{"id":"https://openalex.org/W2912023992","doi":"https://doi.org/10.1109/tsc.2019.2897554","title":"Demystifying Membership Inference Attacks in Machine Learning as a Service","display_name":"Demystifying Membership Inference Attacks in Machine Learning as a Service","publication_year":2019,"publication_date":"2019-02-05","ids":{"openalex":"https://openalex.org/W2912023992","doi":"https://doi.org/10.1109/tsc.2019.2897554","mag":"2912023992"},"language":"en","primary_location":{"id":"doi:10.1109/tsc.2019.2897554","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tsc.2019.2897554","pdf_url":null,"source":{"id":"https://openalex.org/S204223317","display_name":"IEEE Transactions on Services Computing","issn_l":"1939-1374","issn":["1939-1374","2372-0204"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Services Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066370292","display_name":"Stacey Truex","orcid":"https://orcid.org/0000-0002-8274-645X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Stacey Truex","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-8274-645X","affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100343991","display_name":"Ling Liu","orcid":"https://orcid.org/0000-0002-4138-3082"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ling Liu","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-4138-3082","affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052765649","display_name":"Mehmet Emre G\u00fcrsoy","orcid":"https://orcid.org/0000-0002-7676-0167"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mehmet Emre Gursoy","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0002-7676-0167","affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100445935","display_name":"Lei Yu","orcid":"https://orcid.org/0000-0002-9188-6112"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lei Yu","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069331320","display_name":"Wenqi Wei","orcid":"https://orcid.org/0000-0001-9177-114X"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenqi Wei","raw_affiliation_strings":["School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"],"raw_orcid":"https://orcid.org/0000-0001-9177-114X","affiliations":[{"raw_affiliation_string":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5066370292"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":17.1949,"has_fulltext":false,"cited_by_count":277,"citation_normalized_percentile":{"value":0.99311872,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"14","issue":"6","first_page":"2073","last_page":"2089"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.9750000238418579,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8183391094207764},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.7727746963500977},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.7412551641464233},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6303807497024536},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.621735155582428},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5927761793136597},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.5408665537834167},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.5360420346260071},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4148724675178528},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.35448938608169556}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8183391094207764},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.7727746963500977},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7412551641464233},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6303807497024536},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.621735155582428},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5927761793136597},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.5408665537834167},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.5360420346260071},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4148724675178528},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35448938608169556}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tsc.2019.2897554","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tsc.2019.2897554","pdf_url":null,"source":{"id":"https://openalex.org/S204223317","display_name":"IEEE Transactions on Services Computing","issn_l":"1939-1374","issn":["1939-1374","2372-0204"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Services Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5899999737739563,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G3841196840","display_name":null,"funder_award_id":"1547102","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5206010609","display_name":null,"funder_award_id":"1564097","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":64,"referenced_works":["https://openalex.org/W55681943","https://openalex.org/W200920430","https://openalex.org/W1534477342","https://openalex.org/W1614298861","https://openalex.org/W1673923490","https://openalex.org/W2010523825","https://openalex.org/W2027595342","https://openalex.org/W2090117217","https://openalex.org/W2091432990","https://openalex.org/W2098191394","https://openalex.org/W2101234009","https://openalex.org/W2109426455","https://openalex.org/W2125667824","https://openalex.org/W2136504847","https://openalex.org/W2160815625","https://openalex.org/W2180612164","https://openalex.org/W2194775991","https://openalex.org/W2274565976","https://openalex.org/W2397857137","https://openalex.org/W2398935881","https://openalex.org/W2408141691","https://openalex.org/W2533641151","https://openalex.org/W2535690855","https://openalex.org/W2573908344","https://openalex.org/W2591382767","https://openalex.org/W2617174679","https://openalex.org/W2732505563","https://openalex.org/W2753840555","https://openalex.org/W2777449390","https://openalex.org/W2778284298","https://openalex.org/W2786233556","https://openalex.org/W2788502731","https://openalex.org/W2798657499","https://openalex.org/W2884943453","https://openalex.org/W2911964244","https://openalex.org/W2950577311","https://openalex.org/W2963857521","https://openalex.org/W2964153729","https://openalex.org/W3118608800","https://openalex.org/W3120740533","https://openalex.org/W3143088208","https://openalex.org/W4205228770","https://openalex.org/W4248437541","https://openalex.org/W4250806791","https://openalex.org/W4300511536","https://openalex.org/W6602201320","https://openalex.org/W6632075054","https://openalex.org/W6636510571","https://openalex.org/W6637162671","https://openalex.org/W6674781479","https://openalex.org/W6675354045","https://openalex.org/W6678630487","https://openalex.org/W6680140577","https://openalex.org/W6694611762","https://openalex.org/W6714069269","https://openalex.org/W6719080892","https://openalex.org/W6738406820","https://openalex.org/W6744389324","https://openalex.org/W6746849571","https://openalex.org/W6747385936","https://openalex.org/W6747553010","https://openalex.org/W6748544737","https://openalex.org/W6750182894","https://openalex.org/W6787972765"],"related_works":["https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W4214858327","https://openalex.org/W4387796593","https://openalex.org/W2604394466","https://openalex.org/W2952603690","https://openalex.org/W2941205169","https://openalex.org/W4328053081","https://openalex.org/W4382288699","https://openalex.org/W2741594031"],"abstract_inverted_index":{"Membership":[0],"inference":[1,48,67,121,127,184],"attacks":[2,49],"seek":[3],"to":[4,14,117,145,182],"infer":[5],"membership":[6,32,47,66,120,126,146,183],"of":[7,11,31,60,63,75,85,88,162],"individual":[8],"training":[9],"instances":[10],"a":[12,22,42,57,64,82,86,112,190],"model":[13,76,79,93,113,140,164,170],"which":[15],"an":[16,28],"adversary":[17,188],"has":[18],"black-box":[19,65,119],"access":[20],"through":[21,81],"machine":[23,36,89],"learning-as-a-service":[24],"API.":[25],"In":[26],"providing":[27],"in-depth":[29],"characterization":[30],"privacy":[33],"risks":[34,185],"against":[35],"learning":[37,90,179],"models,":[38],"this":[39],"paper":[40],"presents":[41],"comprehensive":[43],"study":[44],"towards":[45],"demystifying":[46],"from":[50,104],"two":[51],"complimentary":[52],"perspectives.":[53],"First,":[54],"we":[55,71,107],"provide":[56],"generalized":[58],"formulation":[59],"the":[61,73,160,168,187],"development":[62],"attack":[68,133,166,169,174],"model.":[69],"Second,":[70],"characterize":[72,108],"importance":[74],"choice":[77],"on":[78],"vulnerability":[80,128],"systematic":[83],"evaluation":[84],"variety":[87],"models":[91,134],"and":[92,101,131,176,196],"combinations":[94],"using":[95,159],"multiple":[96],"datasets.":[97,151],"Through":[98],"formal":[99],"analysis":[100],"empirical":[102,153],"evidence":[103],"extensive":[105],"experimentation,":[106],"under":[109,165],"what":[110],"conditions":[111],"may":[114,171],"be":[115],"vulnerable":[116],"such":[118],"attacks.":[122],"We":[123,192],"show":[124,156],"that":[125,157],"is":[129,189],"data-driven":[130],"corresponding":[132],"are":[135],"largely":[136],"transferable.":[137],"Though":[138],"different":[139,143,150],"types":[141],"display":[142],"vulnerabilities":[144,181],"inference,":[147],"so":[148],"do":[149],"Our":[152],"results":[154],"additionally":[155],"(1)":[158],"type":[161],"target":[163],"within":[167],"not":[172],"increase":[173],"effectiveness":[175],"(2)":[177],"collaborative":[178],"exposes":[180],"when":[186],"participant.":[191],"also":[193],"discuss":[194],"countermeasure":[195],"mitigation":[197],"strategies.":[198]},"counts_by_year":[{"year":2026,"cited_by_count":7},{"year":2025,"cited_by_count":43},{"year":2024,"cited_by_count":61},{"year":2023,"cited_by_count":46},{"year":2022,"cited_by_count":47},{"year":2021,"cited_by_count":39},{"year":2020,"cited_by_count":26},{"year":2019,"cited_by_count":7},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}