{"id":"https://openalex.org/W2981338466","doi":"https://doi.org/10.3233/jcs-191362","title":"Overfitting, robustness, and malicious algorithms: A study of potential causes of privacy risk in machine learning","display_name":"Overfitting, robustness, and malicious algorithms: A study of potential causes of privacy risk in machine learning","publication_year":2019,"publication_date":"2019-10-22","ids":{"openalex":"https://openalex.org/W2981338466","doi":"https://doi.org/10.3233/jcs-191362","mag":"2981338466"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-191362","is_oa":true,"landing_page_url":"https://doi.org/10.3233/jcs-191362","pdf_url":"https://content.iospress.com:443/download/journal-of-computer-security/jcs191362?id=journal-of-computer-security%2Fjcs191362","source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://content.iospress.com:443/download/journal-of-computer-security/jcs191362?id=journal-of-computer-security%2Fjcs191362","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083504716","display_name":"Samuel Yeom","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Samuel Yeom","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0syeom@cs.cmu.edu,\u00a0amenaged1@gmail.com,\u00a0mfredrik@cs.cmu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0syeom@cs.cmu.edu,\u00a0amenaged1@gmail.com,\u00a0mfredrik@cs.cmu.edu","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034360202","display_name":"Irene Giacomelli","orcid":"https://orcid.org/0000-0002-4589-287X"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Irene Giacomelli","raw_affiliation_strings":["Protocol Labs, San Francisco, CA, USA","University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0,\u00a0","University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0irene.giacomelli29@gmail.com,\u00a0jha@cs.wisc.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Protocol Labs, San Francisco, CA, USA","institution_ids":[]},{"raw_affiliation_string":"University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0,\u00a0","institution_ids":["https://openalex.org/I135310074"]},{"raw_affiliation_string":"University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0irene.giacomelli29@gmail.com,\u00a0jha@cs.wisc.edu","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046960177","display_name":"Alan Menaged","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alan Menaged","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0syeom@cs.cmu.edu,\u00a0amenaged1@gmail.com,\u00a0mfredrik@cs.cmu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0syeom@cs.cmu.edu,\u00a0amenaged1@gmail.com,\u00a0mfredrik@cs.cmu.edu","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matt Fredrikson","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0syeom@cs.cmu.edu,\u00a0amenaged1@gmail.com,\u00a0mfredrik@cs.cmu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA. E-mails:\u00a0syeom@cs.cmu.edu,\u00a0amenaged1@gmail.com,\u00a0mfredrik@cs.cmu.edu","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0,\u00a0","University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0irene.giacomelli29@gmail.com,\u00a0jha@cs.wisc.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0,\u00a0","institution_ids":["https://openalex.org/I135310074"]},{"raw_affiliation_string":"University of Wisconsin\u2013Madison, Madison, WI, USA. E-mails:\u00a0irene.giacomelli29@gmail.com,\u00a0jha@cs.wisc.edu","institution_ids":["https://openalex.org/I135310074"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5083504716"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":2.468,"has_fulltext":true,"cited_by_count":35,"citation_normalized_percentile":{"value":0.91821456,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"28","issue":"1","first_page":"35","last_page":"70"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.9868000149726868,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/overfitting","display_name":"Overfitting","score":0.929503858089447},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7968161106109619},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.7720907926559448},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7576587200164795},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6838791966438293},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5889597535133362},{"id":"https://openalex.org/keywords/bounded-function","display_name":"Bounded function","score":0.5159855484962463},{"id":"https://openalex.org/keywords/private-information-retrieval","display_name":"Private information retrieval","score":0.44654539227485657},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39941900968551636},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.354270339012146},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33048343658447266},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08895766735076904},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.08365601301193237}],"concepts":[{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.929503858089447},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7968161106109619},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.7720907926559448},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7576587200164795},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6838791966438293},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5889597535133362},{"id":"https://openalex.org/C34388435","wikidata":"https://www.wikidata.org/wiki/Q2267362","display_name":"Bounded function","level":2,"score":0.5159855484962463},{"id":"https://openalex.org/C99221444","wikidata":"https://www.wikidata.org/wiki/Q1532069","display_name":"Private information retrieval","level":2,"score":0.44654539227485657},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39941900968551636},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.354270339012146},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33048343658447266},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08895766735076904},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.08365601301193237},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-191362","is_oa":true,"landing_page_url":"https://doi.org/10.3233/jcs-191362","pdf_url":"https://content.iospress.com:443/download/journal-of-computer-security/jcs191362?id=journal-of-computer-security%2Fjcs191362","source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.3233/jcs-191362","is_oa":true,"landing_page_url":"https://doi.org/10.3233/jcs-191362","pdf_url":"https://content.iospress.com:443/download/journal-of-computer-security/jcs191362?id=journal-of-computer-security%2Fjcs191362","source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1574964069","display_name":null,"funder_award_id":"W911NF-17-1-0405","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G2067847097","display_name":"SaTC: CORE: Frontier: Collaborative: End-to-End Trustworthiness of Machine-Learning Systems","funder_award_id":"1804648","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2996532833","display_name":null,"funder_award_id":"CNS-1704845","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5086937178","display_name":null,"funder_award_id":"1704845","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G655514619","display_name":"CAREER:  Algorithmic Foundations and Modern Applications for Program Synthesis","funder_award_id":"1652140","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7452299184","display_name":null,"funder_award_id":"W911NF","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2981338466.pdf","grobid_xml":"https://content.openalex.org/works/W2981338466.grobid-xml"},"referenced_works_count":62,"referenced_works":["https://openalex.org/W27434444","https://openalex.org/W92292672","https://openalex.org/W180983570","https://openalex.org/W1473189865","https://openalex.org/W1503398984","https://openalex.org/W1515782956","https://openalex.org/W1663583528","https://openalex.org/W1773948110","https://openalex.org/W1838635991","https://openalex.org/W1982183556","https://openalex.org/W1982723861","https://openalex.org/W1992926795","https://openalex.org/W2017779503","https://openalex.org/W2019735187","https://openalex.org/W2033969181","https://openalex.org/W2040228409","https://openalex.org/W2050164782","https://openalex.org/W2051267297","https://openalex.org/W2075291208","https://openalex.org/W2083384763","https://openalex.org/W2095272373","https://openalex.org/W2101234009","https://openalex.org/W2105209441","https://openalex.org/W2110868467","https://openalex.org/W2120806354","https://openalex.org/W2120875981","https://openalex.org/W2123147099","https://openalex.org/W2141481372","https://openalex.org/W2159541603","https://openalex.org/W2162379889","https://openalex.org/W2167567739","https://openalex.org/W2168610667","https://openalex.org/W2180612164","https://openalex.org/W2225981128","https://openalex.org/W2248691201","https://openalex.org/W2378248953","https://openalex.org/W2506345529","https://openalex.org/W2512472178","https://openalex.org/W2535690855","https://openalex.org/W2603766943","https://openalex.org/W2757528734","https://openalex.org/W2766462876","https://openalex.org/W2795435272","https://openalex.org/W2897355816","https://openalex.org/W2911978475","https://openalex.org/W2913266441","https://openalex.org/W2946363484","https://openalex.org/W2962835266","https://openalex.org/W2962972504","https://openalex.org/W2963207607","https://openalex.org/W2963891150","https://openalex.org/W2964121744","https://openalex.org/W2964153729","https://openalex.org/W2964253222","https://openalex.org/W3102754027","https://openalex.org/W3143451908","https://openalex.org/W4285719527","https://openalex.org/W6600118084","https://openalex.org/W6600281463","https://openalex.org/W6600503824","https://openalex.org/W6635264123","https://openalex.org/W6684701029"],"related_works":["https://openalex.org/W4362597605","https://openalex.org/W1574414179","https://openalex.org/W4297676672","https://openalex.org/W3009056573","https://openalex.org/W2922073769","https://openalex.org/W4281702477","https://openalex.org/W2490526372","https://openalex.org/W4376166922","https://openalex.org/W4378510483","https://openalex.org/W196429367"],"abstract_inverted_index":{"Machine":[0],"learning":[1,95],"algorithms,":[2,175],"when":[3,112],"applied":[4],"to":[5,12,36,67,103,107,147,168,188,210],"sensitive":[6],"data,":[7],"pose":[8],"a":[9,56,79,190],"distinct":[10],"threat":[11],"privacy.":[13],"A":[14],"growing":[15],"body":[16],"of":[17,197],"prior":[18],"work":[19],"demonstrates":[20],"that":[21,53,89,99,137,145,153,162],"models":[22],"produced":[23],"by":[24],"these":[25,83,159,200],"algorithms":[26],"may":[27,204],"leak":[28],"specific":[29],"private":[30],"information":[31],"in":[32,91,207],"the":[33,41,51,86,113,128,143,180,195],"training":[34,57,174],"data":[35],"an":[37,63,105],"attacker,":[38],"either":[39],"through":[40],"models\u2019":[42],"structure":[43],"or":[44,62],"their":[45],"observable":[46],"behavior.":[47],"This":[48],"article":[49],"examines":[50],"factors":[52,84],"can":[54,176],"allow":[55,104],"set":[58],"membership":[59,109,131],"inference":[60,65,110,123,132],"attacker":[61,66,106],"attribute":[64,115,122,134],"learn":[68],"such":[69,165],"information.":[70],"Using":[71],"both":[72],"formal":[73],"and":[74,85,133,172,215],"empirical":[75],"analyses,":[76],"we":[77],"illustrate":[78],"clear":[80],"relationship":[81],"between":[82,130,142],"privacy":[87,181,214],"risk":[88],"arises":[90],"several":[92],"popular":[93],"machine":[94],"algorithms.":[96],"We":[97,125,151],"find":[98],"overfitting":[100,154],"is":[101,155,186],"sufficient":[102],"perform":[108],"and,":[111],"target":[114],"meets":[116],"certain":[117],"conditions":[118],"about":[119],"its":[120],"influence,":[121],"attacks.":[124,150,217],"also":[126,177],"explore":[127],"connection":[129],"inference,":[135],"showing":[136],"there":[138],"are":[139],"deep":[140],"connections":[141],"two":[144],"lead":[146],"effective":[148],"new":[149],"show":[152],"not":[156],"necessary":[157],"for":[158],"attacks,":[160],"demonstrating":[161],"other":[163],"factors,":[164],"as":[166,184],"robustness":[167,185],"norm-bounded":[169],"input":[170],"perturbations":[171],"malicious":[173],"significantly":[178],"increase":[179],"risk.":[182],"Notably,":[183],"intended":[187],"be":[189,205],"defense":[191],"against":[192,213],"attacks":[193],"on":[194],"integrity":[196,216],"model":[198],"predictions,":[199],"results":[201],"suggest":[202],"it":[203],"difficult":[206],"some":[208],"cases":[209],"simultaneously":[211],"defend":[212]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":1}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}