{"id":"https://openalex.org/W2051267297","doi":"https://doi.org/10.1145/2810103.2813677","title":"Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures","display_name":"Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2051267297","doi":"https://doi.org/10.1145/2810103.2813677","mag":"2051267297"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2813677","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2810103.2813677","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2813677","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2813677","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Matt Fredrikson","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["University of Wisconsin - Madison, Madison, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Wisconsin - Madison, Madison, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003774887","display_name":"Thomas Ristenpart","orcid":"https://orcid.org/0000-0002-8642-9558"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Ristenpart","raw_affiliation_strings":["Cornell Tech, New York City, USA","Cornell Tech, New York City, USA#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cornell Tech, New York City, USA","institution_ids":["https://openalex.org/I205783295"]},{"raw_affiliation_string":"Cornell Tech, New York City, USA#TAB#","institution_ids":["https://openalex.org/I205783295"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5057424614"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":62.3203,"has_fulltext":true,"cited_by_count":2733,"citation_normalized_percentile":{"value":0.99900846,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1322","last_page":"1333"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12296","display_name":"Autopsy Techniques and Outcomes","score":0.9404000043869019,"subfield":{"id":"https://openalex.org/subfields/2741","display_name":"Radiology, Nuclear Medicine and Imaging"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8281739354133606},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7960236072540283},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.702056884765625},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5505667924880981},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.5167195200920105},{"id":"https://openalex.org/keywords/medical-diagnosis","display_name":"Medical diagnosis","score":0.46511131525039673},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.29153740406036377}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8281739354133606},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7960236072540283},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.702056884765625},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5505667924880981},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.5167195200920105},{"id":"https://openalex.org/C534262118","wikidata":"https://www.wikidata.org/wiki/Q177719","display_name":"Medical diagnosis","level":2,"score":0.46511131525039673},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29153740406036377},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2810103.2813677","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2810103.2813677","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2813677","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2810103.2813677","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2810103.2813677","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2810103.2813677","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7200000286102295}],"awards":[{"id":"https://openalex.org/G1604000856","display_name":null,"funder_award_id":"CNS-1546033 CNS-1330308 CNS-1065134","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6283383606","display_name":null,"funder_award_id":"FA8650-10-C-7088","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2051267297.pdf","grobid_xml":"https://content.openalex.org/works/W2051267297.grobid-xml"},"referenced_works_count":29,"referenced_works":["https://openalex.org/W179368776","https://openalex.org/W1473189865","https://openalex.org/W1515782956","https://openalex.org/W1552221946","https://openalex.org/W1872489089","https://openalex.org/W2005286252","https://openalex.org/W2019735187","https://openalex.org/W2040228409","https://openalex.org/W2050164782","https://openalex.org/W2075291208","https://openalex.org/W2079115533","https://openalex.org/W2095272373","https://openalex.org/W2110868467","https://openalex.org/W2120806354","https://openalex.org/W2130325614","https://openalex.org/W2135930857","https://openalex.org/W2141481372","https://openalex.org/W2141640676","https://openalex.org/W2145287260","https://openalex.org/W2151298633","https://openalex.org/W2160744452","https://openalex.org/W2172013424","https://openalex.org/W2296452361","https://openalex.org/W2350778671","https://openalex.org/W2911978475","https://openalex.org/W2963924367","https://openalex.org/W3193652844","https://openalex.org/W3210232381","https://openalex.org/W6803376173"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Machine-learning":[0],"(ML)":[1],"algorithms":[2],"are":[3,88,122,140],"increasingly":[4],"utilized":[5],"in":[6,27,34,90,99,147,159],"privacy-sensitive":[7],"applications":[8],"such":[9],"as":[10,106,205,207],"predicting":[11],"lifestyle":[12,104,149],"choices,":[13],"making":[14],"medical":[15],"diagnoses,":[16],"and":[17,95,111,176],"facial":[18,115],"recognition.":[19,116],"In":[20,117],"a":[21,28,70,91,145,148,191,199],"model":[22,46,57,74],"inversion":[23,58,75],"attack,":[24],"recently":[25],"introduced":[26],"case":[29],"study":[30],"of":[31,73,93,169,187,202,224],"linear":[32],"classifiers":[33],"personalized":[35],"medicine":[36],"by":[37],"Fredrikson":[38],"et":[39],"al.,":[40],"adversarial":[41],"access":[42,177],"to":[43,49,61,124,129,133,142,152,165,178,230],"an":[44],"ML":[45,180],"is":[47,66,198,217],"abused":[48],"learn":[50],"sensitive":[51],"genomic":[52],"information":[53],"about":[54],"individuals.":[55],"Whether":[56],"attacks":[59,87,138,226],"apply":[60],"settings":[62],"outside":[63],"theirs,":[64],"however,":[65],"unknown.":[67],"We":[68,135,182],"develop":[69],"new":[71,86],"class":[72],"attack":[76],"that":[77,139,197,215,218],"exploits":[78],"confidence":[79,120,211],"values":[80,121],"revealed":[81,123],"along":[82],"with":[83,126,227],"predictions.":[84],"Our":[85],"applicable":[89],"variety":[92],"settings,":[94],"we":[96],"explore":[97],"two":[98],"depth:":[100],"decision":[101,193],"trees":[102],"for":[103,114],"surveys":[105],"used":[107],"on":[108,154],"machine-learning-as-a-service":[109],"systems":[110],"neural":[112],"networks":[113],"both":[118],"cases":[119],"those":[125],"the":[127,160,179],"ability":[128],"make":[130],"prediction":[131],"queries":[132],"models.":[134],"experimentally":[136],"show":[137,163],"able":[141],"estimate":[143],"whether":[144],"respondent":[146],"survey":[150],"admitted":[151],"cheating":[153],"their":[155,174],"significant":[156],"other":[157,161],"and,":[158],"context,":[162],"how":[164],"recover":[166],"recognizable":[167],"images":[168],"people's":[170],"faces":[171],"given":[172],"only":[173,209],"name":[175],"model.":[181],"also":[183],"initiate":[184],"experimental":[185],"exploration":[186],"natural":[188],"countermeasures,":[189],"investigating":[190],"privacy-aware":[192],"tree":[194],"training":[195],"algorithm":[196],"simple":[200],"variant":[201],"CART":[203],"learning,":[204],"well":[206],"revealing":[208],"rounded":[210],"values.":[212],"The":[213],"lesson":[214],"emerges":[216],"one":[219],"can":[220],"avoid":[221],"these":[222],"kinds":[223],"MI":[225],"negligible":[228],"degradation":[229],"utility.":[231]},"counts_by_year":[{"year":2026,"cited_by_count":59},{"year":2025,"cited_by_count":359},{"year":2024,"cited_by_count":393},{"year":2023,"cited_by_count":434},{"year":2022,"cited_by_count":364},{"year":2021,"cited_by_count":448},{"year":2020,"cited_by_count":330},{"year":2019,"cited_by_count":205},{"year":2018,"cited_by_count":95},{"year":2017,"cited_by_count":34},{"year":2016,"cited_by_count":11},{"year":2012,"cited_by_count":1}],"updated_date":"2026-04-29T09:16:38.111599","created_date":"2025-10-10T00:00:00"}