976324081421},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.7100884914398193},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.5924124121665955},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5450357794761658},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.5096900463104248},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.5090870261192322},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.44919490814208984},{"id":"https://openalex.org/C206688291","wikidata":"https://www.wikidata.org/wiki/Q7617819","display_name":"Stochastic gradient descent","level":3,"score":0.4100077152252197},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3443140387535095},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.31554603576660156},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.23298552632331848},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.18916508555412292},{"id":"https://openalex.org/C139719470","wikidata":"https://www.wikidata.org/wiki/Q39680","display_name":"Macroeconomics","level":1,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2021.3139777","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3139777","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5600000023841858}],"awards":[{"id":"https://openalex.org/G1662070074","display_name":null,"funder_award_id":"NSF 2038029","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8600453951","display_name":null,"funder_award_id":"NSF 1564097","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":67,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1873763122","https://openalex.org/W1992926795","https://openalex.org/W2027595342","https://openalex.org/W2051267297","https://openalex.org/W2101771965","https://openalex.org/W2167372639","https://openalex.org/W2180612164","https://openalex.org/W2473418344","https://openalex.org/W2535690855","https://openalex.org/W2591882872","https://openalex.org/W2757528734","https://openalex.org/W2781091734","https://openalex.org/W2784621220","https://openalex.org/W2785361959","https://openalex.org/W2897830718","https://openalex.org/W2903776253","https://openalex.org/W2919337578","https://openalex.org/W2927692314","https://openalex.org/W2950943617","https://openalex.org/W2963313259","https://openalex.org/W2963378725","https://openalex.org/W2963456518","https://openalex.org/W2963857521","https://openalex.org/W2964054038","https://openalex.org/W2964162474","https://openalex.org/W2969261410","https://openalex.org/W2970408908","https://openalex.org/W2970606380","https://openalex.org/W3000479830","https://openalex.org/W3045469364","https://openalex.org/W3047250731","https://openalex.org/W3085804918","https://openalex.org/W3089239039","https://openalex.org/W3102360395","https://openalex.org/W3103401990","https://openalex.org/W3132138018","https://openalex.org/W3138758728","https://openalex.org/W3161357657","https://openalex.org/W3175192640","https://openalex.org/W4285555619","https://openalex.org/W4288358239","https://openalex.org/W4298221930","https://openalex.org/W4304760154","https://openalex.org/W4387665628","https://openalex.org/W6637162671","https://openalex.org/W6638545294","https://openalex.org/W6639056083","https://openalex.org/W6677855611","https://openalex.org/W6682937675","https://openalex.org/W6746720608","https://openalex.org/W6747732332","https://openalex.org/W6747855403","https://openalex.org/W6752346538","https://openalex.org/W6752985224","https://openalex.org/W6756699189","https://openalex.org/W6762803017","https://openalex.org/W6763818813","https://openalex.org/W6767236195","https://openalex.org/W6773039429","https://openalex.org/W6775482175","https://openalex.org/W6775563089","https://openalex.org/W6781018368","https://openalex.org/W6784311791","https://openalex.org/W6786060194","https://openalex.org/W6803839457","https://openalex.org/W6806063377"],"related_works":["https://openalex.org/W4401550921","https://openalex.org/W4361791424","https://openalex.org/W3123987581","https://openalex.org/W2358406440","https://openalex.org/W4296973715","https://openalex.org/W2352435628","https://openalex.org/W3093310219","https://openalex.org/W4387193529","https://openalex.org/W3101646702","https://openalex.org/W3175365978"],"abstract_inverted_index":{"Gradient":[0],"leakage":[1,76,85,139,146],"attacks":[2],"are":[3,72,186],"considered":[4],"one":[5],"of":[6,98,192],"the":[7,114,124,128,190,229],"wickedest":[8],"privacy":[9,48,60,70,91,121,153,158,226,249],"threats":[10],"in":[11,116,165,241],"deep":[12,44,55,87,99,148,222,230],"learning":[13,45,56,88,100,149,223,231],"as":[14],"attackers":[15],"covertly":[16],"spy":[17],"gradient":[18,75,84,138,145,193],"updates":[19,194],"during":[20,195],"iterative":[21],"training":[22,26,33],"without":[23],"compromising":[24],"model":[25,198],"quality,":[27],"and":[28,134,181,208,236,251],"yet":[29],"secretly":[30],"reconstruct":[31],"sensitive":[32],"data":[34],"using":[35,119,156,232],"leaked":[36],"gradients":[37,115],"with":[38,46,58,68,89,101,151,224],"high":[39,252],"attack":[40,253],"success":[41],"rate.":[42],"Although":[43],"differential":[47,59,90,102,152,248],"is":[49,135],"a":[50,144],"defacto":[51],"standard":[52],"for":[53],"publishing":[54],"models":[57],"guarantee,":[61,250],"we":[62,94,142,201],"show":[63,218],"that":[64,163,219],"differentially":[65,196,220],"private":[66,197,221],"algorithms":[67],"fixed":[69,106,120,233],"parameters":[71,227],"vulnerable":[73,136],"against":[74],"attacks.":[77,140],"This":[78],"paper":[79],"investigates":[80],"alternative":[81,174,210],"approaches":[82,240],"to":[83,109,113,137,176,189,206],"resilient":[86,147],"(DP).":[92],"<i>First</i>,":[93],"analyze":[95],"existing":[96,237],"implementation":[97],"privacy,":[103],"which":[104,185],"use":[105],"noise":[107,112,167,179,183],"variance":[108,180],"injects":[110],"constant":[111,166],"all":[117,242],"layers":[118],"parameters.":[122,159],"Despite":[123],"DP":[125,234],"guarantee":[126,154],"provided,":[127],"method":[129],"suffers":[130],"from":[131],"low":[132],"accuracy":[133,245],"<i>Second</i>,":[141],"present":[143,173],"approach":[150],"by":[155],"dynamic":[157,170,225],"Unlike":[160],"fixed-parameter":[161],"strategies":[162,172],"result":[164],"variance,":[168],"different":[169],"parameter":[171],"techniques":[175],"introduce":[177],"adaptive":[178,182,238],"injection":[184],"closely":[187],"aligned":[188],"trend":[191],"training.":[199],"<i>Finally</i>,":[200],"describe":[202],"four":[203],"complementary":[204],"metrics":[205],"evaluate":[207],"compare":[209],"approaches.":[211],"Extensive":[212],"experiments":[213],"on":[214],"six":[215],"benchmark":[216],"datasets":[217],"outperforms":[228],"parameters,":[235],"clipping":[239],"aspects:":[243],"compelling":[244],"performance,":[246],"strong":[247],"resilience.":[254]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":25},{"year":2024,"cited_by_count":25},{"year":2023,"cited_by_count":21},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}