{"id":"https://openalex.org/W2884943453","doi":"https://doi.org/10.1145/3243734.3243855","title":"Machine Learning with Membership Privacy using Adversarial Regularization","display_name":"Machine Learning with Membership Privacy using Adversarial Regularization","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2884943453","doi":"https://doi.org/10.1145/3243734.3243855","mag":"2884943453"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3243855","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3243855","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243855","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243855","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059480732","display_name":"Milad Nasr","orcid":"https://orcid.org/0000-0002-1913-6157"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Milad Nasr","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA, USA"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA, USA","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084892128","display_name":"Reza Shokri","orcid":"https://orcid.org/0000-0001-9816-0173"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Reza Shokri","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018588864","display_name":"Amir Houmansadr","orcid":"https://orcid.org/0000-0002-7553-6657"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Amir Houmansadr","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA, USA"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA, USA","institution_ids":["https://openalex.org/I24603500"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5059480732"],"corresponding_institution_ids":["https://openalex.org/I24603500"],"apc_list":null,"apc_paid":null,"fwci":29.2783,"has_fulltext":true,"cited_by_count":426,"citation_normalized_percentile":{"value":0.99641705,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"634","last_page":"646"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9553999900817871,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8044743537902832},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6945837140083313},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6662436127662659},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6237421631813049},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5862031579017639},{"id":"https://openalex.org/keywords/regularization","display_name":"Regularization (linguistics)","score":0.5536895990371704},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4873886704444885},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.47574493288993835},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.4231705069541931},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4144706130027771},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.41321030259132385},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.4106300473213196}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8044743537902832},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6945837140083313},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6662436127662659},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6237421631813049},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5862031579017639},{"id":"https://openalex.org/C2776135515","wikidata":"https://www.wikidata.org/wiki/Q17143721","display_name":"Regularization (linguistics)","level":2,"score":0.5536895990371704},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4873886704444885},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.47574493288993835},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.4231705069541931},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4144706130027771},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.41321030259132385},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.4106300473213196},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3243734.3243855","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3243855","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243855","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:scholarbank.nus.edu.sg:10635/172810","is_oa":false,"landing_page_url":"https://scholarbank.nus.edu.sg/handle/10635/172810","pdf_url":null,"source":{"id":"https://openalex.org/S7407052290","display_name":"National University of Singapore","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Elements","raw_type":"Conference Paper"}],"best_oa_location":{"id":"doi:10.1145/3243734.3243855","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3243855","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3243855","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6200000047683716}],"awards":[{"id":"https://openalex.org/G283930402","display_name":null,"funder_award_id":"CNS-1525642","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G592795549","display_name":null,"funder_award_id":"1525642","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2884943453.pdf","grobid_xml":"https://content.openalex.org/works/W2884943453.grobid-xml"},"referenced_works_count":46,"referenced_works":["https://openalex.org/W1506806321","https://openalex.org/W1528076390","https://openalex.org/W1574220596","https://openalex.org/W1590012787","https://openalex.org/W1873763122","https://openalex.org/W1992926795","https://openalex.org/W2019735187","https://openalex.org/W2027595342","https://openalex.org/W2040228409","https://openalex.org/W2051267297","https://openalex.org/W2060871119","https://openalex.org/W2067064328","https://openalex.org/W2091825929","https://openalex.org/W2095272373","https://openalex.org/W2099471712","https://openalex.org/W2110868467","https://openalex.org/W2119874464","https://openalex.org/W2127208184","https://openalex.org/W2141481372","https://openalex.org/W2198253679","https://openalex.org/W2317002898","https://openalex.org/W2435473771","https://openalex.org/W2460441129","https://openalex.org/W2473418344","https://openalex.org/W2520881573","https://openalex.org/W2532520288","https://openalex.org/W2535690855","https://openalex.org/W2618530766","https://openalex.org/W2619371851","https://openalex.org/W2701059868","https://openalex.org/W2739748921","https://openalex.org/W2767079719","https://openalex.org/W2788502731","https://openalex.org/W2793398195","https://openalex.org/W2951851447","https://openalex.org/W2963080984","https://openalex.org/W2963373786","https://openalex.org/W2963446712","https://openalex.org/W2963794891","https://openalex.org/W2964020641","https://openalex.org/W2964040467","https://openalex.org/W2964318098","https://openalex.org/W3101704102","https://openalex.org/W3118608800","https://openalex.org/W4205228770","https://openalex.org/W4236965008"],"related_works":["https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W4283221438","https://openalex.org/W2900159906","https://openalex.org/W4384648009","https://openalex.org/W4287828318","https://openalex.org/W2406556600","https://openalex.org/W4380352238","https://openalex.org/W3126470649","https://openalex.org/W2930249865"],"abstract_inverted_index":{"Machine":[0],"learning":[1,26,49],"models":[2,57],"leak":[3],"significant":[4],"amount":[5],"of":[6,24,43,67,87,115,124,154,176],"information":[7],"about":[8],"their":[9,13],"training":[10,72,108,159],"sets,":[11],"through":[12],"predictions.":[14],"This":[15,82,128],"is":[16],"a":[17,28,53,68,101,141,188],"serious":[18],"privacy":[19,134,156],"concern":[20],"for":[21],"the":[22,41,65,79,85,88,95,112,116,121,125,147,151,169,174,192],"users":[23],"machine":[25,48],"as":[27,100,118,120,140],"service.":[29],"To":[30],"address":[31],"this":[32,35,99,186],"concern,":[33],"in":[34,191],"paper,":[36],"we":[37],"focus":[38],"on":[39,70,158],"mitigating":[40],"risks":[42,175],"black-box":[44,90],"inference":[45,92,126,178],"attacks":[46,179],"against":[47,94],"models.":[50],"We":[51,97,149,166],"introduce":[52],"mechanism":[54,157],"to":[55],"train":[56],"with":[58,187],"membership":[59,91,133,177],"privacy,":[60],"which":[61,130],"ensures":[62],"indistinguishability":[63],"between":[64],"predictions":[66],"model":[69,117],"its":[71],"data":[73,76],"and":[74,104,144,183],"other":[75],"points":[77],"(from":[78],"same":[80],"distribution).":[81],"requires":[83],"minimizing":[84],"accuracy":[86,195],"best":[89],"attack":[93],"model.":[96,148],"formalize":[98],"min-max":[102,170],"game,":[103],"design":[105],"an":[106],"adversarial":[107],"algorithm":[109],"that":[110,168],"minimizes":[111],"prediction":[113,136,194],"loss":[114],"well":[119],"maximum":[122],"gain":[123],"attacks.":[127],"strategy,":[129],"can":[131,172,184],"guarantee":[132],"(as":[135],"indistinguishability),":[137],"acts":[138],"also":[139],"strong":[142],"regularizer":[143],"helps":[145],"generalizing":[146],"evaluate":[150],"practical":[152],"feasibility":[153],"our":[155],"deep":[160],"neural":[161],"networks":[162],"using":[163],"benchmark":[164],"datasets.":[165],"show":[167],"strategy":[171],"mitigate":[173],"(near":[180],"random":[181],"guess),":[182],"achieve":[185],"negligible":[189],"drop":[190],"model's":[193],"(less":[196],"than":[197],"4%).":[198]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":54},{"year":2024,"cited_by_count":67},{"year":2023,"cited_by_count":64},{"year":2022,"cited_by_count":63},{"year":2021,"cited_by_count":80},{"year":2020,"cited_by_count":52},{"year":2019,"cited_by_count":35},{"year":2018,"cited_by_count":6}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}