{"id":"https://openalex.org/W4387298282","doi":"https://doi.org/10.1145/3607199.3607232","title":"PrivMon: A Stream-Based System for Real-Time Privacy Attack Detection for Machine Learning Models","display_name":"PrivMon: A Stream-Based System for Real-Time Privacy Attack Detection for Machine Learning Models","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298282","doi":"https://doi.org/10.1145/3607199.3607232"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607232","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607232","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607232","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607232","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008102121","display_name":"Myeongseob Ko","orcid":"https://orcid.org/0000-0002-1219-9016"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Myeongseob Ko","raw_affiliation_strings":["Virginia Tech, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-1219-9016","affiliations":[{"raw_affiliation_string":"Virginia Tech, United States of America","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073670575","display_name":"Xinyu Yang","orcid":"https://orcid.org/0000-0002-8512-1922"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinyu Yang","raw_affiliation_strings":["Virginia Tech, USA"],"raw_orcid":"https://orcid.org/0000-0002-8512-1922","affiliations":[{"raw_affiliation_string":"Virginia Tech, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027356543","display_name":"Zhengjie Ji","orcid":"https://orcid.org/0009-0008-0900-6456"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhengjie Ji","raw_affiliation_strings":["Virginia Tech, USA"],"raw_orcid":"https://orcid.org/0009-0008-0900-6456","affiliations":[{"raw_affiliation_string":"Virginia Tech, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082453482","display_name":"Hoang Anh Just","orcid":"https://orcid.org/0009-0002-6094-2473"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hoang Anh Just","raw_affiliation_strings":["Virginia Tech, USA"],"raw_orcid":"https://orcid.org/0009-0002-6094-2473","affiliations":[{"raw_affiliation_string":"Virginia Tech, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102796137","display_name":"Peng Gao","orcid":"https://orcid.org/0000-0002-9342-9863"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Gao","raw_affiliation_strings":["Virginia Tech, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-9342-9863","affiliations":[{"raw_affiliation_string":"Virginia Tech, United States of America","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101943453","display_name":"Anoop Kumar","orcid":"https://orcid.org/0009-0007-9124-7541"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anoop Kumar","raw_affiliation_strings":["Amazon, USA"],"raw_orcid":"https://orcid.org/0009-0007-9124-7541","affiliations":[{"raw_affiliation_string":"Amazon, USA","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5032275274","display_name":"Ruoxi Jia","orcid":"https://orcid.org/0000-0001-9662-9556"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruoxi Jia","raw_affiliation_strings":["Virginia Tech, USA"],"raw_orcid":"https://orcid.org/0000-0001-9662-9556","affiliations":[{"raw_affiliation_string":"Virginia Tech, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3263,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.65623061,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"264","last_page":"281"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9840999841690063,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8085803985595703},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7515227794647217},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5763852596282959},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.5684904456138611},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5611917972564697},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.505195677280426},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4697105288505554},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4656098186969757},{"id":"https://openalex.org/keywords/private-information-retrieval","display_name":"Private information retrieval","score":0.4314202070236206},{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.4216320514678955},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40821388363838196},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3778136968612671}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8085803985595703},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7515227794647217},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5763852596282959},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.5684904456138611},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5611917972564697},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.505195677280426},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4697105288505554},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4656098186969757},{"id":"https://openalex.org/C99221444","wikidata":"https://www.wikidata.org/wiki/Q1532069","display_name":"Private information retrieval","level":2,"score":0.4314202070236206},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.4216320514678955},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40821388363838196},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3778136968612671},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3607199.3607232","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607232","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607232","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/116596","is_oa":true,"landing_page_url":"http://hdl.handle.net/10919/116596","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/c5804113-bdfa-45f6-8c35-7deeffe1b780/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1145/3607199.3607232","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607232","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607232","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5199999809265137,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387298282.pdf","grobid_xml":"https://content.openalex.org/works/W4387298282.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W1834627138","https://openalex.org/W1985511977","https://openalex.org/W1992926795","https://openalex.org/W2019464758","https://openalex.org/W2024922353","https://openalex.org/W2051267297","https://openalex.org/W2067713319","https://openalex.org/W2108598243","https://openalex.org/W2162006472","https://openalex.org/W2194775991","https://openalex.org/W2473418344","https://openalex.org/W2535690855","https://openalex.org/W2884943453","https://openalex.org/W2946363484","https://openalex.org/W2962770929","https://openalex.org/W2962785568","https://openalex.org/W2983140679","https://openalex.org/W2998702515","https://openalex.org/W3015625436","https://openalex.org/W3034892461","https://openalex.org/W3035616549","https://openalex.org/W3091857398","https://openalex.org/W3104224589","https://openalex.org/W3177170788","https://openalex.org/W3214437258","https://openalex.org/W4229820657","https://openalex.org/W4288057780","https://openalex.org/W4312307529"],"related_works":["https://openalex.org/W2801622120","https://openalex.org/W2164141394","https://openalex.org/W4240977217","https://openalex.org/W3036524962","https://openalex.org/W2508088450","https://openalex.org/W2515148583","https://openalex.org/W2105136957","https://openalex.org/W3109877713","https://openalex.org/W3089060762","https://openalex.org/W4295136046"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"(ML)":[2],"models":[3],"can":[4,28,91],"expose":[5],"the":[6,30,39,49,53,72,75,80,85,97,100,110],"private":[7],"information":[8,41],"of":[9,74,99,113],"training":[10,31,82],"data":[11,32],"when":[12],"confronted":[13],"with":[14,21,62],"privacy":[15,60],"attacks.":[16],"Specifically,":[17],"a":[18,25],"malicious":[19],"user":[20],"black-box":[22,63],"access":[23],"to":[24],"ML-as-a-service":[26],"platform":[27,103],"reconstruct":[29],"(i.e.,":[33,42,104],"model":[34,77,81,86,93],"inversion":[35],"attacks)":[36,45],"or":[37,84],"infer":[38],"membership":[40,43],"inference":[44],"simply":[46],"by":[47],"querying":[48],"ML":[50,76],"model.":[51],"Despite":[52],"pressing":[54],"need":[55],"for":[56],"effective":[57],"defenses":[58,90],"against":[59],"attacks":[61],"access,":[64],"existing":[65,114],"approaches":[66],"have":[67],"mostly":[68],"focused":[69],"on":[70],"enhancing":[71],"robustness":[73],"via":[78],"modifying":[79],"process":[83],"prediction":[87],"process.":[88],"These":[89,106],"compromise":[92],"utility":[94],"and":[95],"require":[96],"cooperation":[98],"underlying":[101],"AI":[102],"platform-dependent).":[105],"constraints":[107],"largely":[108],"limit":[109],"real-world":[111],"applicability":[112],"defenses.":[115]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}