| Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models A Salem, Y Zhang, M Humbert, P Berrang, M Fritz, M Backes arXiv preprint arXiv:1806.01246, 2018 | 1337 | 2018 |
| Adversarial examples for malware detection K Grosse, N Papernot, P Manoharan, M Backes, P McDaniel European symposium on research in computer security, 62-79, 2017 | 1282* | 2017 |
| On the (statistical) detection of adversarial examples K Grosse, P Manoharan, N Papernot, M Backes, P McDaniel arXiv preprint arXiv:1702.06280, 2017 | 1006 | 2017 |
| " do anything now": Characterizing and evaluating in-the-wild jailbreak prompts on large language models X Shen, Z Chen, M Backes, Y Shen, Y Zhang Proceedings of the 2024 on ACM SIGSAC Conference on Computer and …, 2024 | 983 | 2024 |
| Swarm learning for decentralized and confidential clinical machine learning S Warnat-Herresthal, H Schultze, KL Shastry, S Manamohan, ... Nature 594 (7862), 265-270, 2021 | 957 | 2021 |
| Trustllm: Trustworthiness in large language models Y Huang, L Sun, H Wang, S Wu, Q Zhang, Y Li, C Gao, Y Huang, W Lyu, ... arXiv preprint arXiv:2401.05561, 2024 | 643* | 2024 |
| Memguard: Defending against black-box membership inference attacks via adversarial examples J Jia, A Salem, M Backes, Y Zhang, NZ Gong Proceedings of the 2019 ACM SIGSAC conference on computer and communications …, 2019 | 552 | 2019 |
| Badnl: Backdoor attacks against nlp models with semantic-preserving improvements X Chen, A Salem, D Chen, M Backes, S Ma, Q Shen, Z Wu, Y Zhang Proceedings of the 37th Annual Computer Security Applications Conference …, 2021 | 519 | 2021 |
| Reliable third-party library detection in android and its security applications M Backes, S Bugiel, E Derr Proceedings of the 2016 ACM SIGSAC conference on computer and communications …, 2016 | 470 | 2016 |
| You get where you're looking for: The impact of information sources on code security Y Acar, M Backes, S Fahl, D Kim, ML Mazurek, C Stransky 2016 IEEE symposium on security and privacy (SP), 289-305, 2016 | 452 | 2016 |
| Stack overflow considered harmful? the impact of copy&paste on android application security F Fischer, K Böttinger, H Xiao, C Stransky, Y Acar, M Backes, S Fahl 2017 IEEE symposium on security and privacy (SP), 121-136, 2017 | 426 | 2017 |
| Dynamic backdoor attacks against machine learning models A Salem, R Wen, M Backes, S Ma, Y Zhang 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P), 703-718, 2022 | 418 | 2022 |
| Decentralized privacy-preserving proximity tracing C Troncoso, M Payer, JP Hubaux, M Salathé, J Larus, E Bugnion, ... arXiv preprint arXiv:2005.12273, 2020 | 406 | 2020 |
| On demystifying the android application framework:{Re-Visiting} android permission specification analysis M Backes, S Bugiel, E Derr, P McDaniel, D Octeau, S Weisgerber 25th USENIX security symposium (USENIX security 16), 1101-1118, 2016 | 402* | 2016 |
| When machine unlearning jeopardizes privacy M Chen, Z Zhang, T Wang, M Backes, M Humbert, Y Zhang Proceedings of the 2021 ACM SIGSAC conference on computer and communications …, 2021 | 376 | 2021 |
| {Updates-Leak}: Data set inference and reconstruction attacks in online learning A Salem, A Bhattacharya, M Backes, M Fritz, Y Zhang 29th USENIX security symposium (USENIX Security 20), 1291-1308, 2020 | 365 | 2020 |
| A composable cryptographic library with nested operations M Backes, B Pfitzmann, M Waidner Proceedings of the 10th ACM conference on Computer and communications …, 2003 | 362 | 2003 |
| Comparing the usability of cryptographic apis Y Acar, M Backes, S Fahl, S Garfinkel, D Kim, ML Mazurek, C Stransky 2017 IEEE Symposium on Security and Privacy (SP), 154-171, 2017 | 358 | 2017 |
| Appguard–enforcing user requirements on android apps M Backes, S Gerling, C Hammer, M Maffei, P von Styp-Rekowsky International Conference on TOOLS and Algorithms for the Construction and …, 2013 | 344* | 2013 |
| Acoustic {Side-Channel} attacks on printers M Backes, M Dürmuth, S Gerling, M Pinkal, C Sporleder 19th USENIX Security Symposium (USENIX Security 10), 2010 | 333 | 2010 |
