{"id":"https://openalex.org/W4405182454","doi":"https://doi.org/10.1145/3658644.3690304","title":"Analyzing Inference Privacy Risks Through Gradients In Machine Learning","display_name":"Analyzing Inference Privacy Risks Through Gradients In Machine Learning","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405182454","doi":"https://doi.org/10.1145/3658644.3690304"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690304","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690304","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690304","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690304","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063107365","display_name":"Zhuohang Li","orcid":"https://orcid.org/0000-0001-5559-4094"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zhuohang Li","raw_affiliation_strings":["Vanderbilt University, Nashville, TN, USA"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University, Nashville, TN, USA","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115060923","display_name":"Andrew Lowy","orcid":null},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Lowy","raw_affiliation_strings":["University of Wisconsin-Madison, Madison, WI, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison, Madison, WI, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100374974","display_name":"Jing Liu","orcid":"https://orcid.org/0000-0002-1712-2966"},"institutions":[{"id":"https://openalex.org/I4210159266","display_name":"Mitsubishi Electric (United States)","ror":"https://ror.org/053jnhe44","country_code":"US","type":"company","lineage":["https://openalex.org/I1306287861","https://openalex.org/I4210133125","https://openalex.org/I4210159266"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jing Liu","raw_affiliation_strings":["Mitsubishi Electric Research Laboratories, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Mitsubishi Electric Research Laboratories, Cambridge, MA, USA","institution_ids":["https://openalex.org/I4210159266"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023338067","display_name":"Toshiaki Koike\u2010Akino","orcid":"https://orcid.org/0000-0002-2578-5372"},"institutions":[{"id":"https://openalex.org/I4210159266","display_name":"Mitsubishi Electric (United States)","ror":"https://ror.org/053jnhe44","country_code":"US","type":"company","lineage":["https://openalex.org/I1306287861","https://openalex.org/I4210133125","https://openalex.org/I4210159266"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Toshiaki Koike-Akino","raw_affiliation_strings":["Mitsubishi Electric Research Laboratories, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Mitsubishi Electric Research Laboratories, Cambridge, MA, USA","institution_ids":["https://openalex.org/I4210159266"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024747748","display_name":"Kieran Parsons","orcid":"https://orcid.org/0000-0002-4957-8140"},"institutions":[{"id":"https://openalex.org/I4210159266","display_name":"Mitsubishi Electric (United States)","ror":"https://ror.org/053jnhe44","country_code":"US","type":"company","lineage":["https://openalex.org/I1306287861","https://openalex.org/I4210133125","https://openalex.org/I4210159266"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kieran Parsons","raw_affiliation_strings":["Mitsubishi Electric Research Laboratories, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Mitsubishi Electric Research Laboratories, Cambridge, MA, USA","institution_ids":["https://openalex.org/I4210159266"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090647314","display_name":"Bradley Malin","orcid":"https://orcid.org/0000-0003-3040-5175"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bradley Malin","raw_affiliation_strings":["Vanderbilt University, Nashville, TN, USA"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University, Nashville, TN, USA","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100423404","display_name":"Ye Wang","orcid":"https://orcid.org/0000-0001-5220-1830"},"institutions":[{"id":"https://openalex.org/I4210159266","display_name":"Mitsubishi Electric (United States)","ror":"https://ror.org/053jnhe44","country_code":"US","type":"company","lineage":["https://openalex.org/I1306287861","https://openalex.org/I4210133125","https://openalex.org/I4210159266"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ye Wang","raw_affiliation_strings":["Mitsubishi Electric Research Laboratories, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Mitsubishi Electric Research Laboratories, Cambridge, MA, USA","institution_ids":["https://openalex.org/I4210159266"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5063107365"],"corresponding_institution_ids":["https://openalex.org/I200719446"],"apc_list":null,"apc_paid":null,"fwci":1.7034,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.87376768,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"3466","last_page":"3480"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11612","display_name":"Stochastic Gradient Optimization Techniques","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8252465724945068},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.706545889377594},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.657910943031311},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.6120635271072388},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5661731362342834},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5328401327133179},{"id":"https://openalex.org/keywords/bottleneck","display_name":"Bottleneck","score":0.5288727283477783},{"id":"https://openalex.org/keywords/information-sensitivity","display_name":"Information sensitivity","score":0.5012507438659668},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.43968886137008667},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.43828973174095154},{"id":"https://openalex.org/keywords/gradient-descent","display_name":"Gradient descent","score":0.42859748005867004},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.41806313395500183},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.22010955214500427}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8252465724945068},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.706545889377594},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.657910943031311},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.6120635271072388},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5661731362342834},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5328401327133179},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.5288727283477783},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.5012507438659668},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.43968886137008667},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.43828973174095154},{"id":"https://openalex.org/C153258448","wikidata":"https://www.wikidata.org/wiki/Q1199743","display_name":"Gradient descent","level":3,"score":0.42859748005867004},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.41806313395500183},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.22010955214500427},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.0},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690304","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690304","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690304","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690304","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690304","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690304","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3497591915","display_name":null,"funder_award_id":"(NIH)","funder_id":"https://openalex.org/F4320332161","funder_display_name":"National Institutes of Health"},{"id":"https://openalex.org/G6412897046","display_name":null,"funder_award_id":"U54HG012510","funder_id":"https://openalex.org/F4320332161","funder_display_name":"National Institutes of Health"}],"funders":[{"id":"https://openalex.org/F4320332161","display_name":"National Institutes of Health","ror":"https://ror.org/01cwqze88"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405182454.pdf","grobid_xml":"https://content.openalex.org/works/W4405182454.grobid-xml"},"referenced_works_count":59,"referenced_works":["https://openalex.org/W95608104","https://openalex.org/W1834627138","https://openalex.org/W1873763122","https://openalex.org/W1997855593","https://openalex.org/W2030931454","https://openalex.org/W2051267297","https://openalex.org/W2060393849","https://openalex.org/W2085662862","https://openalex.org/W2473418344","https://openalex.org/W2509316321","https://openalex.org/W2512472178","https://openalex.org/W2515654213","https://openalex.org/W2535690855","https://openalex.org/W2592232824","https://openalex.org/W2786602455","https://openalex.org/W2897830718","https://openalex.org/W2912023992","https://openalex.org/W2930926105","https://openalex.org/W2962835266","https://openalex.org/W2963456518","https://openalex.org/W2963564844","https://openalex.org/W2963699739","https://openalex.org/W2963844355","https://openalex.org/W2970606380","https://openalex.org/W2983140679","https://openalex.org/W3014541599","https://openalex.org/W3033211044","https://openalex.org/W3034957837","https://openalex.org/W3035168593","https://openalex.org/W3035616549","https://openalex.org/W3097714942","https://openalex.org/W3099542802","https://openalex.org/W3103245149","https://openalex.org/W3122816307","https://openalex.org/W3154109599","https://openalex.org/W3156508770","https://openalex.org/W3172312230","https://openalex.org/W3175192640","https://openalex.org/W3189913556","https://openalex.org/W3200345107","https://openalex.org/W3211753216","https://openalex.org/W3212332209","https://openalex.org/W3213758553","https://openalex.org/W4212774754","https://openalex.org/W4283070861","https://openalex.org/W4287822453","https://openalex.org/W4288057780","https://openalex.org/W4308410483","https://openalex.org/W4308644392","https://openalex.org/W4312809802","https://openalex.org/W4312933868","https://openalex.org/W4315779442","https://openalex.org/W4366328114","https://openalex.org/W4372263415","https://openalex.org/W4385080314","https://openalex.org/W4385679781","https://openalex.org/W4388925648","https://openalex.org/W6803903061","https://openalex.org/W6888840370"],"related_works":["https://openalex.org/W2019704260","https://openalex.org/W2900631219","https://openalex.org/W4391095118","https://openalex.org/W4212899026","https://openalex.org/W4390570329","https://openalex.org/W2795052735","https://openalex.org/W2603823019","https://openalex.org/W2758544064","https://openalex.org/W3010824232","https://openalex.org/W4286750579"],"abstract_inverted_index":{"In":[0],"distributed":[1,103],"learning":[2],"settings,":[3],"models":[4],"are":[5],"iteratively":[6],"updated":[7],"with":[8],"shared":[9],"gradients":[10],"computed":[11],"from":[12,41,147],"potentially":[13],"sensitive":[14],"user":[15,61],"data.":[16],"While":[17],"previous":[18],"work":[19],"has":[20],"studied":[21],"various":[22,82],"privacy":[23,98,165],"risks":[24],"of":[25,54,68,90,110,142,163],"sharing":[26],"gradients,":[27],"our":[28],"paper":[29],"aims":[30],"to":[31,36,96],"provide":[32,134],"a":[33,45,51,152],"systematic":[34],"approach":[35],"analyze":[37],"private":[38],"information":[39,121],"leakage":[40],"gradients.":[42,148],"We":[43,63,105,133],"present":[44],"unified":[46],"game-based":[47],"framework":[48],"that":[49],"encompasses":[50],"broad":[52],"range":[53],"attacks":[55,101],"including":[56],"attribute,":[57],"property,":[58],"distributional,":[59],"and":[60,123,129],"disclosures.":[62],"investigate":[64],"how":[65],"different":[66],"uncertainties":[67],"the":[69,88,140,160],"adversary":[70,131],"affect":[71],"their":[72],"inferential":[73],"power":[74],"via":[75],"extensive":[76],"experiments":[77],"on":[78,93],"five":[79,108],"datasets":[80],"across":[81],"data":[83,94],"modalities.":[84],"Our":[85],"results":[86],"demonstrate":[87],"inefficacy":[89],"solely":[91],"relying":[92],"aggregation":[95],"achieve":[97],"against":[99,145],"inference":[100,146,157],"in":[102],"learning.":[104],"further":[106],"evaluate":[107],"types":[109],"defenses,":[111],"namely,":[112],"gradient":[113,116],"pruning,":[114],"signed":[115],"descent,":[117],"adversarial":[118,168],"perturbations,":[119],"variational":[120],"bottleneck,":[122],"differential":[124],"privacy,":[125,158],"under":[126],"both":[127],"static":[128],"adaptive":[130],"settings.":[132],"an":[135],"information-theoretic":[136],"view":[137],"for":[138,154],"analyzing":[139],"effectiveness":[141],"these":[143],"defenses":[144],"Finally,":[149],"we":[150],"introduce":[151],"method":[153],"auditing":[155],"attribute":[156],"improving":[159],"empirical":[161],"estimation":[162],"worst-case":[164],"through":[166],"crafting":[167],"canary":[169],"records.":[170]},"counts_by_year":[{"year":2025,"cited_by_count":5}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}