This paper introduces an attack, PRIVX, demonstrating that even differentially private (DP) Graph Neural Network (GNN) explanations leak enough structural information to allow an adversary to accurate…

This paper investigates the vulnerability of Graph Neural Networks (GNNs) protected by Local Differential Privacy (LDP) to adversarial attacks, analyzing the interplay between privacy guarantees and a…

This paper proposes a Bayesian framework to enhance membership inference attacks against released statistics by incorporating prior knowledge about the population's attribute dependency structure, out…

The paper proposes FERMI, a method that significantly improves membership inference attacks against tabular diffusion models by leveraging auxiliary relational information available during training, e…

This paper provides a comprehensive, practitioner-oriented framework and survey to guide the selection and evaluation of differentially private methods for releasing sensitive graph data.

The paper introduces Zero-Run privacy auditing, a post-hoc framework that allows for practical differential privacy evaluation of large, deployed models without requiring retraining or controlled data…

The paper introduces GraphIP-Bench, a unified benchmark that demonstrates that stealing Graph Neural Networks (GNNs) is relatively easy, and existing defenses often fail to maintain their integrity af…

The paper proposes a universal graph backdoor defense framework that addresses feature-based graph backdoor attacks, which are more challenging than traditional subgraph-based attacks, by leveraging l…

This paper empirically evaluates the effectiveness of Differential Privacy (DP) against Membership Inference Attacks (MIAs) in Federated Learning, demonstrating that a stacking attack strategy can det…

This paper provides a comprehensive, system-level comparison of MPC and FHE for Privacy-Preserving Machine Learning (PPML) across various models and environments, moving beyond single-metric latency a…

This paper presents a novel data-free Membership Inference Attack (MIA) that uses gradient inversion on Standard Cell Library Layouts (SCLLs) to reconstruct sensitive hardware images from intercepted…

The paper introduces Balanced Iteration Subsampling (BIS), a structured sampling scheme that is proven to achieve stronger privacy amplification than the standard Poisson subsampling used in DP-SGD by…

The paper introduces local private information retrieval (local PIR), redefining user privacy in graph-replicated systems to focus on hiding the message index from servers, and demonstrates that local…

This paper corrects the theoretical analysis of DP-SGD by identifying that common implementations, which use batch averaging, result in weaker privacy guarantees than previously reported.

The paper introduces Metric-Normalized Posterior Leakage (mPL), an attacker-aligned measure that provides a practical, certifiable privacy guarantee for machine learning systems consumed under joint o…

SharedRequest introduces a model-agnostic framework that enhances LLM privacy and efficiency by batching and mixing prompts with noisy variants, achieving high utility and significant cost reduction.

This paper analyzes the reliability of efficient membership inference attack (MIA) evaluation methods, demonstrating that standard aggregation techniques introduce biases that compromise accurate vuln…

The paper introduces SMA-DP-SGD, a Spectral Memory-Aware Differential Privacy method that enhances standard DP-SGD by incorporating a memory branch derived from past noisy updates, improving model uti…

The paper proposes a new evaluation framework showing that, under realistic conditions, Membership Inference Attacks (MIAs) are weak privacy threats, suggesting that relying on them as a primary priva…

The paper proposes a Public/Private Hybrid Head-VFL (PPHH-VFL) architecture that significantly accelerates secure time-series inference by splitting the model head into efficient public and secure pri…