When Machine Learning Meets Privacy

The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning are still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This article surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning-aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

[1]  Xiaohui Liang,et al.  Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense , 2016, IEEE Transactions on Dependable and Secure Computing.

[2]  Jinqiao Shi,et al.  A Survey on Collaborative Deep Learning and Privacy-Preserving , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).

[3]  Heiga Zen,et al.  WaveNet: A Generative Model for Raw Audio , 2016, SSW.

[4]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[5]  Blaise Agüera y Arcas,et al.  Federated Learning of Deep Networks using Model Averaging , 2016, ArXiv.

[6]  Sushil Jajodia,et al.  Data Synthesis based on Generative Adversarial Networks , 2018, Proc. VLDB Endow..

[7]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[8]  Wen-Chuan Lee,et al.  Trojaning Attack on Neural Networks , 2018, NDSS.

[9]  Benny Pinkas,et al.  Cryptographic techniques for privacy-preserving data mining , 2002, SKDD.

[10]  Hadi M. Dolatabadi,et al.  AdvFlow: Inconspicuous Black-box Adversarial Attacks using Normalizing Flows , 2020, NeurIPS.

[11]  Jeffrey Nichols,et al.  Home Location Identification of Twitter Users , 2014, TIST.

[12]  H. Brendan McMahan,et al.  Learning Differentially Private Recurrent Language Models , 2017, ICLR.

[13]  Lujo Bauer,et al.  Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition , 2016, CCS.

[14]  Anand D. Sarwate,et al.  Improved Algorithms for Differentially Private Orthogonal Tensor Decomposition , 2018, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[15]  Charles Elkan,et al.  Differential Privacy and Machine Learning: a Survey and Review , 2014, ArXiv.

[16]  Vitaly Shmatikov,et al.  Can we still avoid automatic face detection? , 2016, 2016 IEEE Winter Conference on Applications of Computer Vision (WACV).

[17]  Shiho Moriai,et al.  Privacy-Preserving Deep Learning via Additively Homomorphic Encryption , 2018, IEEE Transactions on Information Forensics and Security.

[18]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Wenke Lee,et al.  Your Online Interests: Pwned! A Pollution Attack Against Targeted Advertising , 2014, CCS.

[20]  David S. Rosenblum,et al.  A Non-Parametric Generative Model for Human Trajectories , 2018, IJCAI.

[21]  Emiliano De Cristofaro,et al.  Differentially Private Mixture of Generative Neural Networks , 2017, 2017 IEEE International Conference on Data Mining (ICDM).

[22]  Vitaly Shmatikov,et al.  Exploiting Unintended Feature Leakage in Collaborative Learning , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[23]  Tao Li,et al.  AnonymousNet: Natural Face De-Identification With Measurable Privacy , 2019, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[24]  Jonathon S. Hare,et al.  Privacy-aware image classification and search , 2012, SIGIR '12.

[25]  Steven C. H. Hoi,et al.  Face Detection using Deep Learning: An Improved Faster RCNN Approach , 2017, Neurocomputing.

[26]  Ruoming Jin,et al.  Scalable Differential Privacy with Certified Robustness in Adversarial Learning , 2020, ICML.

[27]  Fei Liu,et al.  Automatic Detection of Vague Words and Sentences in Privacy Policies , 2018, EMNLP.

[28]  Tribhuvanesh Orekondy,et al.  Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries , 2020, ArXiv.

[29]  Touradj Ebrahimi,et al.  Context-Dependent Privacy-Aware Photo Sharing Based on Machine Learning , 2017, SEC.

[30]  Ling Huang,et al.  Learning in a Large Function Space: Privacy-Preserving Mechanisms for SVM Learning , 2009, J. Priv. Confidentiality.

[31]  Luc Van Gool,et al.  Natural and Effective Obfuscation by Head Inpainting , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[32]  Jinfeng Yi,et al.  ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks without Training Substitute Models , 2017, AISec@CCS.

[33]  Seth Neel,et al.  Oracle Efficient Private Non-Convex Optimization , 2020, ICML.

[34]  Ramesh Raskar,et al.  Split learning for health: Distributed deep learning without sharing raw patient data , 2018, ArXiv.

[35]  Sarvar Patel,et al.  Practical Secure Aggregation for Privacy-Preserving Machine Learning , 2017, IACR Cryptol. ePrint Arch..

[36]  Mario Fritz,et al.  ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models , 2018, NDSS.

[37]  Ruby B. Lee,et al.  Privacy-preserving Machine Learning through Data Obfuscation , 2018, ArXiv.

[38]  Pascal Frossard,et al.  Fundamental limits on adversarial robustness , 2015, ICML 2015.

[39]  Nan Wu,et al.  The Value of Collaboration in Convex Machine Learning with Differential Privacy , 2019, 2020 IEEE Symposium on Security and Privacy (SP).

[40]  Suman Jana,et al.  Certified Robustness to Adversarial Examples with Differential Privacy , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[41]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[42]  Yulong Gu,et al.  We Know Where You Are: Home Location Identification in Location-Based Social Networks , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[43]  Jascha Sohl-Dickstein,et al.  Adversarial Examples that Fool both Computer Vision and Time-Limited Humans , 2018, NeurIPS.

[44]  Cornelia Caragea,et al.  Toward Automated Online Photo Privacy , 2017, ACM Trans. Web.

[45]  David A. Wagner,et al.  Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[46]  Xiaodong Lin,et al.  Privacy preserving regression modelling via distributed computation , 2004, KDD.

[47]  Maria Soledad Pera,et al.  Measuring Personality for Automatic Elicitation of Privacy Preferences , 2017, 2017 IEEE Symposium on Privacy-Aware Computing (PAC).

[48]  Dawn Song,et al.  Towards Practical Differentially Private Convex Optimization , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[49]  Jerry den Hartog,et al.  On-line trust perception: What really matters , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[50]  Jerry den Hartog,et al.  A machine learning solution to assess privacy policy completeness: (short paper) , 2012, WPES '12.

[51]  Vitaly Shmatikov,et al.  How To Break Anonymity of the Netflix Prize Dataset , 2006, ArXiv.

[52]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[53]  Vitaly Shmatikov,et al.  Machine Learning Models that Remember Too Much , 2017, CCS.

[54]  Jinyuan Jia,et al.  AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning , 2018, USENIX Security Symposium.

[55]  Sencun Zhu,et al.  Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection , 2017, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[56]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[57]  David A. Wagner,et al.  Contextualizing Privacy Decisions for Better Prediction (and Protection) , 2018, CHI.

[58]  Alessandra Gorla,et al.  Checking app behavior against app descriptions , 2014, ICSE.

[59]  Richard Nock,et al.  Advances and Open Problems in Federated Learning , 2021, Found. Trends Mach. Learn..

[60]  Siu-Ming Yiu,et al.  Multi-key privacy-preserving deep learning in cloud computing , 2017, Future Gener. Comput. Syst..

[61]  Hesham A. Hefny,et al.  Attacks on Anonymization-Based Privacy-Preserving: A Survey for Data Mining and Data Publishing , 2013 .

[62]  Isay Katsman,et al.  Generative Adversarial Perturbations , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[63]  Seong Joon Oh,et al.  Adversarial Image Perturbation for Privacy Protection A Game Theory Perspective , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[64]  Wanlei Zhou,et al.  Home Location Protection in Mobile Social Networks: A Community Based Method (Short Paper) , 2017, ISPEC.

[65]  Peter Richtárik,et al.  Federated Learning: Strategies for Improving Communication Efficiency , 2016, ArXiv.

[66]  Lei Xu,et al.  Synthesizing Tabular Data using Generative Adversarial Networks , 2018, ArXiv.

[67]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[68]  Giovanni Felici,et al.  Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers , 2013, Int. J. Secur. Networks.

[69]  Hassan Takabi,et al.  Privacy-preserving Machine Learning as a Service , 2018, Proc. Priv. Enhancing Technol..

[70]  Jianping Fan,et al.  iPrivacy: Image Privacy Protection by Identifying Sensitive Objects via Deep Multi-Task Learning , 2017, IEEE Transactions on Information Forensics and Security.

[71]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[72]  Chenglin Miao,et al.  Privacy-aware Synthesizing for Crowdsourced Data , 2019, IJCAI.

[73]  Alex Graves,et al.  DRAW: A Recurrent Neural Network For Image Generation , 2015, ICML.

[74]  Chris Clifton,et al.  Privacy-preserving Naïve Bayes classification , 2008, The VLDB Journal.

[75]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[76]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[77]  Ben Y. Zhao,et al.  Latent Backdoor Attacks on Deep Neural Networks , 2019, CCS.

[78]  Rebecca N. Wright,et al.  Privacy-preserving distributed k-means clustering over arbitrarily partitioned data , 2005, KDD '05.

[79]  Jesse Fox,et al.  The dark side of social networking sites: An exploration of the relational and psychological stressors associated with Facebook use and affordances , 2015, Comput. Hum. Behav..

[80]  Michael Naehrig,et al.  ML Confidential: Machine Learning on Encrypted Data , 2012, ICISC.

[81]  Alfred Kobsa,et al.  Privacy preference modeling and prediction in a simulated campuswide IoT environment , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[82]  Bo Luo,et al.  I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators , 2018, ACSAC.

[83]  Emiliano De Cristofaro,et al.  LOGAN: Membership Inference Attacks Against Generative Models , 2017, Proc. Priv. Enhancing Technol..

[84]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[85]  Amir Houmansadr,et al.  Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[86]  Rafail Ostrovsky,et al.  Secure two-party k-means clustering , 2007, CCS '07.

[87]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[88]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[89]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[90]  Brendan Dolan-Gavitt,et al.  BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain , 2017, ArXiv.

[91]  Anand D. Sarwate,et al.  Distributed Differentially Private Algorithms for Matrix and Tensor Factorization , 2018, IEEE Journal of Selected Topics in Signal Processing.

[92]  Christian Bauckhage,et al.  Age Recognition in the Wild , 2010, 2010 20th International Conference on Pattern Recognition.

[93]  Mariana Raykova,et al.  Secure Linear Regression on Vertically Partitioned Datasets , 2016, IACR Cryptol. ePrint Arch..

[94]  Bhiksha Raj,et al.  Multiparty Differential Privacy via Aggregation of Locally Trained Classifiers , 2010, NIPS.

[95]  Bernt Schiele,et al.  A Domain Based Approach to Social Relation Recognition , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[96]  Vitaly Shmatikov,et al.  Privacy-preserving deep learning , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[97]  Weiming Zhang,et al.  Protecting Privacy in Shared Photos via Adversarial Examples Based Stealth , 2017, Secur. Commun. Networks.

[98]  Vitaly Shmatikov,et al.  Defeating Image Obfuscation with Deep Learning , 2016, ArXiv.

[99]  Charu C. Aggarwal,et al.  On k-Anonymity and the Curse of Dimensionality , 2005, VLDB.

[100]  Somesh Jha,et al.  Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting , 2017, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[101]  Wei Cai,et al.  A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data Driven View , 2018, IEEE Access.

[102]  Fabrizio Sebastiani,et al.  Machine learning in automated text categorization , 2001, CSUR.

[103]  Shouling Ji,et al.  Differentially Private Releasing via Deep Generative Model , 2018, ArXiv.

[104]  Sheridan Jeary,et al.  Re-identification attacks - A systematic literature review , 2016, Int. J. Inf. Manag..

[105]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[106]  Tribhuvanesh Orekondy,et al.  Towards a Visual Privacy Advisor: Understanding and Predicting Privacy Risks in Images , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[107]  Yunghsiang Sam Han,et al.  Privacy-Preserving Multivariate Statistical Analysis: Linear Regression and Classification , 2004, SDM.

[108]  Tianqing Zhu,et al.  Adversaries or allies? Privacy and deep learning in big data era , 2019, Concurr. Comput. Pract. Exp..

[109]  P. Deepa Shenoy,et al.  Detection of fraudulent and malicious websites by analysing user reviews for online shopping websites , 2016, Int. J. Knowl. Web Intell..

[110]  Michael Backes,et al.  Dynamic Backdoor Attacks Against Machine Learning Models , 2020, ArXiv.

[111]  Vitaly Shmatikov,et al.  Privacy-preserving remote diagnostics , 2007, CCS '07.

[112]  Jordi Bonada,et al.  A Neural Parametric Singing Synthesizer , 2017, INTERSPEECH.

[113]  Seong Joon Oh,et al.  Faceless Person Recognition: Privacy Implications in Social Media , 2016, ECCV.

[114]  Tianqing Zhu,et al.  Silence is Golden: Enhancing Privacy of Location-Based Services by Content Broadcasting and Active Caching in Wireless Vehicular Networks , 2016, IEEE Transactions on Vehicular Technology.

[115]  Terrance E. Boult,et al.  Adversarial Diversity and Hard Positive Generation , 2016, 2016 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[116]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[117]  Yang Liu,et al.  Heterogeneous Gaussian Mechanism: Preserving Differential Privacy in Deep Learning with Provable Robustness , 2019, IJCAI.

[118]  Guocong Song,et al.  Collaborative Learning for Deep Neural Networks , 2018, NeurIPS.

[119]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[120]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[121]  Rob Fergus,et al.  Deep Generative Image Models using a Laplacian Pyramid of Adversarial Networks , 2015, NIPS.

[122]  Mario Fritz,et al.  Automatically Detecting Bystanders in Photos to Reduce Privacy Risks , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[123]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[124]  Kyumin Lee,et al.  You are where you tweet: a content-based approach to geo-locating twitter users , 2010, CIKM.

[125]  Giuseppe Ateniese,et al.  Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning , 2017, CCS.

[126]  Ian J. Goodfellow Defense Against the Dark Arts: An overview of adversarial example security research and future research directions , 2018, ArXiv.

[127]  Tribhuvanesh Orekondy,et al.  Connecting Pixels to Privacy and Utility: Automatic Redaction of Private Information in Images , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[128]  Ilya Mironov,et al.  Rényi Differential Privacy , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[129]  Anupam Das,et al.  Personalized Privacy Assistants for the Internet of Things: Providing Users with Notice and Choice , 2018, IEEE Pervasive Computing.

[130]  Antonio Terracciano,et al.  Personality trait development from age 12 to age 18: longitudinal, cross-sectional, and cross-cultural analyses. , 2002, Journal of personality and social psychology.

[131]  Toru Nakamura,et al.  I Read but Don't Agree: Privacy Policy Benchmarking using Machine Learning and the EU GDPR , 2018, WWW.

[132]  Wai-tian Tan,et al.  Learning Sensitive Images Using Generative Models , 2018, 2018 25th IEEE International Conference on Image Processing (ICIP).

[133]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[134]  Paul Francis,et al.  Private-by-Design Advertising Meets the Real World , 2014, CCS.

[135]  Bo Li,et al.  Generative Model: Membership Attack, Generalization and Diversity , 2018, ArXiv.

[136]  Martín Abadi,et al.  Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data , 2016, ICLR.

[137]  Mohamed Ali Kâafar,et al.  A differential privacy framework for matrix factorization recommender systems , 2016, User Modeling and User-Adapted Interaction.

[138]  Keke Gai,et al.  Privacy-Aware Adaptive Data Encryption Strategy of Big Data in Cloud Computing , 2016, 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud).

[139]  Ruairí Nugent,et al.  Assesing Completeness of Solvency and Financial Condition Reports through the use of Machine Learning and Text Classification , 2018 .

[140]  Binghui Wang,et al.  Stealing Hyperparameters in Machine Learning , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[141]  Blaise Agüera y Arcas,et al.  Communication-Efficient Learning of Deep Networks from Decentralized Data , 2016, AISTATS.

[142]  Jure Leskovec,et al.  Friendship and mobility: user movement in location-based social networks , 2011, KDD.

[143]  Jimeng Sun,et al.  Generating Multi-label Discrete Patient Records using Generative Adversarial Networks , 2017, MLHC.

[144]  Somesh Jha,et al.  Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing , 2014, USENIX Security Symposium.

[145]  K. K. Ramakrishnan,et al.  Mining checkins from location-sharing services for client-independent IP geolocation , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[146]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[147]  Mohammad Emtiyaz Khan,et al.  SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[148]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[149]  Patrick D. McDaniel,et al.  Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples , 2016, ArXiv.

[150]  Seong Joon Oh,et al.  Person Recognition in Personal Photo Collections , 2015, 2015 IEEE International Conference on Computer Vision (ICCV).

[151]  Vitaly Feldman,et al.  Privacy-preserving Prediction , 2018, COLT.

[152]  Anand D. Sarwate,et al.  Differentially Private Empirical Risk Minimization , 2009, J. Mach. Learn. Res..

[153]  Dejing Dou,et al.  Adaptive Laplace Mechanism: Differential Privacy Preservation in Deep Learning , 2017, 2017 IEEE International Conference on Data Mining (ICDM).

[154]  Tadanori Teruya,et al.  Privacy-preservation for Stochastic Gradient Descent Application to Secure Logistic Regression , 2013 .

[155]  Qi Tian,et al.  Principal Visual Word Discovery for Automatic License Plate Detection , 2012, IEEE Transactions on Image Processing.

[156]  Stratis Ioannidis,et al.  Privacy-Preserving Ridge Regression on Hundreds of Millions of Records , 2013, 2013 IEEE Symposium on Security and Privacy.

[157]  Samy Bengio,et al.  Show and tell: A neural image caption generator , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[158]  Zhiru Zhang,et al.  Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[159]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[160]  Kai Chen,et al.  Understanding Membership Inferences on Well-Generalized Learning Models , 2018, ArXiv.

[161]  Sepideh Ghanavati,et al.  Toward an Approach to Privacy Notices in IoT , 2017, 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW).

[162]  Benoît Garbinato,et al.  Generative Models for Simulating Mobility Trajectories , 2018, ArXiv.

[163]  Yin Yang,et al.  Functional Mechanism: Regression Analysis under Differential Privacy , 2012, Proc. VLDB Endow..

[164]  Martín Abadi,et al.  On the Protection of Private Information in Machine Learning Systems: Two Recent Approches , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[165]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[166]  Boi Faltings,et al.  Generating Artificial Data for Private Deep Learning , 2018, 1803.03148.

[167]  Alessandra Gorla,et al.  Mining Apps for Abnormal Usage of Sensitive Data , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[168]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[169]  Yang Song,et al.  Beyond Inferring Class Representatives: User-Level Privacy Leakage From Federated Learning , 2018, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[170]  Aleksandra B. Slavkovic,et al.  "Secure" Logistic Regression of Horizontally and Vertically Partitioned Distributed Databases , 2007, Seventh IEEE International Conference on Data Mining Workshops (ICDMW 2007).

[171]  Tong Zhang,et al.  NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks , 2019, ICML.

[172]  Seong Joon Oh,et al.  Towards Reverse-Engineering Black-Box Neural Networks , 2017, ICLR.

[173]  Christian Biemann,et al.  Adversarial Learning of Privacy-Preserving Text Representations for De-Identification of Medical Records , 2019, ACL.

[174]  Yuguang Fang,et al.  Preserving Model Privacy for Machine Learning in Distributed Systems , 2018, IEEE Transactions on Parallel and Distributed Systems.

[175]  Cornelia Caragea,et al.  Analyzing images' privacy for the modern web , 2014, HT.

[176]  Anand D. Sarwate,et al.  Stochastic gradient descent with differentially private updates , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[177]  Panagiotis Papadimitratos,et al.  Ieee Transactions on Dependable and Secure Computing, Special Issue on " Security and Privacy in Mobile Platforms " , 2014 Hiding in the Mobile Crowd: Location Privacy through Collaboration , 2022 .

[178]  Clio Andris,et al.  trajGANs : Using generative adversarial networks for geo-privacy protection of trajectory data ( Vision paper ) , 2018 .