From 7d2decf6f5471bd407b4d58867112675646532b8 Mon Sep 17 00:00:00 2001
From: Zhanke Zhou <45969108+AndrewZhou924@users.noreply.github.com>
Date: Sun, 27 Nov 2022 12:04:52 +0800
Subject: [PATCH] Update README.md

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index e52da66..d234c99 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,10 @@ CCS 2015 - Model Inversion Attacks that Exploit Confidence Information and Basic
 CSF 2016 - A Methodology for Formalizing Model-Inversion Attacks.
 [[paper]](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7536387&casa_token=ClIVAMYo6dcAAAAA:u75HHyFHj5lBRec9h5SqOZyAsL2dICcWIuQPCj6ltk8McREFCaM4ex42mv3S-oNPiGJLDfUqg0qL)
 
+CCS 2017 - Machine Learning Models that Remember Too Much.
+[[paper]](https://arxiv.org/pdf/1709.07886.pdf)
+[[code]](https://github.com/csong27/ml-model-remember)
+
 PST 2017 - Model inversion attacks for prediction systems: Without knowledge of non-sensitive attributes.
 [[paper]](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8476925)
 
@@ -66,6 +70,9 @@ CVPR 2020 - The Secret Revealer: Generative Model-Inversion Attacks Against Deep
 [[code]](https://github.com/AI-secure/GMI-Attack)
 [[video]](https://www.youtube.com/watch?v=_g-oXYMhz4M)
 
+ICLR 2020 - OVERLEARNING REVEALS SENSITIVE ATTRIBUTES.
+[[paper]](https://arxiv.org/pdf/1905.11742.pdf)
+
 APSIPA ASC 2020 - Deep Face Recognizer Privacy Attack: Model Inversion Initialization by a Deep Generative Adversarial Data Space Discriminator.
 [[paper]](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9306253&casa_token=AWugOvIe0I0AAAAA:9wICCkMcfoljMqooM-lgl8m-6F6-cEl-ClHgNkE1SV8mZwqvBIaJ1HDjT1RWLyBz_P7tdB51jQVL&tag=1)