{"id":"https://openalex.org/W4388886075","doi":"https://doi.org/10.1145/3605764.3623905","title":"Information Leakage from Data Updates in Machine Learning Models","display_name":"Information Leakage from Data Updates in Machine Learning Models","publication_year":2023,"publication_date":"2023-11-21","ids":{"openalex":"https://openalex.org/W4388886075","doi":"https://doi.org/10.1145/3605764.3623905"},"language":"en","primary_location":{"id":"doi:10.1145/3605764.3623905","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623905","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072287826","display_name":"Tian Hui","orcid":"https://orcid.org/0009-0000-6549-9314"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Tian Hui","raw_affiliation_strings":["The University of Melbourne, Parkville, Australia"],"raw_orcid":"https://orcid.org/0009-0000-6549-9314","affiliations":[{"raw_affiliation_string":"The University of Melbourne, Parkville, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068636477","display_name":"Farhad Farokhi","orcid":"https://orcid.org/0000-0002-5102-7073"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Farhad Farokhi","raw_affiliation_strings":["The University of Melbourne, Parkville, Australia"],"raw_orcid":"https://orcid.org/0000-0002-5102-7073","affiliations":[{"raw_affiliation_string":"The University of Melbourne, Parkville, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011082117","display_name":"Olga Ohrimenko","orcid":"https://orcid.org/0000-0002-9735-0538"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Olga Ohrimenko","raw_affiliation_strings":["The University of Melbourne, Parkville, Australia"],"raw_orcid":"https://orcid.org/0000-0002-9735-0538","affiliations":[{"raw_affiliation_string":"The University of Melbourne, Parkville, Australia","institution_ids":["https://openalex.org/I165779595"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.4895,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.71942727,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"35","last_page":"41"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.9890000224113464,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.822809100151062},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6719733476638794},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5969144105911255},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5559642910957336},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4973185360431671},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.49202296137809753},{"id":"https://openalex.org/keywords/perceptron","display_name":"Perceptron","score":0.45179226994514465},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.41087308526039124},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.18221953511238098},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.14865273237228394}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.822809100151062},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6719733476638794},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5969144105911255},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5559642910957336},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4973185360431671},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.49202296137809753},{"id":"https://openalex.org/C60908668","wikidata":"https://www.wikidata.org/wiki/Q690207","display_name":"Perceptron","level":3,"score":0.45179226994514465},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.41087308526039124},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.18221953511238098},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.14865273237228394}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3605764.3623905","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623905","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6600000262260437,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W1488996941","https://openalex.org/W1873763122","https://openalex.org/W2051267297","https://openalex.org/W2535690855","https://openalex.org/W3023153742","https://openalex.org/W3027379683","https://openalex.org/W3096214574","https://openalex.org/W3150395569","https://openalex.org/W3214968384","https://openalex.org/W4288057780","https://openalex.org/W4308644392"],"related_works":["https://openalex.org/W2082756648","https://openalex.org/W2055243143","https://openalex.org/W3194278305","https://openalex.org/W2289648981","https://openalex.org/W1565459987","https://openalex.org/W2095999892","https://openalex.org/W2018764758","https://openalex.org/W2383689843","https://openalex.org/W1550668881","https://openalex.org/W2801655275"],"abstract_inverted_index":{"In":[0],"this":[1],"paper":[2],"we":[3,75,160],"consider":[4],"the":[5,20,39,50,57,64,67,72,104,107,111,115,141,156,176,183,190,198,205,213,224,241],"setting":[6],"where":[7],"machine":[8,58,233],"learning":[9,59,234],"models":[10,235],"are":[11,88,95,168,195],"retrained":[12],"on":[13,103,123,223],"updated":[14,116,157,196,214],"datasets":[15,126],"in":[16,38,66,106,145,149,182,240],"order":[17],"to":[18,44,54,71,151,154,171,175,197,210,230,236],"incorporate":[19],"most":[21],"up-to-date":[22],"information":[23,34,147],"or":[24,83,97],"reflect":[25],"distribution":[26],"shifts.":[27],"We":[28,99,118,135],"investigate":[29],"whether":[30],"one":[31],"can":[32,143],"infer":[33],"about":[35],"these":[36],"updates":[37],"training":[40,85],"data":[41,86,93,163],"(e.g.,":[42],"changes":[43,218],"attribute":[45,79,193,237],"values":[46,167,215],"of":[47,56,80,110,140,179,232],"records).":[48],"Here,":[49],"adversary":[51],"has":[52],"access":[53,153],"snapshots":[55,139],"model":[60,113,142],"before":[61],"and":[62,114,131],"after":[63],"change":[65],"dataset":[68],"occurs.":[69],"Contrary":[70],"existing":[73],"literature,":[74],"assume":[76],"that":[77,137,162],"an":[78],"a":[81,220],"single":[82],"multiple":[84,187],"points":[87,174],"changed":[89],"rather":[90],"than":[91],"entire":[92],"records":[94,164,188],"removed":[96],"added.":[98],"propose":[100],"attacks":[101,181,239],"based":[102],"difference":[105],"prediction":[108],"confidence":[109],"original":[112,192],"model.":[117,158,226],"evaluate":[119],"our":[120],"attack":[121],"methods":[122],"two":[124,138],"public":[125],"along":[127],"with":[128,165,189],"multi-layer":[129],"perceptron":[130],"logistic":[132],"regression":[133],"models.":[134],"validate":[136],"result":[144],"higher":[146],"leakage":[148],"comparison":[150],"having":[152],"only":[155],"Moreover,":[159],"observe":[161],"rare":[166],"more":[169,208],"vulnerable":[170],"attacks,":[172],"which":[173],"disparate":[177],"vulnerability":[178,231],"privacy":[180],"update":[184,242],"setting.":[185,243],"When":[186],"same":[191,199],"value":[194,201],"new":[200],"(i.e.,":[202],"repeated":[203,217],"changes),":[204],"attacker":[206],"is":[207],"likely":[209],"correctly":[211],"guess":[212],"since":[216],"leave":[219],"larger":[221],"footprint":[222],"trained":[225],"These":[227],"observations":[228],"point":[229],"inference":[238]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}