iBet uBet web content aggregator. Adding the entire web to your favor.

iBet uBet web content aggregator. Adding the entire web to your favor.

Link to original content: https://api.crossref.org/works/10.1007/S10462-021-10123-Y

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,31]],"date-time":"2024-08-31T10:09:07Z","timestamp":1725098947310},"reference-count":255,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2022,1,31]],"date-time":"2022-01-31T00:00:00Z","timestamp":1643587200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,31]],"date-time":"2022-01-31T00:00:00Z","timestamp":1643587200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"crossref","award":["LP180101150"],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Artif Intell Rev"],"published-print":{"date-parts":[[2022,8]]},"DOI":"10.1007\/s10462-021-10123-y","type":"journal-article","created":{"date-parts":[[2022,1,31]],"date-time":"2022-01-31T00:04:06Z","timestamp":1643587446000},"page":"4347-4401","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Visual privacy attacks and defenses in deep learning: a survey"],"prefix":"10.1007","volume":"55","author":[{"given":"Guangsheng","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Bo","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0003-3411-7947","authenticated-orcid":false,"given":"Tianqing","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Andi","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Wanlei","family":"Zhou","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,31]]},"reference":[{"key":"10123_CR1","doi-asserted-by":"crossref","unstructured":"Abadi M, Chu A, Goodfellow I, McMahan HB, Mironov I, Talwar K, Zhang L (2016) Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 308\u2013318","DOI":"10.1145\/2976749.2978318"},{"key":"10123_CR2","doi-asserted-by":"publisher","first-page":"5476","DOI":"10.1109\/JIOT.2020.3030072","volume":"8","author":"S Abdulrahman","year":"2021","unstructured":"Abdulrahman S, Tout H, Ould-Slimane H, Mourad A, Talhi C, Guizani M (2021) A survey on federated learning: the journey from centralized to distributed on-site learning and beyond. IEEE Internet Things J 8:5476\u20135497","journal-title":"IEEE Internet Things J"},{"key":"10123_CR3","doi-asserted-by":"crossref","unstructured":"Acar A, Aksu H, Uluagac AS, Conti M (2018) A survey on homomorphic encryption schemes: theory and implementation. ACM Comput Surv 51:79:1\u201379:35","DOI":"10.1145\/3214303"},{"key":"10123_CR4","unstructured":"Aifanti N, Papachristou C, Delopoulos A (2010) The MUG facial expression database. In: 11th international workshop on image analysis for multimedia interactive services WIAMIS 10, pp 1\u20134"},{"key":"10123_CR5","unstructured":"A\u00efvodji U, Gambs S, Ther T (2019) GAMIN: an adversarial approach to black-box model inversion. arXiv:190911835 [cs, stat]"},{"key":"10123_CR6","unstructured":"AmericanDataPortal (2021) https:\/\/www.data.gov"},{"key":"10123_CR7","doi-asserted-by":"publisher","first-page":"101921","DOI":"10.1016\/j.cose.2020.101921","volume":"96","author":"M Amiri-Zarandi","year":"2020","unstructured":"Amiri-Zarandi M, Dara RA, Fraser E (2020) A survey of machine learning-based solutions to protect privacy in the Internet of Things. Comput Sec 96:101921","journal-title":"Comput Sec"},{"key":"10123_CR8","doi-asserted-by":"crossref","unstructured":"Aneja D, Colburn A, Faigin G, Shapiro L, Mones B (2017) Modeling stylized character expressions via deep learning. In: Computer vision\u2014ACCV 2016. Springer International Publishing, pp 136\u2013153","DOI":"10.1007\/978-3-319-54184-6_9"},{"key":"10123_CR9","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1504\/IJSN.2015.071829","volume":"10","author":"G Ateniese","year":"2015","unstructured":"Ateniese G, Mancini LV, Spognardi A, Villani A, Vitali D, Felici G (2015) Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. Int J Secure Netw 10:137","journal-title":"Int J Secure Netw"},{"key":"10123_CR10","unstructured":"Augenstein S, McMahan HB, Ramage D, Ramaswamy S, Kairouz P, Chen M, Mathews R, y\u00a0Arcas BA (2020) Generative models for effective ML on private, decentralized datasets. In: 8th International conference on learning representations, ICLR 2020. OpenReview.net"},{"key":"10123_CR11","first-page":"20120","volume":"33","author":"A Barbalau","year":"2020","unstructured":"Barbalau A, Cosma A, Ionescu RT, Popescu M (2020) Black-box ripper: copying black-box models using generative evolutionary algorithms. Adv Neural Inf Process Syst 33:20120\u201320129","journal-title":"Adv Neural Inf Process Syst"},{"key":"10123_CR12","doi-asserted-by":"crossref","unstructured":"Bian S, Wang T, Hiromoto M, Shi Y, Sato T (2020) ENSEI: efficient secure inference via frequency-domain homomorphic convolution for privacy-preserving visual recognition. In: 2020 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 9400\u20139409","DOI":"10.1109\/CVPR42600.2020.00942"},{"key":"10123_CR13","doi-asserted-by":"crossref","unstructured":"Bottou L (1998) Online algorithms and stochastic approximations. In: Online learning and neural networks. Cambridge University Press","DOI":"10.1017\/CBO9780511569920.003"},{"key":"10123_CR14","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1016\/j.neucom.2019.11.041","volume":"384","author":"A Boulemtafes","year":"2020","unstructured":"Boulemtafes A, Derhab A, Challal Y (2020) A review of privacy-preserving techniques for deep learning. Neurocomputing 384:21\u201345","journal-title":"Neurocomputing"},{"key":"10123_CR15","unstructured":"Caldas S, Duddu SMK, Wu P, Li T, Kone\u010dn\u00fd J, McMahan HB, Smith V, Talwalkar A (2019) LEAF: a benchmark for federated settings. arXiv:181201097 [cs, stat]"},{"key":"10123_CR16","doi-asserted-by":"crossref","unstructured":"Cao Q, Shen L, Xie W, Parkhi OM, Zisserman A (2018) VGGFace2: a dataset for recognising faces across pose and age. In: 13th IEEE international conference on automatic face & gesture recognition, FG 2018, Xi\u2019an, China, May 15\u201319, 2018. IEEE Computer Society, pp 67\u201374","DOI":"10.1109\/FG.2018.00020"},{"key":"10123_CR17","doi-asserted-by":"crossref","unstructured":"Carlini N, Wagner DA (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy, SP 2017, San Jose, CA, USA, May 22\u201326, 2017. IEEE Computer Society, pp 39\u201357","DOI":"10.1109\/SP.2017.49"},{"key":"10123_CR18","first-page":"35","volume":"2017","author":"H Chabanne","year":"2017","unstructured":"Chabanne H, de Wargny A, Milgram J, Morel C, Prouff E (2017) Privacy-preserving classification on deep neural network. IACR Cryptol ePrint Arch 2017:35","journal-title":"IACR Cryptol ePrint Arch"},{"key":"10123_CR19","unstructured":"Chen X, Fang H, Lin TY, Vedantam R, Gupta S, Dollar P, Zitnick CL (2015) Microsoft COCO captions: data collection and evaluation server. arXiv:150400325 [cs]"},{"key":"10123_CR20","doi-asserted-by":"crossref","unstructured":"Chen J, Konrad J, Ishwar P (2018) VGAN-based image representation learning for privacy-preserving facial expression recognition. In: 2018 IEEE\/CVF conference on computer vision and pattern recognition workshops (CVPRW), pp 1570\u20131579","DOI":"10.1109\/CVPRW.2018.00207"},{"key":"10123_CR21","unstructured":"Chen D, Orekondy T, Fritz M (2020a) GS-WGAN: a gradient-sanitized approach for learning differentially private generators. Adv Neural Inf Process Syst 33:12673\u201312684"},{"key":"10123_CR22","doi-asserted-by":"crossref","unstructured":"Chen D, Yu N, Zhang Y, Fritz M (2020b) GAN-leaks: a taxonomy of membership inference attacks against generative models. In: Proceedings of the 2020 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 343\u2013362","DOI":"10.1145\/3372297.3417238"},{"key":"10123_CR23","unstructured":"Chen T, Kornblith S, Norouzi M, Hinton GE (2020c) A simple framework for contrastive learning of visual representations. In: Proceedings of the 37th international conference on machine learning, ICML 2020, 13\u201318 July 2020, Virtual Event, PMLR, vol 119, pp 1597\u20131607"},{"key":"10123_CR24","unstructured":"Chen X, Wu SZ, Hong M (2020d) Understanding gradient clipping in private SGD: a geometric perspective. Adv Neural Inf Process Syst 33:13773\u201313782"},{"key":"10123_CR25","doi-asserted-by":"publisher","first-page":"1668","DOI":"10.1002\/int.22356","volume":"36","author":"Z Chen","year":"2021","unstructured":"Chen Z, Zhu T, Xiong P, Wang C, Ren W (2021) Privacy preservation for image data: a GAN-based method. Int J Intell Syst 36:1668\u20131685","journal-title":"Int J Intell Syst"},{"key":"10123_CR26","doi-asserted-by":"crossref","unstructured":"Chhabra S, Singh R, Vatsa M, Gupta G (2018) Anonymizing k facial attributes via adversarial perturbations. In: Proceedings of the twenty-seventh international joint conference on artificial intelligence, IJCAI 2018, July 13\u201319, 2018. Stockholm, Sweden, pp 656\u2013662. ijcai.org","DOI":"10.24963\/ijcai.2018\/91"},{"key":"10123_CR27","doi-asserted-by":"crossref","unstructured":"Choe J, Park S, Kim K, Park JH, Kim D, Shim H (2017) Face generation for low-shot learning using generative adversarial networks. In: 2017 IEEE international conference on computer vision workshops (ICCVW), pp 1940\u20131948","DOI":"10.1109\/ICCVW.2017.229"},{"key":"10123_CR28","doi-asserted-by":"crossref","unstructured":"Choi Y, Choi M, Kim M, Ha JW, Kim S, Choo J (2018) StarGAN: unified generative adversarial networks for multi-domain image-to-image translation. In: 2018 IEEE\/CVF conference on computer vision and pattern recognition, pp 8789\u20138797","DOI":"10.1109\/CVPR.2018.00916"},{"key":"10123_CR29","unstructured":"Choquette-Choo CA, Tramer F, Carlini N, Papernot N (2021) Label-only membership inference attacks. In: International conference on machine learning"},{"key":"10123_CR30","unstructured":"Coates A, Ng AY, Lee H (2011) An analysis of single-layer networks in unsupervised feature learning. In: Proceedings of the fourteenth international conference on artificial intelligence and statistics, AISTATS 2011, JMLR.org, vol\u00a015, pp 215\u2013223"},{"key":"10123_CR31","first-page":"2493","volume":"12","author":"R Collobert","year":"2011","unstructured":"Collobert R, Weston J, Bottou L, Karlen M, Kavukcuoglu K, Kuksa P (2011) Natural language processing (almost) from scratch. J Mach Learn Res 12:2493\u20132537","journal-title":"J Mach Learn Res"},{"key":"10123_CR32","doi-asserted-by":"crossref","unstructured":"Cordts M, Omran M, Ramos S, Rehfeld T, Enzweiler M, Benenson R, Franke U, Roth S, Schiele B (2016) The cityscapes dataset for semantic urban scene understanding. In: 2016 IEEE conference on computer vision and pattern recognition (CVPR), pp 3213\u20133223","DOI":"10.1109\/CVPR.2016.350"},{"key":"10123_CR33","doi-asserted-by":"crossref","unstructured":"Correia-Silva JR, Berriel RF, Badue C, de Souza AF, Oliveira-Santos T (2018) Copycat CNN: stealing knowledge by persuading confession with random non-labeled data. In: 2018 International joint conference on neural networks (IJCNN), pp 1\u20138","DOI":"10.1109\/IJCNN.2018.8489592"},{"key":"10123_CR34","doi-asserted-by":"publisher","first-page":"107830","DOI":"10.1016\/j.patcog.2021.107830","volume":"113","author":"JR Correia-Silva","year":"2021","unstructured":"Correia-Silva JR, Berriel RF, Badue C, De Souza AF, Oliveira-Santos T (2021) Copycat CNN: are random non-Labeled data enough to steal knowledge from black-box models? Pattern Recogn 113:107830","journal-title":"Pattern Recogn"},{"key":"10123_CR35","doi-asserted-by":"crossref","unstructured":"Dalal N, Triggs B (2005) Histograms of oriented gradients for human detection. In: 2005 IEEE computer society conference on computer vision and pattern recognition (CVPR\u201905), vol 1, IEEE, pp 886\u2013893","DOI":"10.1109\/CVPR.2005.177"},{"key":"10123_CR36","doi-asserted-by":"crossref","unstructured":"Dong H, Yu S, Wu C, Guo Y (2017) Semantic image synthesis via adversarial learning. In: 2017 IEEE international conference on computer vision (ICCV), pp 5707\u20135715","DOI":"10.1109\/ICCV.2017.608"},{"key":"10123_CR37","doi-asserted-by":"crossref","unstructured":"Dwork C, Kenthapadi K, McSherry F, Mironov I, Naor M (2006) Our data, ourselves: privacy via distributed noise generation. In: Advances in cryptology\u2014EUROCRYPT 2006. Springer, pp 486\u2013503","DOI":"10.1007\/11761679_29"},{"key":"10123_CR38","doi-asserted-by":"crossref","unstructured":"Enthoven D, Al-Ars Z (2020) An overview of federated deep learning privacy attacks and defensive strategies. arXiv:200404676 [cs, stat]","DOI":"10.1007\/978-3-030-70604-3_8"},{"key":"10123_CR39","unstructured":"European Parliament (2016) EU directive 2016\/679\u2014general data protection regulation (GDPR). Official J Eur Union 2014"},{"key":"10123_CR40","unstructured":"Everingham M, Van\u00a0Gool L, Williams CKI, Winn J, Zisserman A (2012) The PASCAL visual object classes challenge 2012 (VOC2012) results"},{"key":"10123_CR41","doi-asserted-by":"crossref","unstructured":"Fan L (2018) Image pixelization with differential privacy. In: Data and applications security and privacy XXXII. Springer International Publishing, pp 148\u2013162","DOI":"10.1007\/978-3-319-95729-6_10"},{"key":"10123_CR42","doi-asserted-by":"crossref","unstructured":"Fan L (2019) Practical image obfuscation with provable privacy. In: 2019 IEEE international conference on multimedia and expo (ICME), pp 784\u2013789","DOI":"10.1109\/ICME.2019.00140"},{"key":"10123_CR43","first-page":"85","volume":"2021","author":"W Feng","year":"2020","unstructured":"Feng W (2020) On the (im)practicality of adversarial perturbation for image privacy. Proc Privacy Enhan Technol 2021:85\u2013106","journal-title":"Proc Privacy Enhan Technol"},{"key":"10123_CR44","doi-asserted-by":"crossref","unstructured":"Ferryman J, Ellis A (2010) PETS2010: dataset and challenge. In: 2010 7th IEEE international conference on advanced video and signal based surveillance, pp 143\u2013150","DOI":"10.1109\/AVSS.2010.90"},{"key":"10123_CR45","doi-asserted-by":"crossref","unstructured":"Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 1322\u20131333","DOI":"10.1145\/2810103.2813677"},{"key":"10123_CR46","unstructured":"Fredrikson M, Lantz E, Jha S, Lin S, Page D, Ristenpart T (2014) Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: 23rd USENIX security symposium (USENIX Security 14), pp 17\u201332"},{"key":"10123_CR47","doi-asserted-by":"crossref","unstructured":"Gafni O, Wolf L, Taigman Y (2019) Live face de-identification in video. In: 2019 IEEE\/CVF international conference on computer vision (ICCV), pp 9377\u20139386","DOI":"10.1109\/ICCV.2019.00947"},{"key":"10123_CR48","doi-asserted-by":"crossref","unstructured":"Ganju K, Wang Q, Yang W, Gunter CA, Borisov N (2018) Property inference attacks on fully connected neural networks using permutation invariant representations. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 619\u2013633","DOI":"10.1145\/3243734.3243834"},{"key":"10123_CR49","first-page":"16937","volume":"33","author":"J Geiping","year":"2020","unstructured":"Geiping J, Bauermeister H, Dr\u00f6ge H, Moeller M (2020) Inverting gradients\u2013how easy is it to break privacy in federated learning? Adv Neural Inf Process Syst 33:16937\u201316947","journal-title":"Adv Neural Inf Process Syst"},{"key":"10123_CR50","doi-asserted-by":"crossref","unstructured":"Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: Proceedings of the forty-first annual acm symposium on theory of computing. Association for Computing Machinery, pp 169\u2013178","DOI":"10.1145\/1536414.1536440"},{"key":"10123_CR51","unstructured":"Geyer RC, Klein T, Nabi M (2018) Differentially private federated learning: a client level perspective. arXiv:171207557 [cs, stat]"},{"key":"10123_CR52","unstructured":"Gilad-Bachrach R, Dowlin N, Laine K, Lauter K, Naehrig M, Wernsing J (2016) CryptoNets: applying neural networks to encrypted data with high throughput and accuracy. In: International conference on machine learning, PMLR, pp 201\u2013210"},{"key":"10123_CR53","doi-asserted-by":"crossref","unstructured":"Goldreich O, Micali S, Wigderson A (1987) How to play ANY mental game. In: Proceedings of the nineteenth annual ACM symposium on theory of computing. Association for Computing Machinery, pp 218\u2013229","DOI":"10.1145\/28395.28420"},{"key":"10123_CR54","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MCI.2020.2976185","volume":"15","author":"M Gong","year":"2020","unstructured":"Gong M, Xie Y, Pan K, Feng K, Qin A (2020) A survey on differentially private machine learning [review article]. IEEE Comput Intell Mag 15:49\u201364","journal-title":"IEEE Comput Intell Mag"},{"key":"10123_CR55","unstructured":"Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: 3rd international conference on learning representations, ICLR 2015, San Diego, CA, USA, May 7\u20139, 2015. Conference Track Proceedings"},{"key":"10123_CR56","unstructured":"Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. Adv Neural Inform Process Syst 27"},{"key":"10123_CR57","unstructured":"Griffin G, Holub A, Perona P (2007) Caltech-256 object category dataset"},{"key":"10123_CR58","doi-asserted-by":"crossref","unstructured":"Guo Y, Zhang L, Hu Y, He X, Gao J (2016) MS-Celeb-1M: a dataset and benchmark for large-scale face recognition. In: Computer vision\u2014ECCV 2016\u201414th European conference, Amsterdam, the Netherlands, October 11\u201314, 2016, Proceedings, Part III, vol 9907. Springer, pp 87\u2013102","DOI":"10.1007\/978-3-319-46487-9_6"},{"key":"10123_CR59","doi-asserted-by":"crossref","unstructured":"Gupta A, Vedaldi A, Zisserman A (2016) Synthetic data for text localisation in natural images. In: 2016 IEEE conference on computer vision and pattern recognition, CVPR 2016, Las Vegas, NV, USA, June 27\u201330, 2016. IEEE Computer Society, pp 2315\u20132324","DOI":"10.1109\/CVPR.2016.254"},{"key":"10123_CR60","unstructured":"Guyon I, Gunn S, Ben-Hur A, Dror G (2004) Result analysis of the NIPS 2003 feature selection challenge. Adv Neural Inform Process Syst 17"},{"key":"10123_CR61","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/s42979-020-00254-4","volume":"1","author":"T Ha","year":"2020","unstructured":"Ha T, Dang TK, Le H, Truong TA (2020) Security and privacy issues in deep learning: a brief review. SN Comput Sci 1:253","journal-title":"SN Comput Sci"},{"key":"10123_CR62","doi-asserted-by":"publisher","first-page":"133","DOI":"10.2478\/popets-2019-0008","volume":"2019","author":"J Hayes","year":"2019","unstructured":"Hayes J, Melis L, Danezis G, Cristofaro ED (2019) LOGAN: membership inference attacks against generative models. Proc Privacy Enhancing Technol 2019:133\u2013152","journal-title":"Proc Privacy Enhancing Technol"},{"key":"10123_CR63","unstructured":"He Y, Meng G, Chen K, Hu X, He J (2020a) Towards security threats of deep learning systems: a survey. IEEE Transactions on Software Engineering"},{"key":"10123_CR64","doi-asserted-by":"crossref","unstructured":"He Y, Rahimian S, Schiele B, Fritz M (2020b) Segmentations-leak: membership inference attacks and defenses in semantic image segmentation. In: Computer vision\u2014ECCV 2020. Springer International Publishing, pp 519\u2013535","DOI":"10.1007\/978-3-030-58592-1_31"},{"key":"10123_CR65","doi-asserted-by":"crossref","unstructured":"He X, Zhang Y (2021) Quantifying and mitigating privacy risks of contrastive learning. arXiv:210204140 [cs]","DOI":"10.1145\/3460120.3484571"},{"key":"10123_CR66","doi-asserted-by":"crossref","unstructured":"He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: 2016 IEEE conference on computer vision and pattern recognition, CVPR 2016, Las Vegas, NV, USA, June 27\u201330, 2016. IEEE Computer Society, pp 770\u2013778","DOI":"10.1109\/CVPR.2016.90"},{"key":"10123_CR67","unstructured":"Hinton GE, Srivastava N, Krizhevsky A, Sutskever I, Salakhutdinov RR (2012) Improving neural networks by preventing co-adaptation of feature detectors. arXiv:12070580 [cs]"},{"key":"10123_CR68","doi-asserted-by":"crossref","unstructured":"Hitaj B, Ateniese G, Perez-Cruz F (2017) Deep models under the GAN: information leakage from collaborative deep learning. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 603\u2013618","DOI":"10.1145\/3133956.3134012"},{"key":"10123_CR69","unstructured":"Huang G, Mattar M, Berg T, Learned-Miller E (2008) Labeled faces in the wild: a database for studying face recognition in unconstrained environments"},{"key":"10123_CR70","doi-asserted-by":"crossref","unstructured":"Hu H, Salcic Z, Dobbie G, Zhang X (2021) Membership inference attacks on machine learning: a survey. arXiv:210307853 [cs]","DOI":"10.1109\/ICDM51629.2021.00129"},{"key":"10123_CR71","unstructured":"Ioffe S, Szegedy C (2015) Batch normalization: accelerating deep network training by reducing internal covariate shift. In: International conference on machine learning. PMLR, pp 448\u2013456"},{"key":"10123_CR72","doi-asserted-by":"publisher","first-page":"1625","DOI":"10.1109\/TIT.2019.2962804","volume":"66","author":"I Issa","year":"2020","unstructured":"Issa I, Wagner AB, Kamath S (2020) An operational approach to information leakage. IEEE Trans Inf Theory 66:1625\u20131657","journal-title":"IEEE Trans Inf Theory"},{"key":"10123_CR73","unstructured":"Jagielski M, Carlini N, Berthelot D, Kurakin A, Papernot N (2020) High accuracy and high fidelity extraction of neural networks. In: 29th USENIX security symposium (USENIX Security 20), pp 1345\u20131362"},{"key":"10123_CR74","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MSEC.2020.3039941","volume":"19","author":"MS Jere","year":"2021","unstructured":"Jere MS, Farnan T, Koushanfar F (2021) A taxonomy of attacks on federated learning. IEEE Security Privacy 19:20\u201328","journal-title":"IEEE Security Privacy"},{"key":"10123_CR75","unstructured":"Jetchev N, Bergmann U, Vollgraf R (2017) Texture synthesis with spatial generative adversarial networks. arXiv:161108207 [cs, stat]"},{"key":"10123_CR76","doi-asserted-by":"crossref","unstructured":"Jhuang H, Gall J, Zuffi S, Schmid C, Black MJ (2013) Towards understanding action recognition. In: 2013 IEEE international conference on computer vision, pp 3192\u20133199","DOI":"10.1109\/ICCV.2013.396"},{"key":"10123_CR77","doi-asserted-by":"crossref","unstructured":"Jia J, Salem A, Backes M, Zhang Y, Gong NZ (2019) MemGuard: defending against black-box membership inference attacks via adversarial examples. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 259\u2013274","DOI":"10.1145\/3319535.3363201"},{"key":"10123_CR78","unstructured":"Jordon J, Yoon J, van der Schaar M (2019) PATE-GAN: generating synthetic data with differential privacy guarantees. In: 7th International conference on learning representations, ICLR 2019. OpenReview.net"},{"key":"10123_CR79","doi-asserted-by":"crossref","unstructured":"Juuti M, Szyller S, Marchal S, Asokan N (2019) PRADA: protecting against dnn model stealing attacks. In: 2019 IEEE European symposium on security and privacy (EuroS P), pp 512\u2013527","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"10123_CR80","unstructured":"Juvekar C, Vaikuntanathan V, Chandrakasan A (2018) GAZELLE: a low latency framework for secure neural network inference. In: 27th USENIX security symposium (USENIX security 18), pp 1651\u20131669"},{"key":"10123_CR81","unstructured":"Kaggle (2021a) 10 Monkey species. https:\/\/www.kaggle.com\/slothkong\/10-monkey-species"},{"key":"10123_CR82","unstructured":"Kaggle (2021b) Diabetic retinopathy detection. https:\/\/www.kaggle.com\/c\/diabetic-retinopathy-detection#references"},{"key":"10123_CR83","doi-asserted-by":"crossref","unstructured":"Kairouz P, McMahan HB, Avent B, Bellet A, Bennis M, Bhagoji AN, Bonawitz K, Charles Z, Cormode G, Cummings R, D\u2019Oliveira RGL, Eichner H, Rouayheb SE, Evans D, Gardner J, Garrett Z, Gasc\u00f3n A, Ghazi B, Gibbons PB, Gruteser M, Harchaoui Z, He C, He L, Huo Z, Hutchinson B, Hsu J, Jaggi M, Javidi T, Joshi G, Khodak M, Konecn\u00fd J, Korolova A, Koushanfar F, Koyejo S, Lepoint T, Liu Y, Mittal P, Mohri M, Nock R, \u00d6zg\u00fcr A, Pagh R, Qi H, Ramage D, Raskar R, Raykova M, Song D, Song W, Stich SU, Sun Z, Suresh AT, Tram\u00e8r F, Vepakomma P, Wang J, Xiong L, Xu Z, Yang Q, Yu FX, Yu H, Zhao S (2021) Advances and open problems in federated learning. Foundations and trends\u00ae in machine learning, vol 14, pp 1\u2013210","DOI":"10.1561\/9781680837896"},{"key":"10123_CR84","doi-asserted-by":"crossref","unstructured":"Kalantidis Y, Pueyo LG, Trevisiol M, van Zwol R, Avrithis Y (2011) Scalable triangulation-based logo recognition. In: Proceedings of the 1st International conference on multimedia retrieval, ICMR 2011, Trento, Italy, April 18\u201320, 2011. ACM, p\u00a020","DOI":"10.1145\/1991996.1992016"},{"key":"10123_CR85","doi-asserted-by":"crossref","unstructured":"Kariyappa S, Qureshi MK (2020) Defending against model stealing attacks with adaptive misinformation. In: 2020 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 767\u2013775","DOI":"10.1109\/CVPR42600.2020.00085"},{"key":"10123_CR86","unstructured":"Karras T, Aila T, Laine S, Lehtinen J (2018) Progressive growing of GANs for improved quality, stability, and variation. In: 6th international conference on learning representations, ICLR 2018. OpenReview.net"},{"key":"10123_CR87","doi-asserted-by":"crossref","unstructured":"Karras T, Laine S, Aila T (2019) A style-based generator architecture for generative adversarial networks. In: 2019 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 4396\u20134405","DOI":"10.1109\/CVPR.2019.00453"},{"key":"10123_CR88","unstructured":"Kaya Y, Dumitras T (2021) When does data augmentation help with membership inference attacks? In: International conference on machine learning"},{"key":"10123_CR89","doi-asserted-by":"crossref","unstructured":"Kesarwani M, Mukhoty B, Arya V, Mehta S (2018) Model extraction warning in MLaaS paradigm. In: Proceedings of the 34th annual computer security applications conference. Association for Computing Machinery, pp 371\u2013380","DOI":"10.1145\/3274694.3274740"},{"key":"10123_CR90","unstructured":"Kone\u010dn\u00fd J, McMahan HB, Ramage D, Richt\u00e1rik P (2016) Federated optimization: distributed machine learning for on-device intelligence. arXiv:161002527 [cs]"},{"key":"10123_CR91","unstructured":"Kone\u010dn\u00fd J, McMahan HB, Yu FX, Richt\u00e1rik P, Suresh AT, Bacon D (2017) Federated learning: strategies for improving communication efficiency. arXiv:161005492 [cs]"},{"key":"10123_CR92","unstructured":"Krizhevsky A (2009) Learning multiple layers of features from tiny images"},{"key":"10123_CR93","doi-asserted-by":"crossref","unstructured":"Kuehne H, Jhuang H, Garrote E, Poggio T, Serre T (2011) HMDB: a large video database for human motion recognition. In: 2011 International conference on computer vision, pp 2556\u20132563","DOI":"10.1109\/ICCV.2011.6126543"},{"key":"10123_CR94","doi-asserted-by":"crossref","unstructured":"Kumar N, Berg AC, Belhumeur PN, Nayar SK (2009) Attribute and simile classifiers for face verification. In: IEEE 12th International conference on computer vision, ICCV 2009, Kyoto, Japan, September 27\u2013October 4, 2009. IEEE Computer Society, pp 365\u2013372","DOI":"10.1109\/ICCV.2009.5459250"},{"key":"10123_CR95","unstructured":"Leal-Taix\u00e9 L, Milan A, Reid I, Roth S, Schindler K (2015) MOTChallenge 2015: towards a benchmark for multi-target tracking. arXiv:150401942 [cs]"},{"key":"10123_CR96","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521:436\u2013444","journal-title":"Nature"},{"key":"10123_CR97","unstructured":"LeCun Y, Cortes C (2005) The mnist database of handwritten digits"},{"key":"10123_CR98","doi-asserted-by":"crossref","unstructured":"LeCun Y, Kavukcuoglu K, Farabet C (2010) Convolutional networks and applications in vision. In: Proceedings of 2010 IEEE international symposium on circuits and systems, pp 253\u2013256","DOI":"10.1109\/ISCAS.2010.5537907"},{"key":"10123_CR99","doi-asserted-by":"crossref","unstructured":"Ledig C, Theis L, Husz\u00e1r F, Caballero J, Cunningham A, Acosta A, Aitken A, Tejani A, Totz J, Wang Z, Shi W (2017) Photo-realistic single image super-resolution using a generative adversarial network. In: 2017 IEEE conference on computer vision and pattern recognition (CVPR), pp 105\u2013114","DOI":"10.1109\/CVPR.2017.19"},{"key":"10123_CR100","doi-asserted-by":"publisher","first-page":"684","DOI":"10.1109\/TPAMI.2005.92","volume":"27","author":"KC Lee","year":"2005","unstructured":"Lee KC, Ho J, Kriegman DJ (2005) Acquiring linear subspaces for face recognition under variable lighting. IEEE Trans Pattern Anal Mach Intell 27:684\u2013698","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"10123_CR101","doi-asserted-by":"crossref","unstructured":"Lee T, Edwards B, Molloy I, Su D (2019) Defending against neural network model stealing attacks using deceptive perturbations. In: 2019 IEEE security and privacy workshops (SPW), pp 43\u201349","DOI":"10.1109\/SPW.2019.00020"},{"key":"10123_CR102","unstructured":"Leino K, Fredrikson M (2020) Stolen memories: leveraging model memorization for calibrated white-box membership inference. In: 29th USENIX security symposium (USENIX Security 20), pp 1605\u20131622"},{"key":"10123_CR103","doi-asserted-by":"publisher","first-page":"i121","DOI":"10.1093\/bioinformatics\/btu277","volume":"30","author":"MKK Leung","year":"2014","unstructured":"Leung MKK, Xiong HY, Lee LJ, Frey BJ (2014) Deep learning of the tissue-regulated splicing code. Bioinformatics 30:i121\u2013i129","journal-title":"Bioinformatics"},{"key":"10123_CR104","unstructured":"Li T, Choi MS (2021) DeepBlur: a simple and effective method for natural image obfuscation. arXiv:210402655 [cs]"},{"key":"10123_CR105","unstructured":"Li T, Clifton C (2021) Differentially private imaging via latent space manipulation. arXiv:210305472 [cs]"},{"key":"10123_CR106","doi-asserted-by":"crossref","unstructured":"Li T, Lin L (2019) AnonymousNet: natural face de-identification with measurable privacy. In: 2019 IEEE\/CVF conference on computer vision and pattern recognition workshops (CVPRW), pp 56\u201365","DOI":"10.1109\/CVPRW.2019.00013"},{"key":"10123_CR107","unstructured":"Li Y, Schwing A, Wang KC, Zemel R (2017) Dualing GANs. Adv Neural Inform Process Syst 30"},{"key":"10123_CR108","doi-asserted-by":"crossref","unstructured":"Li F, Sun Z, Li A, Niu B, Li H, Cao G (2019a) HideMe: privacy-preserving photo sharing on social networks. In: IEEE INFOCOM 2019\u2014IEEE conference on computer communications, pp 154\u2013162","DOI":"10.1109\/INFOCOM.2019.8737466"},{"key":"10123_CR109","unstructured":"Li Y, Li L, Wang L, Zhang T, Gong B (2019b) NATTACK: learning the distributions of adversarial examples for an improved black-box attack on deep neural networks. In: Proceedings of the 36th international conference on machine learning, ICML 2019, 9\u201315 June 2019, Long Beach, California, USA, PMLR, vol\u00a097, pp 3866\u20133876"},{"key":"10123_CR110","first-page":"50","volume":"37","author":"T Li","year":"2020","unstructured":"Li T, Sahu AK, Talwalkar A, Smith V (2020) Federated learning: challenges, methods, and future directions. IEEE Signal Process Mag 37:50\u201360","journal-title":"IEEE Signal Process Mag"},{"key":"10123_CR111","doi-asserted-by":"publisher","first-page":"2031","DOI":"10.1109\/COMST.2020.2986024","volume":"22","author":"WYB Lim","year":"2020","unstructured":"Lim WYB, Luong NC, Hoang DT, Jiao Y, Liang YC, Yang Q, Niyato D, Miao C (2020) Federated learning in mobile edge networks: a comprehensive survey. IEEE Commun Surv Tutorials 22:2031\u20132063","journal-title":"IEEE Commun Surv Tutorials"},{"key":"10123_CR112","unstructured":"Lin Y, Han S, Mao H, Wang Y, Dally B (2018) Deep gradient compression: reducing the communication bandwidth for distributed training. In: 6th international conference on learning representations, ICLR 2018, Vancouver, BC, Canada, April 30\u2013May 3, 2018. Conference Track Proceedings, OpenReview.net"},{"key":"10123_CR113","doi-asserted-by":"crossref","unstructured":"Liu Z, Luo P, Wang X, Tang X (2015) Deep learning face attributes in the wild. In: 2015 IEEE international conference on computer vision (ICCV), pp 3730\u20133738","DOI":"10.1109\/ICCV.2015.425"},{"key":"10123_CR114","doi-asserted-by":"crossref","unstructured":"Liu J, Juuti M, Lu Y, Asokan N (2017a) Oblivious neural network predictions via MiniONN transformations. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 619\u2013631","DOI":"10.1145\/3133956.3134056"},{"key":"10123_CR115","unstructured":"Liu Y, Chen X, Liu C, Song D (2017b) Delving into transferable adversarial examples and black-box attacks. In: 5th international conference on learning representations, ICLR 2017, Toulon, France, April 24\u201326, 2017. Conference Track Proceedings, OpenReview.net"},{"key":"10123_CR116","first-page":"e1897438","volume":"2017","author":"Y Liu","year":"2017","unstructured":"Liu Y, Zhang W, Yu N (2017c) Protecting privacy in shared photos via adversarial examples based stealth. Sec Commun Netw 2017:e1897438","journal-title":"Sec Commun Netw"},{"key":"10123_CR117","doi-asserted-by":"crossref","unstructured":"Liu B, Ding M, Zhu T, Xiang Y, Zhou W (2019a) Adversaries or allies? Privacy and deep learning in big data era. Concurr Comput Pract Exper 31","DOI":"10.1002\/cpe.5102"},{"key":"10123_CR118","doi-asserted-by":"crossref","unstructured":"Liu B, Xiong J, Wu Y, Ding M, Wu CM (2019b) Protecting multimedia privacy from both humans and AI. In: 2019 IEEE international symposium on broadband multimedia systems and broadcasting (BMSB), pp 1\u20136","DOI":"10.1109\/BMSB47279.2019.8971914"},{"key":"10123_CR119","doi-asserted-by":"crossref","unstructured":"Liu B, Ding M, Shaham S, Rahayu W, Farokhi F, Lin Z (2021a) When machine learning meets privacy: a survey and outlook. ACM Comput Surv 54:31:1\u201331:36","DOI":"10.1145\/3436755"},{"key":"10123_CR120","unstructured":"Liu B, Ding M, Xue H, Zhu T, Ye D, Song L, Zhou W (2021b) DP-Image: differential privacy for image data in feature space. arXiv:210307073 [cs]"},{"key":"10123_CR121","unstructured":"Liu C, Zhu T, Zhang J, Zhou W (2021c) Privacy intelligence: a survey on image privacy in online social networks. arXiv:200812199 [cs]"},{"key":"10123_CR122","doi-asserted-by":"publisher","first-page":"4566","DOI":"10.1109\/ACCESS.2020.3045078","volume":"9","author":"X Liu","year":"2021","unstructured":"Liu X, Xie L, Wang Y, Zou J, Xiong J, Ying Z, Vasilakos AV (2021d) Privacy and security issues in deep learning: a survey. IEEE Access 9:4566\u20134593","journal-title":"IEEE Access"},{"key":"10123_CR123","doi-asserted-by":"crossref","unstructured":"Livingstone S, Russo F (2018) The Ryerson audio-visual database of emotional speech and song (RAVDESS): a dynamic, multimodal set of facial and vocal expressions in North American English. PLoS ONE","DOI":"10.1371\/journal.pone.0196391"},{"key":"10123_CR124","doi-asserted-by":"crossref","unstructured":"Li Z, Zhang Y (2021) Membership leakage in label-only exposures. In: ACM SIGSAC conference on computer and communications security (CCS 2021)","DOI":"10.1145\/3460120.3484575"},{"key":"10123_CR125","doi-asserted-by":"crossref","unstructured":"Lo SK, Lu Q, Wang C, Paik HY, Zhu L (2021) A systematic literature review on federated machine learning: from a software engineering perspective. ACM Comput Surv 54:95:1\u201395:39","DOI":"10.1145\/3450288"},{"key":"10123_CR126","first-page":"8638","volume":"33","author":"Q Lou","year":"2020","unstructured":"Lou Q, Bian S, Jiang L (2020) AutoPrivacy: automated layer-wise parameter selection for secure neural network inference. Adv Neural Inf Process Syst 33:8638\u20138647","journal-title":"Adv Neural Inf Process Syst"},{"key":"10123_CR127","unstructured":"Lou Q, Jiang L (2021) HEMET: a homomorphic-encryption-friendly privacy-preserving mobile neural network architecture. In: International conference on machine learning"},{"key":"10123_CR128","unstructured":"McMahan B, Moore E, Ramage D, Hampson S, y\u00a0Arcas BA (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics. PMLR, pp 1273\u20131282"},{"key":"10123_CR129","doi-asserted-by":"crossref","unstructured":"Melis L, Song C, De\u00a0Cristofaro E, Shmatikov V (2019) Exploiting unintended feature leakage in collaborative learning. In: 2019 IEEE symposium on security and privacy (SP), pp 691\u2013706","DOI":"10.1109\/SP.2019.00029"},{"key":"10123_CR130","doi-asserted-by":"crossref","unstructured":"Mikolov T, Deoras A, Povey D, Burget L, \u010cernock\u00fd J (2011) Strategies for training large scale neural network language models. In: 2011 IEEE workshop on automatic speech recognition understanding, pp 196\u2013201","DOI":"10.1109\/ASRU.2011.6163930"},{"key":"10123_CR131","doi-asserted-by":"crossref","unstructured":"Milli S, Schmidt L, Dragan AD, Hardt M (2019) Model reconstruction from model explanations. In: Proceedings of the conference on fairness, accountability, and transparency, association for computing machinery, pp 1\u20139","DOI":"10.1145\/3287560.3287562"},{"key":"10123_CR132","unstructured":"Mireshghallah F, Taram M, Vepakomma P, Singh A, Raskar R, Esmaeilzadeh H (2020) Privacy in deep learning: a survey. arXiv:200412254 [cs, stat]"},{"key":"10123_CR133","unstructured":"Mohassel P, Rindal P (2018) ABY3: a mixed protocol framework for machine learning. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 35\u201352"},{"key":"10123_CR134","doi-asserted-by":"crossref","unstructured":"Mohassel P, Zhang Y (2017) SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE symposium on security and privacy (SP), pp 19\u201338","DOI":"10.1109\/SP.2017.12"},{"key":"10123_CR135","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations. In: 2017 IEEE conference on computer vision and pattern recognition, CVPR 2017, Honolulu, HI, USA, July 21\u201326, 2017. IEEE Computer Society, pp 86\u201394","DOI":"10.1109\/CVPR.2017.17"},{"key":"10123_CR136","doi-asserted-by":"crossref","unstructured":"Nasr M, Shokri R, Houmansadr A (2018) Machine learning with membership privacy using adversarial regularization. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 634\u2013646","DOI":"10.1145\/3243734.3243855"},{"key":"10123_CR137","doi-asserted-by":"crossref","unstructured":"Nasr M, Shokri R, Houmansadr A (2019) Comprehensive privacy analysis of deep learning: passive and active white-box inference attacks against centralized and federated learning. In: 2019 IEEE symposium on security and privacy (SP), pp 739\u2013753","DOI":"10.1109\/SP.2019.00065"},{"key":"10123_CR138","unstructured":"Netzer Y, Wang T, Coates A, Bissacco A, Wu B, Ng A (2011) Reading digits in natural images with unsupervised feature learning"},{"key":"10123_CR139","doi-asserted-by":"crossref","unstructured":"Neuhold G, Ollmann T, Bul\u00f2 SR, Kontschieder P (2017) The mapillary vistas dataset for semantic understanding of street scenes. In: 2017 IEEE international conference on computer vision (ICCV), pp 5000\u20135009","DOI":"10.1109\/ICCV.2017.534"},{"key":"10123_CR140","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1016\/j.neucom.2019.12.002","volume":"384","author":"H Nguyen","year":"2020","unstructured":"Nguyen H, Zhuang D, Wu PY, Chang M (2020) AutoGAN-based dimension reduction for privacy preservation. Neurocomputing 384:94\u2013103","journal-title":"Neurocomputing"},{"key":"10123_CR141","doi-asserted-by":"crossref","unstructured":"Ng H, Winkler S (2014) A data-driven approach to cleaning large face datasets. In: 2014 IEEE international conference on image processing, ICIP 2014. IEEE, pp 343\u2013347","DOI":"10.1109\/ICIP.2014.7025068"},{"key":"10123_CR142","doi-asserted-by":"crossref","unstructured":"Nilsback ME, Zisserman A (2006) A visual vocabulary for flower classification. In: 2006 IEEE computer society conference on computer vision and pattern recognition (CVPR\u201906), vol\u00a02, pp 1447\u20131454","DOI":"10.1109\/CVPR.2006.42"},{"key":"10123_CR143","unstructured":"Oh SJ, Augustin M, Fritz M, Schiele B (2018) Towards reverse-engineering black-box neural networks. In: 6th international conference on learning representations, ICLR 2018. OpenReview.net"},{"key":"10123_CR144","doi-asserted-by":"crossref","unstructured":"Oh SJ, Benenson R, Fritz M, Schiele B (2016) Faceless person recognition: privacy implications in social media. In: Computer vision\u2014ECCV 2016. Springer International Publishing, pp 19\u201335","DOI":"10.1007\/978-3-319-46487-9_2"},{"key":"10123_CR145","doi-asserted-by":"crossref","unstructured":"Orekondy T, Schiele B, Fritz M (2017) Towards a visual privacy advisor: understanding and predicting privacy risks in images. In: 2017 IEEE international conference on computer vision (ICCV), pp 3706\u20133715","DOI":"10.1109\/ICCV.2017.398"},{"key":"10123_CR146","doi-asserted-by":"crossref","unstructured":"Orekondy T, Schiele B, Fritz M (2019) Knockoff nets: stealing functionality of black-box models. In: 2019 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 4949\u20134958","DOI":"10.1109\/CVPR.2019.00509"},{"key":"10123_CR147","unstructured":"Orekondy T, Schiele B, Fritz M (2020) Prediction poisoning: towards defenses against DNN model stealing attacks. In: 8th international conference on learning representations, ICLR 2020. OpenReview.net"},{"key":"10123_CR148","first-page":"865","volume":"34","author":"S Pal","year":"2020","unstructured":"Pal S, Gupta Y, Shukla A, Kanade A, Shevade S, Ganapathy V (2020) ActiveThief: model extraction using active learning and unannotated public data. Proc AAAI Conf Artif Intell 34:865\u2013872","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"10123_CR149","unstructured":"Papernot N, Abadi M, Erlingsson \u00da, Goodfellow IJ, Talwar K (2017) Semi-supervised knowledge transfer for deep learning from private training data. In: 5th International conference on learning representations, ICLR 2017. OpenReview.net"},{"key":"10123_CR150","unstructured":"Papernot N, McDaniel P, Goodfellow I (2016) Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv:160507277 [cs]"},{"key":"10123_CR151","unstructured":"Papernot N, Song S, Mironov I, Raghunathan A, Talwar K, Erlingsson \u00da (2018) Scalable private learning with PATE. In: 6th International conference on learning representations, ICLR 2018. OpenReview.net"},{"key":"10123_CR152","doi-asserted-by":"publisher","first-page":"124988","DOI":"10.1109\/ACCESS.2019.2938759","volume":"7","author":"C Park","year":"2019","unstructured":"Park C, Hong D, Seo C (2019) An attack-based evaluation method for differentially private learning against model inversion attack. IEEE Access 7:124988\u2013124999","journal-title":"IEEE Access"},{"key":"10123_CR153","unstructured":"Park Y, Kang M (2020) Membership inference attacks against object detection models. arXiv:200104011 [cs]"},{"key":"10123_CR154","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s13735-020-00196-w","volume":"10","author":"MR Pavan Kumar","year":"2021","unstructured":"Pavan Kumar MR, Jayagopal P (2021) Generative adversarial networks: a survey on applications and challenges. Int J Multim Inform Retriev 10:1\u201324","journal-title":"Int J Multim Inform Retriev"},{"key":"10123_CR155","unstructured":"Pentyala S, Dowsley R, De\u00a0Cock M (2021) Privacy-preserving video classification with convolutional neural networks. In: International conference on machine learning"},{"key":"10123_CR156","doi-asserted-by":"publisher","first-page":"1681","DOI":"10.1007\/s10994-017-5656-2","volume":"106","author":"N Phan","year":"2017","unstructured":"Phan N, Wu X, Dou D (2017a) Preserving differential privacy in convolutional deep belief networks. Mach Learn 106:1681\u20131704","journal-title":"Mach Learn"},{"key":"10123_CR157","doi-asserted-by":"crossref","unstructured":"Phan N, Wu X, Hu H, Dou D (2017b) Adaptive laplace mechanism: differential privacy preservation in deep learning. In: 2017 IEEE international conference on data mining (ICDM), pp 385\u2013394","DOI":"10.1109\/ICDM.2017.48"},{"key":"10123_CR158","doi-asserted-by":"publisher","first-page":"1333","DOI":"10.1109\/TIFS.2017.2787987","volume":"13","author":"LT Phong","year":"2018","unstructured":"Phong LT, Aono Y, Hayashi T, Wang L, Moriai S (2018) Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans Inf Forensics Secur 13:1333\u20131345","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10123_CR159","doi-asserted-by":"crossref","unstructured":"Poursaeed O, Katsman I, Gao B, Belongie SJ (2018) Generative adversarial perturbations. In: 2018 IEEE conference on computer vision and pattern recognition, CVPR 2018, Salt Lake City, UT, USA, June 18\u201322, 2018. IEEE Computer Society, pp 4422\u20134431","DOI":"10.1109\/CVPR.2018.00465"},{"key":"10123_CR160","doi-asserted-by":"crossref","unstructured":"Quattoni A, Torralba A (2009) Recognizing indoor scenes. In: 2009 IEEE conference on computer vision and pattern recognition, pp 413\u2013420","DOI":"10.1109\/CVPRW.2009.5206537"},{"key":"10123_CR161","first-page":"61","volume":"11","author":"MA Rahman","year":"2018","unstructured":"Rahman MA, Rahman T, Lagani\u00e8re R, Mohammed N (2018) Membership inference attack against differentially private deep learning model. Trans Data Priv 11:61\u201379","journal-title":"Trans Data Priv"},{"key":"10123_CR162","doi-asserted-by":"crossref","unstructured":"Ren Z, Lee YJ, Ryoo MS (2018) Learning to anonymize faces for privacy preserving action detection. In: Computer vision\u2014ECCV 2018. Springer International Publishing, pp 639\u2013655","DOI":"10.1007\/978-3-030-01246-5_38"},{"key":"10123_CR163","unstructured":"Rivest RL, Dertouzos ML (1978) On data banks and privacy homomorphisms"},{"key":"10123_CR164","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/s11263-015-0816-y","volume":"115","author":"O Russakovsky","year":"2015","unstructured":"Russakovsky O, Deng J, Su H, Krause J, Satheesh S, Ma S, Huang Z, Karpathy A, Khosla A, Bernstein MS, Berg AC, Li FF (2015) ImageNet large scale visual recognition challenge. Int J Comput Vis 115:211\u2013252","journal-title":"Int J Comput Vis"},{"key":"10123_CR165","unstructured":"Sablayrolles A, Douze M, Schmid C, Ollivier Y, Jegou H (2019) White-box vs black-box: bayes optimal strategies for membership inference. In: International conference on machine learning. PMLR, pp 5558\u20135567"},{"key":"10123_CR166","doi-asserted-by":"publisher","first-page":"3096","DOI":"10.1109\/TIFS.2021.3073804","volume":"16","author":"S Saeidian","year":"2021","unstructured":"Saeidian S, Cervia G, Oechtering TJ, Skoglund M (2021) Quantifying membership privacy via information leakage. IEEE Trans Inf Forensics Secur 16:3096\u20133108","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10123_CR167","unstructured":"Salem A, Bhattacharya A, Backes M, Fritz M, Zhang Y (2020) Updates-leak: data set inference and reconstruction attacks in online learning. In: 29th USENIX security symposium (USENIX Security 20), p 1291"},{"key":"10123_CR168","doi-asserted-by":"crossref","unstructured":"Salem A, Zhang Y, Humbert M, Berrang P, Fritz M, Backes M (2019) ML-leaks: model and data independent membership inference attacks and defenses on machine learning models. In: 26th Annual network and distributed system security symposium, NDSS 2019. The Internet Society","DOI":"10.14722\/ndss.2019.23119"},{"key":"10123_CR169","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1109\/TKDE.2019.2929794","volume":"33","author":"GD Samaraweera","year":"2021","unstructured":"Samaraweera GD, Chang JM (2021) Security and privacy implications on database systems in big data era: a survey. IEEE Trans Knowl Data Eng 33:239\u2013258","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"10123_CR170","doi-asserted-by":"crossref","unstructured":"Samaria F, Harter A (1994) Parameterisation of a stochastic model for human face identification. In: Proceedings of 1994 IEEE workshop on applications of computer vision, pp 138\u2013142","DOI":"10.1109\/ACV.1994.341300"},{"key":"10123_CR171","doi-asserted-by":"crossref","unstructured":"Samarzija B, Ribaric S (2014) An approach to the de-identification of faces in different poses. In: 37th international convention on information and communication technology, electronics and microelectronics, MIPRO 2014. IEEE, pp 1246\u20131251","DOI":"10.1109\/MIPRO.2014.6859758"},{"key":"10123_CR172","unstructured":"Sanyal A, Kusner M, Gascon A, Kanade V (2018) TAPAS: tricks to accelerate (encrypted) prediction as a service. In: International conference on machine learning. PMLR, pp 4490\u20134499"},{"key":"10123_CR173","doi-asserted-by":"crossref","unstructured":"Sattar H, Krombholz K, Pons-Moll G, Fritz M (2020) Body shape privacy in images: understanding privacy and preventing automatic shape extraction. In: Computer vision\u2014ECCV 2020 workshops. Springer International Publishing, pp 411\u2013428","DOI":"10.1007\/978-3-030-68238-5_31"},{"key":"10123_CR174","doi-asserted-by":"crossref","unstructured":"Serban A, Poll E, Visser J (2020) Adversarial examples on object recognition: a comprehensive survey. ACM Comput Surv 53:66:1-66:38","DOI":"10.1145\/3398394"},{"key":"10123_CR175","unstructured":"Shan S, Wenger E, Zhang J, Li H, Zheng H, Zhao BY (2020) Fawkes: protecting privacy against unauthorized deep learning models. In: 29th USENIX security symposium (USENIX Security 20), pp 1589\u20131604"},{"key":"10123_CR176","first-page":"9549","volume":"35","author":"V Shejwalkar","year":"2021","unstructured":"Shejwalkar V, Houmansadr A (2021) Membership privacy for machine learning models through knowledge transfer. Proc AAAI Conf Artif Intell 35:9549\u20139557","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"10123_CR177","doi-asserted-by":"crossref","unstructured":"Shen Z, Fan S, Wong Y, Ng TT, Kankanhalli M (2019) Human-imperceptible privacy protection against machines. In: Proceedings of the 27th ACM international conference on multimedia. Association for Computing Machinery, pp 1119\u20131128","DOI":"10.1145\/3343031.3350963"},{"key":"10123_CR178","unstructured":"Shetty RR, Fritz M, Schiele B (2018) Adversarial scene editing: automatic object removal from weak supervision. Adv Neural Inform Process Syst 31"},{"key":"10123_CR179","doi-asserted-by":"crossref","unstructured":"Shokri R, Shmatikov V (2015) Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 1310\u20131321","DOI":"10.1145\/2810103.2813687"},{"key":"10123_CR180","doi-asserted-by":"crossref","unstructured":"Shokri R, Stronati M, Song C, Shmatikov V (2017) Membership inference attacks against machine learning models. In: 2017 IEEE symposium on security and privacy (SP), pp 3\u201318","DOI":"10.1109\/SP.2017.41"},{"key":"10123_CR181","doi-asserted-by":"crossref","unstructured":"Song C, Raghunathan A (2020) Information leakage in embedding models. In: Proceedings of the 2020 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 377\u2013390","DOI":"10.1145\/3372297.3417270"},{"key":"10123_CR182","doi-asserted-by":"crossref","unstructured":"Song C, Ristenpart T, Shmatikov V (2017) Machine learning models that remember too much. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 587\u2013601","DOI":"10.1145\/3133956.3134077"},{"key":"10123_CR183","doi-asserted-by":"crossref","unstructured":"Song L, Shokri R, Mittal P (2019a) Membership inference attacks against adversarially robust deep learning models. In: 2019 IEEE security and privacy workshops (SPW), pp 50\u201356","DOI":"10.1109\/SPW.2019.00021"},{"key":"10123_CR184","doi-asserted-by":"crossref","unstructured":"Song L, Shokri R, Mittal P (2019b) Privacy risks of securing machine learning models against adversarial examples. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 241\u2013257","DOI":"10.1145\/3319535.3354211"},{"key":"10123_CR185","unstructured":"Soomro K, Zamir AR, Shah M (2012) UCF101: a dataset of 101 human actions classes from videos in the wild. arXiv:12120402 [cs]"},{"key":"10123_CR186","doi-asserted-by":"crossref","unstructured":"Spyromitros-Xioufis E, Papadopoulos S, Popescu A, Kompatsiaris Y (2016) Personalized privacy-aware image classification. In: Proceedings of the 2016 ACM on international conference on multimedia retrieval. Association for Computing Machinery, pp 71\u201378","DOI":"10.1145\/2911996.2912018"},{"key":"10123_CR187","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1016\/j.neunet.2012.02.016","volume":"32","author":"J Stallkamp","year":"2012","unstructured":"Stallkamp J, Schlipsing M, Salmen J, Igel C (2012) Man vs. computer: benchmarking machine learning algorithms for traffic sign recognition. Neural Netw 32:323\u2013332","journal-title":"Neural Netw"},{"key":"10123_CR188","doi-asserted-by":"crossref","unstructured":"Sun J, Li A, Wang B, Yang H, Li H, Chen Y (2021) Soteria: provable defense against privacy leakage in federated learning from representation perspective. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition, pp 9311\u20139319","DOI":"10.1109\/CVPR46437.2021.00919"},{"key":"10123_CR189","doi-asserted-by":"crossref","unstructured":"Sun Q, Ma L, Joon\u00a0Oh S, Gool LV, Schiele B, Fritz M (2018a) Natural and effective obfuscation by head inpainting. In: 2018 IEEE\/CVF conference on computer vision and pattern recognition, pp 5050\u20135059","DOI":"10.1109\/CVPR.2018.00530"},{"key":"10123_CR190","doi-asserted-by":"crossref","unstructured":"Sun Q, Tewari A, Xu W, Fritz M, Theobalt C, Schiele B (2018b) A hybrid model for identity obfuscation by face replacement. In: Computer vision\u2014ECCV 2018. Springer International Publishing, pp 570\u2013586","DOI":"10.1007\/978-3-030-01246-5_34"},{"key":"10123_CR191","unstructured":"Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow IJ, Fergus R (2014) Intriguing properties of neural networks. In: 2nd international conference on learning representations, ICLR 2014"},{"key":"10123_CR192","doi-asserted-by":"crossref","unstructured":"Tajik K, Gunasekaran A, Dutta R, Ellis B, Bobba RB, Rosulek M, Wright CV, Feng Wc (2019) Balancing image privacy and usability with thumbnail-preserving encryption. In: 26th Annual network and distributed system security symposium, NDSS 2019. The Internet Society","DOI":"10.14722\/ndss.2019.23432"},{"key":"10123_CR193","first-page":"29","volume-title":"A survey on deep learning techniques for privacy-preserving. Machine learning for cyber security","author":"HC Tanuwidjaja","year":"2019","unstructured":"Tanuwidjaja HC, Choi R, Kim K (2019) A survey on deep learning techniques for privacy-preserving. Machine learning for cyber security. Springer, Cham, pp 29\u201346"},{"key":"10123_CR194","doi-asserted-by":"publisher","first-page":"167425","DOI":"10.1109\/ACCESS.2020.3023084","volume":"8","author":"HC Tanuwidjaja","year":"2020","unstructured":"Tanuwidjaja HC, Choi R, Baek S, Kim K (2020) Privacy-preserving deep learning on machine learning as a service-a comprehensive survey. IEEE Access 8:167425\u2013167447","journal-title":"IEEE Access"},{"key":"10123_CR195","doi-asserted-by":"crossref","unstructured":"Tonge A (2018) Identifying private content for online image sharing. In: Thirty-second AAAI conference on artificial intelligence","DOI":"10.1609\/aaai.v32i1.11357"},{"key":"10123_CR196","doi-asserted-by":"crossref","unstructured":"Tonge AK, Caragea C (2016) Image privacy prediction using deep features. In: Thirtieth AAAI conference on artificial intelligence","DOI":"10.1609\/aaai.v30i1.9942"},{"key":"10123_CR197","doi-asserted-by":"crossref","unstructured":"Tonge A, Caragea C (2019) Dynamic deep multi-modal fusion for image privacy prediction. In: The world wide web conference. Association for Computing Machinery, pp 1829\u20131840","DOI":"10.1145\/3308558.3313691"},{"key":"10123_CR198","doi-asserted-by":"crossref","unstructured":"Tonge A, Caragea C (2020) Image privacy prediction using deep neural networks. ACM Tran Web 14:7:1\u20137:32","DOI":"10.1145\/3386082"},{"key":"10123_CR199","doi-asserted-by":"crossref","unstructured":"Tonge A, Caragea C, Squicciarini AC (2018) Uncovering scene context for predicting privacy of online shared images. In: Proceedings of the thirty-second AAAI conference on artificial intelligence. AAAI Press, pp 8167\u20138168","DOI":"10.1609\/aaai.v32i1.12180"},{"key":"10123_CR200","doi-asserted-by":"crossref","unstructured":"Torkzadehmahani R, Kairouz P, Paten B (2019) DP-CGAN: differentially private synthetic data and label generation. In: 2019 IEEE\/CVF conference on computer vision and pattern recognition workshops (CVPRW), pp 98\u2013104","DOI":"10.1109\/CVPRW.2019.00018"},{"key":"10123_CR201","unstructured":"Tram\u00e8r F, Zhang F, Juels A, Reiter MK, Ristenpart T (2016) Stealing machine learning models via prediction APIs. In: 25th USENIX security symposium (USENIX Security 16), pp 601\u2013618"},{"key":"10123_CR202","doi-asserted-by":"crossref","unstructured":"Tran L, Kong D, Jin H, Liu J (2016) Privacy-cnh: a framework to detect photo privacy with convolutional neural network using hierarchical features. In: Proceedings of the thirtieth AAAI conference on artificial intelligence. AAAI Press, pp 1317\u20131323","DOI":"10.1609\/aaai.v30i1.10169"},{"key":"10123_CR203","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MIS.2020.2993966","volume":"35","author":"A Triastcyn","year":"2020","unstructured":"Triastcyn A, Faltings B (2020) Federated generative privacy. IEEE Intell Syst 35:50\u201357","journal-title":"IEEE Intell Syst"},{"key":"10123_CR204","unstructured":"Truex S, Liu L, Gursoy ME, Yu L, Wei W (2019) Demystifying membership inference attacks in machine learning as a service. IEEE Transactions on Services Computing"},{"key":"10123_CR205","doi-asserted-by":"crossref","unstructured":"Uittenbogaard R, Sebastian C, Vijverberg J, Boom B, Gavrila DM, de With PH (2019) Privacy protection in street-view panoramas using depth and multi-view imagery. In: 2019 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 10573\u201310582","DOI":"10.1109\/CVPR.2019.01083"},{"key":"10123_CR206","doi-asserted-by":"crossref","unstructured":"von Marcard T, Henschel R, Black MJ, Rosenhahn B, Pons-Moll G (2018) Recovering accurate 3D human pose in the wild using IMUs and a moving camera. In: Computer vision\u2014ECCV 2018\u201415th European conference, Munich, Germany, September 8\u201314, 2018, Proceedings, Part X, vol 11214. Springer, pp 614\u2013631","DOI":"10.1007\/978-3-030-01249-6_37"},{"key":"10123_CR207","unstructured":"Wah C, Branson S, Welinder P, Perona P, Belongie SJ (2011) The caltech-ucsd birds-200-2011 dataset"},{"key":"10123_CR208","doi-asserted-by":"crossref","unstructured":"Wang B, Gong NZ (2018) Stealing hyperparameters in machine learning. In: 2018 IEEE symposium on security and privacy (SP), pp 36\u201352","DOI":"10.1109\/SP.2018.00038"},{"key":"10123_CR209","doi-asserted-by":"crossref","unstructured":"Wang X, Peng Y, Lu L, Lu Z, Bagheri M, Summers RM (2017) ChestX-ray8: hospital-scale chest x-ray database and benchmarks on weakly-supervised classification and localization of common thorax diseases. In: 2017 IEEE conference on computer vision and pattern recognition (CVPR), pp 3462\u20133471","DOI":"10.1109\/CVPR.2017.369"},{"key":"10123_CR210","first-page":"1190","volume":"33","author":"J Wang","year":"2019","unstructured":"Wang J, Bao W, Sun L, Zhu X, Cao B, Yu PS (2019) Private model compression via knowledge distillation. Proc AAAI Conf Artif Intell 33:1190\u20131197","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"10123_CR211","doi-asserted-by":"crossref","unstructured":"Wang HP, Orekondy T, Fritz M (2021a) InfoScrub: towards attribute privacy by targeted obfuscation. arXiv:200510329 [cs]","DOI":"10.1109\/CVPRW53098.2021.00366"},{"key":"10123_CR212","first-page":"11666","volume":"35","author":"T Wang","year":"2021","unstructured":"Wang T, Zhang Y, Jia R (2021b) Improving robustness to model inversion attacks via mutual information regularization. Proc AAAI Conf Artif Intell 35:11666\u201311673","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"10123_CR213","doi-asserted-by":"crossref","unstructured":"Wang Y, Wang C, Wang Z, Zhou S, Liu H, Bi J, Ding C, Rajasekaran S (2021c) Against membership inference attack: pruning is all you need. In: International joint conference on artificial intelligence, IJCAI","DOI":"10.24963\/ijcai.2021\/432"},{"key":"10123_CR214","doi-asserted-by":"crossref","unstructured":"Wang Z, She Q, Ward TE (2021) Generative adversarial networks in computer vision: a survey and taxonomy. ACM Comput Surv 54:37:1\u201337:38","DOI":"10.1145\/3439723"},{"key":"10123_CR215","doi-asserted-by":"crossref","unstructured":"Wei W, Liu L, Loper M, Chow KH, Gursoy ME, Truex S, Wu Y (2020) A framework for evaluating client privacy leakages in federated learning. In: Computer security\u2014ESORICS 2020. Springer International Publishing, pp 545\u2013566","DOI":"10.1007\/978-3-030-58951-6_27"},{"key":"10123_CR216","unstructured":"Weinzaepfel P, Martin X, Schmid C (2017) Human action localization with sparse spatial supervision. arXiv:160505197 [cs]"},{"key":"10123_CR217","doi-asserted-by":"crossref","unstructured":"Wen Y, Song L, Liu B, Ding M, Xie R (2021) IdentityDP: differential private identification protection for face images. arXiv:210301745 [cs]","DOI":"10.1016\/j.neucom.2022.06.039"},{"key":"10123_CR218","doi-asserted-by":"crossref","unstructured":"Wu Z, Wang Z, Wang Z, Jin H (2018) Towards privacy-preserving visual recognition via adversarial training: a pilot study. In: Computer vision\u2014ECCV 2018. Springer International Publishing, pp 627\u2013645","DOI":"10.1007\/978-3-030-01270-0_37"},{"key":"10123_CR219","unstructured":"Wu Z, Wang H, Wang Z, Jin H, Wang Z (2020) Privacy-preserving deep action recognition: an adversarial learning framework and a new dataset. IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"10123_CR220","unstructured":"Xiao H, Rasul K, Vollgraf R (2017) Fashion-MNIST: a novel image dataset for benchmarking machine learning algorithms. arXiv:170807747 [cs, stat]"},{"key":"10123_CR221","doi-asserted-by":"crossref","unstructured":"Xiao Y, Wang C, Gao X (2020) Evade deep image retrieval by stashing private images in the hash space. In: 2020 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 9648\u20139657","DOI":"10.1109\/CVPR42600.2020.00967"},{"key":"10123_CR222","unstructured":"Xie L, Lin K, Wang S, Wang F, Zhou J (2018) Differentially private generative adversarial network. arXiv:180206739 [cs, stat]"},{"key":"10123_CR223","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s11633-019-1211-x","volume":"17","author":"H Xu","year":"2020","unstructured":"Xu H, Ma Y, Liu HC, Deb D, Liu H, Tang JL, Jain AK (2020) Adversarial attacks and defenses in images, graphs and text: a review. Int J Autom Comput 17:151\u2013178","journal-title":"Int J Autom Comput"},{"key":"10123_CR224","doi-asserted-by":"crossref","unstructured":"Xue H, Liu B, Din M, Song L, Zhu T (2020) Hiding private information in images from AI. In: ICC 2020\u20142020 IEEE international conference on communications (ICC). IEEE, pp 1\u20136","DOI":"10.1109\/ICC40277.2020.9148656"},{"key":"10123_CR225","doi-asserted-by":"crossref","unstructured":"Yang Q, Liu Y, Chen T, Tong Y (2019) Federated machine learning: concept and applications. ACM Trans Intell Syst Technol 10:12:1\u201312:19","DOI":"10.1145\/3298981"},{"key":"10123_CR226","unstructured":"Yang Z, Shao B, Xuan B, Chang EC, Zhang F (2020) Defending model inversion and membership inference attacks via prediction purification. arXiv:200503915 [cs]"},{"key":"10123_CR227","doi-asserted-by":"crossref","unstructured":"Yang Z, Zhang J, Chang EC, Liang Z (2019b) Neural network inversion in adversarial setting via background knowledge alignment. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, pp 225\u2013240","DOI":"10.1145\/3319535.3354261"},{"key":"10123_CR228","doi-asserted-by":"crossref","unstructured":"Yao ACC (1986) How to generate and exchange secrets. In: 27th Annual symposium on foundations of computer science (Sfcs 1986), pp 162\u2013167","DOI":"10.1109\/SFCS.1986.25"},{"key":"10123_CR229","doi-asserted-by":"crossref","unstructured":"Yeom S, Giacomelli I, Fredrikson M, Jha S (2018) Privacy risk in machine learning: analyzing the connection to overfitting. In: 2018 IEEE 31st computer security foundations symposium (CSF), pp 268\u2013282","DOI":"10.1109\/CSF.2018.00027"},{"key":"10123_CR230","unstructured":"Yi D, Lei Z, Liao S, Li SZ (2014) Learning face representation from scratch. arXiv:14117923 [cs]"},{"key":"10123_CR231","doi-asserted-by":"publisher","first-page":"1721","DOI":"10.1007\/s10462-019-09717-4","volume":"53","author":"C Yinka-Banjo","year":"2020","unstructured":"Yinka-Banjo C, Ugot OA (2020) A review of generative adversarial networks and its application in cybersecurity. Artif Intell Rev 53:1721\u20131736","journal-title":"Artif Intell Rev"},{"key":"10123_CR232","doi-asserted-by":"publisher","first-page":"1005","DOI":"10.1109\/TIFS.2016.2636090","volume":"12","author":"J Yu","year":"2017","unstructured":"Yu J, Zhang B, Kuang Z, Lin D, Fan J (2017) iPrivacy: image privacy protection by identifying sensitive objects via deep multi-task learning. IEEE Trans Inf Forensics Secur 12:1005\u20131016","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10123_CR233","doi-asserted-by":"publisher","first-page":"1317","DOI":"10.1109\/TIFS.2017.2787986","volume":"13","author":"J Yu","year":"2018","unstructured":"Yu J, Kuang Z, Zhang B, Zhang W, Lin D, Fan J (2018) Leveraging content sensitiveness and user trustworthiness to recommend fine-grained privacy settings for social image sharing. IEEE Trans Inf Forensics Secur 13:1317\u20131332","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10123_CR234","doi-asserted-by":"crossref","unstructured":"Yu D, Zhang H, Chen W, Yin J, Liu TY (2021a) How does data augmentation affect privacy in machine learning? Proc AAAI Conf Artif Intell 35:10746\u201310753","DOI":"10.1609\/aaai.v35i12.17284"},{"key":"10123_CR235","doi-asserted-by":"crossref","unstructured":"Yu J, Xue H, Liu B, Wang Y, Zhu S, Ding M (2021b) GAN-based differential private image privacy protection framework for the internet of multimedia things. Sensors 21:58","DOI":"10.3390\/s21010058"},{"key":"10123_CR236","doi-asserted-by":"publisher","first-page":"2805","DOI":"10.1109\/TNNLS.2018.2886017","volume":"30","author":"X Yuan","year":"2019","unstructured":"Yuan X, He P, Zhu Q, Li X (2019) Adversarial examples: attacks and defenses for deep learning. IEEE Trans Neural Netw Learn Syst 30:2805\u20132824","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"10123_CR237","doi-asserted-by":"crossref","unstructured":"Yu F, Chen H, Wang X, Xian W, Chen Y, Liu F, Madhavan V, Darrell T (2020) BDD100K: a diverse driving dataset for heterogeneous multitask learning. In: 2020 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 2633\u20132642","DOI":"10.1109\/CVPR42600.2020.00271"},{"key":"10123_CR238","doi-asserted-by":"crossref","unstructured":"Yu L, Liu L, Pu C, Gursoy ME, Truex S (2019) Differentially private model publishing for deep learning. In: 2019 IEEE symposium on security and privacy (SP), pp 332\u2013349","DOI":"10.1109\/SP.2019.00019"},{"key":"10123_CR239","doi-asserted-by":"crossref","unstructured":"Yun K, Honorio J, Chattopadhyay D, Berg TL, Samaras D (2012) Two-person interaction detection using body-pose features and multiple instance learning. In: 2012 IEEE computer society conference on computer vision and pattern recognition workshops, pp 28\u201335","DOI":"10.1109\/CVPRW.2012.6239234"},{"key":"10123_CR240","doi-asserted-by":"crossref","unstructured":"Zerr S, Siersdorfer S, Hare J, Demidova E (2012) Privacy-aware image classification and search. In: Proceedings of the 35th international ACM SIGIR conference on research and development in information retrieval. Association for Computing Machinery, pp 35\u201344","DOI":"10.1145\/2348283.2348292"},{"key":"10123_CR241","first-page":"2578","volume":"31","author":"J Zhang","year":"2020","unstructured":"Zhang J, Li C (2020) Adversarial examples: opportunities and challenges. IEEE Trans Neural Netw Learn Syst 31:2578\u20132593","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"10123_CR242","doi-asserted-by":"crossref","unstructured":"Zhang N, Paluri M, Taigman Y, Fergus R, Bourdev L (2015) Beyond frontal faces: improving person recognition using multiple cues. In: 2015 IEEE conference on computer vision and pattern recognition (CVPR), pp 4804\u20134813","DOI":"10.1109\/CVPR.2015.7299113"},{"key":"10123_CR243","doi-asserted-by":"crossref","unstructured":"Zhang Z, Song Y, Qi H (2017) Age progression\/regression by conditional adversarial autoencoder. In: IEEE conference on computer vision and pattern recognition (CVPR), IEEE","DOI":"10.1109\/CVPR.2017.463"},{"key":"10123_CR244","doi-asserted-by":"crossref","unstructured":"Zhang C, Xie Y, Bai H, Yu B, Li W, Gao Y (2021a) A survey on federated learning. Knowl Based Syst 216:106775","DOI":"10.1016\/j.knosys.2021.106775"},{"key":"10123_CR245","unstructured":"Zhang X, Chen C, Xie Y, Chen X, Zhang J, Xiang Y (2021b) Privacy inference attacks and defenses in cloud-based deep neural network: a survey. arXiv:210506300 [cs]"},{"key":"10123_CR246","unstructured":"Zhang C, Li S, Xia J, Wang W, Yan F, Liu Y (2020a) BatchCrypt: efficient homomorphic encryption for cross-silo federated learning. In: 2020 USENIX annual technical conference (USENIX ATC 20), pp 493\u2013506"},{"key":"10123_CR247","doi-asserted-by":"crossref","unstructured":"Zhang Y, Jia R, Pei H, Wang W, Li B, Song D (2020b) The secret revealer: generative model-inversion attacks against deep neural networks. In: 2020 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), pp 250\u2013258","DOI":"10.1109\/CVPR42600.2020.00033"},{"key":"10123_CR248","unstructured":"Zhao B, Mopuri KR, Bilen H (2020a) iDLG: improved deep leakage from gradients. arXiv:200102610 [cs, stat]"},{"key":"10123_CR249","doi-asserted-by":"crossref","unstructured":"Zhao L, Wang Q, Zou Q, Zhang Y, Chen Y (2020b) Privacy-preserving collaborative deep learning with unreliable participants. IEEE Trans Inf Forensics Secur 15:1486\u20131500","DOI":"10.1109\/TIFS.2019.2939713"},{"key":"10123_CR250","doi-asserted-by":"crossref","unstructured":"Zheng L, Shen L, Tian L, Wang S, Wang J, Tian Q (2015) Scalable person re-identification: a benchmark. In: 2015 IEEE international conference on computer vision (ICCV), pp 1116\u20131124","DOI":"10.1109\/ICCV.2015.133"},{"key":"10123_CR251","doi-asserted-by":"crossref","unstructured":"Zhong H, Squicciarini AC, Miller DJ, Caragea C (2017) A group-based personalized model for image privacy classification and labeling. In: Proceedings of the twenty-sixth international joint conference on artificial intelligence, IJCAI 2017, pp 3952\u20133958. ijcai.org","DOI":"10.24963\/ijcai.2017\/552"},{"key":"10123_CR252","unstructured":"Zhu L, Liu Z, Han S (2019) Deep leakage from gradients. Adv Neural Inform Process Syst 32"},{"key":"10123_CR253","doi-asserted-by":"crossref","unstructured":"Zhu T, Ye D, Wang W, Zhou W, Yu P (2020a) More than privacy: applying differential privacy in key areas of artificial intelligence. IEEE Transactions on Knowledge and Data Engineering","DOI":"10.1109\/TKDE.2020.3014246"},{"key":"10123_CR254","doi-asserted-by":"crossref","unstructured":"Zhu Y, Yu X, Chandraker M, Wang YX (2020b) Private-kNN: practical differential privacy for computer vision. In: 2020 IEEE\/CVF conference on computer vision and pattern recognition (CVPR), IEEE, pp 11851\u201311859","DOI":"10.1109\/CVPR42600.2020.01187"},{"key":"10123_CR255","unstructured":"Zou Y, Zhang Z, Backes M, Zhang Y (2020) Privacy analysis of deep learning in the wild: membership inference attacks against transfer learning. arXiv:200904872 [cs, stat]"}],"container-title":["Artificial Intelligence Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-021-10123-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10462-021-10123-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-021-10123-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,6]],"date-time":"2024-08-06T08:35:42Z","timestamp":1722933342000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10462-021-10123-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,31]]},"references-count":255,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["10123"],"URL":"http:\/\/dx.doi.org\/10.1007\/s10462-021-10123-y","relation":{},"ISSN":["0269-2821","1573-7462"],"issn-type":[{"type":"print","value":"0269-2821"},{"type":"electronic","value":"1573-7462"}],"subject":[],"published":{"date-parts":[[2022,1,31]]},"assertion":[{"value":"31 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}