{"id":"https://openalex.org/W4361801857","doi":"https://doi.org/10.1109/tpami.2023.3262813","title":"Automatic Transformation Search Against Deep Leakage From Gradients","display_name":"Automatic Transformation Search Against Deep Leakage From Gradients","publication_year":2023,"publication_date":"2023-03-29","ids":{"openalex":"https://openalex.org/W4361801857","doi":"https://doi.org/10.1109/tpami.2023.3262813","pmid":"https://pubmed.ncbi.nlm.nih.gov/37030873"},"language":"en","primary_location":{"id":"doi:10.1109/tpami.2023.3262813","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tpami.2023.3262813","pdf_url":null,"source":{"id":"https://openalex.org/S199944782","display_name":"IEEE Transactions on Pattern Analysis and Machine Intelligence","issn_l":"0162-8828","issn":["0162-8828","1939-3539","2160-9292"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Pattern Analysis and Machine Intelligence","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","pubmed"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100732619","display_name":"Wei Gao","orcid":"https://orcid.org/0000-0002-7048-1722"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Wei Gao","raw_affiliation_strings":["S-Lab and School of Computer Science and Engineering, Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"S-Lab and School of Computer Science and Engineering, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100437329","display_name":"Xu Zhang","orcid":"https://orcid.org/0009-0004-5608-6955"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xu Zhang","raw_affiliation_strings":["College of Computer Science, Chongqing University, Chongqing, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science, Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073264981","display_name":"Shangwei Guo","orcid":"https://orcid.org/0000-0002-6443-5308"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shangwei Guo","raw_affiliation_strings":["College of Computer Science, Chongqing University, Chongqing, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science, Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101591101","display_name":"Tianwei Zhang","orcid":"https://orcid.org/0000-0001-6595-6650"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Tianwei Zhang","raw_affiliation_strings":["School of Computer Science and Engineering, Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079461118","display_name":"Tao Xiang","orcid":"https://orcid.org/0000-0002-9439-4623"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tao Xiang","raw_affiliation_strings":["College of Computer Science, Chongqing University, Chongqing, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science, Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019692903","display_name":"Han Qiu","orcid":"https://orcid.org/0000-0003-2678-8070"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Han Qiu","raw_affiliation_strings":["Institute for Network Sciences and Cyberspace, BNRist, Tsinghua University and Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute for Network Sciences and Cyberspace, BNRist, Tsinghua University and Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041572550","display_name":"Yonggang Wen","orcid":"https://orcid.org/0000-0002-2751-5114"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yonggang Wen","raw_affiliation_strings":["School of Computer Science and Engineering, Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["School of Computer Science and Engineering, Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5100732619"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":1.7684,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.87371962,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"45","issue":"9","first_page":"10650","last_page":"10668"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9639000296592712,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8423651456832886},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.7253038883209229},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.6699774861335754},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6676430702209473},{"id":"https://openalex.org/keywords/preprocessor","display_name":"Preprocessor","score":0.5970672369003296},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5670583248138428},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5474822521209717},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.5378379821777344},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4961908459663391},{"id":"https://openalex.org/keywords/transformation","display_name":"Transformation (genetics)","score":0.4859069883823395},{"id":"https://openalex.org/keywords/data-transformation","display_name":"Data transformation","score":0.4616242051124573},{"id":"https://openalex.org/keywords/data-pre-processing","display_name":"Data pre-processing","score":0.43055835366249084},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.35365772247314453},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2731618285179138},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.24499043822288513}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8423651456832886},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.7253038883209229},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.6699774861335754},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6676430702209473},{"id":"https://openalex.org/C34736171","wikidata":"https://www.wikidata.org/wiki/Q918333","display_name":"Preprocessor","level":2,"score":0.5970672369003296},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5670583248138428},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5474822521209717},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.5378379821777344},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4961908459663391},{"id":"https://openalex.org/C204241405","wikidata":"https://www.wikidata.org/wiki/Q461499","display_name":"Transformation (genetics)","level":3,"score":0.4859069883823395},{"id":"https://openalex.org/C150670458","wikidata":"https://www.wikidata.org/wiki/Q4272815","display_name":"Data transformation","level":3,"score":0.4616242051124573},{"id":"https://openalex.org/C10551718","wikidata":"https://www.wikidata.org/wiki/Q5227332","display_name":"Data pre-processing","level":2,"score":0.43055835366249084},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35365772247314453},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2731618285179138},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.24499043822288513},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C135572916","wikidata":"https://www.wikidata.org/wiki/Q193351","display_name":"Data warehouse","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tpami.2023.3262813","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tpami.2023.3262813","pdf_url":null,"source":{"id":"https://openalex.org/S199944782","display_name":"IEEE Transactions on Pattern Analysis and Machine Intelligence","issn_l":"0162-8828","issn":["0162-8828","1939-3539","2160-9292"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Pattern Analysis and Machine Intelligence","raw_type":"journal-article"},{"id":"pmid:37030873","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/37030873","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE transactions on pattern analysis and machine intelligence","raw_type":null},{"id":"pmh:oai:dr.ntu.edu.sg:10356/172192","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/172192","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal Article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4000000059604645}],"awards":[{"id":"https://openalex.org/G1546930127","display_name":null,"funder_award_id":"U20A20176","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3550020321","display_name":null,"funder_award_id":"U21A20463","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4846082509","display_name":null,"funder_award_id":"AcRF Tier 2 MOE-T2EP20121-0006","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"},{"id":"https://openalex.org/G5928885788","display_name":null,"funder_award_id":"NRF2018NCR-NCR009-0001","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G7041478377","display_name":null,"funder_award_id":"62102052","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8326818770","display_name":null,"funder_award_id":"AcRF Tier 1 RS02/19","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"}],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"},{"id":"https://openalex.org/F4320320751","display_name":"Ministry of Education - Singapore","ror":"https://ror.org/01kcva023"},{"id":"https://openalex.org/F4320320766","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":107,"referenced_works":["https://openalex.org/W1513873506","https://openalex.org/W1834627138","https://openalex.org/W2002546114","https://openalex.org/W2051434435","https://openalex.org/W2060393849","https://openalex.org/W2108598243","https://openalex.org/W2141983208","https://openalex.org/W2168231600","https://openalex.org/W2194775991","https://openalex.org/W2473418344","https://openalex.org/W2533598788","https://openalex.org/W2553303224","https://openalex.org/W2591882872","https://openalex.org/W2750384547","https://openalex.org/W2783106047","https://openalex.org/W2783522756","https://openalex.org/W2804047946","https://openalex.org/W2894740066","https://openalex.org/W2896422817","https://openalex.org/W2912213068","https://openalex.org/W2930926105","https://openalex.org/W2943530662","https://openalex.org/W2949736877","https://openalex.org/W2963163009","https://openalex.org/W2963456518","https://openalex.org/W2963545917","https://openalex.org/W2963952467","https://openalex.org/W2970408908","https://openalex.org/W2971296908","https://openalex.org/W2977797911","https://openalex.org/W2982523334","https://openalex.org/W2989651853","https://openalex.org/W3000479830","https://openalex.org/W3005842225","https://openalex.org/W3007021553","https://openalex.org/W3018397821","https://openalex.org/W3024346083","https://openalex.org/W3032776053","https://openalex.org/W3033210410","https://openalex.org/W3034486793","https://openalex.org/W3034936311","https://openalex.org/W3035180373","https://openalex.org/W3037830434","https://openalex.org/W3043758338","https://openalex.org/W3071470454","https://openalex.org/W3087709229","https://openalex.org/W3093936016","https://openalex.org/W3094163844","https://openalex.org/W3103245149","https://openalex.org/W3104110119","https://openalex.org/W3104688113","https://openalex.org/W3106873467","https://openalex.org/W3107978053","https://openalex.org/W3110068734","https://openalex.org/W3111491915","https://openalex.org/W3118608800","https://openalex.org/W3128307059","https://openalex.org/W3130095188","https://openalex.org/W3163966458","https://openalex.org/W3166395393","https://openalex.org/W3172312230","https://openalex.org/W3175192640","https://openalex.org/W3175386621","https://openalex.org/W3205194258","https://openalex.org/W3212378239","https://openalex.org/W3214186668","https://openalex.org/W4225861966","https://openalex.org/W4226388234","https://openalex.org/W4288049153","https://openalex.org/W4293363185","https://openalex.org/W4295312788","https://openalex.org/W4295727797","https://openalex.org/W4312705808","https://openalex.org/W4312809802","https://openalex.org/W4319300193","https://openalex.org/W4320167258","https://openalex.org/W6684859321","https://openalex.org/W6729956949","https://openalex.org/W6732298257","https://openalex.org/W6743688258","https://openalex.org/W6755166560","https://openalex.org/W6762334975","https://openalex.org/W6762376514","https://openalex.org/W6764838729","https://openalex.org/W6766978945","https://openalex.org/W6769869542","https://openalex.org/W6772027524","https://openalex.org/W6773039429","https://openalex.org/W6774030073","https://openalex.org/W6776213126","https://openalex.org/W6779062925","https://openalex.org/W6779248606","https://openalex.org/W6779348065","https://openalex.org/W6779374246","https://openalex.org/W6779439017","https://openalex.org/W6779460946","https://openalex.org/W6779630500","https://openalex.org/W6780227212","https://openalex.org/W6783385351","https://openalex.org/W6784239669","https://openalex.org/W6784683552","https://openalex.org/W6786104136","https://openalex.org/W6787972765","https://openalex.org/W6790536367","https://openalex.org/W6803316053","https://openalex.org/W6810744337","https://openalex.org/W6849576524"],"related_works":["https://openalex.org/W2989490741","https://openalex.org/W138569904","https://openalex.org/W2367545121","https://openalex.org/W4248881655","https://openalex.org/W2482165163","https://openalex.org/W3010890513","https://openalex.org/W3092506759","https://openalex.org/W2390914021","https://openalex.org/W2389417819","https://openalex.org/W2393746579"],"abstract_inverted_index":{"Collaborative":[0],"learning":[1],"has":[2],"gained":[3],"great":[4],"popularity":[5],"due":[6],"to":[7,51,72,76,94,108,130],"its":[8],"benefit":[9],"of":[10,112],"data":[11,74,115,138],"privacy":[12,116],"protection:":[13],"participants":[14],"can":[15,34,144,176],"jointly":[16],"train":[17],"a":[18,126,136],"Deep":[19],"Learning":[20],"model":[21,118,192],"without":[22,153],"sharing":[23],"their":[24],"training":[25,39,96,151,156],"sets.":[26],"However,":[27],"recent":[28],"works":[29],"discovered":[30,172],"that":[31,169],"an":[32],"adversary":[33,93],"fully":[35],"recover":[36],"the":[37,42,92,99,110,121,155,170,191],"sensitive":[38,82],"samples":[40,97],"from":[41,98,135],"shared":[43],"gradients.":[44,101],"Such":[45],"reconstruction":[46,68,179],"attacks":[47,69,180],"pose":[48],"severe":[49],"threats":[50],"collaborative":[52,150,182],"learning.":[53],"Hence,":[54],"effective":[55],"mitigation":[56],"solutions":[57],"are":[58],"urgently":[59],"desired.":[60],"In":[61],"this":[62],"paper,":[63],"we":[64,124],"systematically":[65],"analyze":[66],"existing":[67,149],"and":[70,117,187],"propose":[71],"leverage":[73],"augmentation":[75,139],"defeat":[77,177],"these":[78],"attacks:":[79],"by":[80,173],"preprocessing":[81],"images":[83],"with":[84,148,184],"carefully-selected":[85],"transformation":[86],"policies,":[87],"it":[88],"becomes":[89],"infeasible":[90],"for":[91],"extract":[95],"corresponding":[100],"We":[102,158],"first":[103],"design":[104,125],"two":[105,122],"new":[106],"metrics":[107],"quantify":[109],"impacts":[111],"transformations":[113],"on":[114,162,190],"usability.":[119],"With":[120],"metrics,":[123],"novel":[127],"search":[128],"method":[129,143,175],"automatically":[131],"discover":[132],"qualified":[133],"policies":[134,171],"given":[137],"library.":[140],"Our":[141],"defense":[142],"be":[145],"further":[146],"combined":[147],"systems":[152],"modifying":[154],"protocols.":[157],"conduct":[159],"comprehensive":[160],"experiments":[161],"various":[163],"system":[164],"settings.":[165],"Evaluation":[166],"results":[167],"demonstrate":[168],"our":[174],"state-of-the-art":[178],"in":[181],"learning,":[183],"high":[185],"efficiency":[186],"negligible":[188],"impact":[189],"performance.":[193]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":4}],"updated_date":"2026-03-13T16:22:10.518609","created_date":"2025-10-10T00:00:00"}