| Adversarial examples for malware detection K Grosse, N Papernot, P Manoharan, M Backes, P McDaniel Computer Security–ESORICS 2017: 22nd European Symposium on Research in …, 2017 | 1154* | 2017 |
| Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models A Salem, Y Zhang, M Humbert, P Berrang, M Fritz, M Backes arXiv preprint arXiv:1806.01246, 2018 | 1005 | 2018 |
| On the (statistical) detection of adversarial examples K Grosse, P Manoharan, N Papernot, M Backes, P McDaniel arXiv preprint arXiv:1702.06280, 2017 | 906 | 2017 |
| Swarm learning for decentralized and confidential clinical machine learning S Warnat-Herresthal, H Schultze, KL Shastry, S Manamohan, ... Nature 594 (7862), 265-270, 2021 | 690 | 2021 |
| Memguard: Defending against black-box membership inference attacks via adversarial examples J Jia, A Salem, M Backes, Y Zhang, NZ Gong Proceedings of the 2019 ACM SIGSAC conference on computer and communications …, 2019 | 433 | 2019 |
| Reliable third-party library detection in android and its security applications M Backes, S Bugiel, E Derr Proceedings of the 2016 ACM SIGSAC conference on computer and communications …, 2016 | 421 | 2016 |
| You get where you're looking for: The impact of information sources on code security Y Acar, M Backes, S Fahl, D Kim, ML Mazurek, C Stransky 2016 IEEE symposium on security and privacy (SP), 289-305, 2016 | 406 | 2016 |
| Badnl: Backdoor attacks against nlp models with semantic-preserving improvements X Chen, A Salem, D Chen, M Backes, S Ma, Q Shen, Z Wu, Y Zhang Proceedings of the 37th Annual Computer Security Applications Conference …, 2021 | 380 | 2021 |
| Stack overflow considered harmful? the impact of copy&paste on android application security F Fischer, K Böttinger, H Xiao, C Stransky, Y Acar, M Backes, S Fahl 2017 IEEE symposium on security and privacy (SP), 121-136, 2017 | 377 | 2017 |
| On demystifying the android application framework:{Re-Visiting} android permission specification analysis M Backes, S Bugiel, E Derr, P McDaniel, D Octeau, S Weisgerber 25th USENIX security symposium (USENIX security 16), 1101-1118, 2016 | 364* | 2016 |
| A composable cryptographic library with nested operations M Backes, B Pfitzmann, M Waidner Proceedings of the 10th ACM conference on Computer and communications …, 2003 | 354 | 2003 |
| Decentralized privacy-preserving proximity tracing C Troncoso, M Payer, JP Hubaux, M Salathé, J Larus, E Bugnion, ... arXiv preprint arXiv:2005.12273, 2020 | 346 | 2020 |
| Appguard–enforcing user requirements on android apps M Backes, S Gerling, C Hammer, M Maffei, P von Styp-Rekowsky Tools and Algorithms for the Construction and Analysis of Systems: 19th …, 2013 | 339* | 2013 |
| " do anything now": Characterizing and evaluating in-the-wild jailbreak prompts on large language models X Shen, Z Chen, M Backes, Y Shen, Y Zhang arXiv preprint arXiv:2308.03825, 2023 | 331 | 2023 |
| Comparing the usability of cryptographic apis Y Acar, M Backes, S Fahl, S Garfinkel, D Kim, ML Mazurek, C Stransky 2017 IEEE Symposium on Security and Privacy (SP), 154-171, 2017 | 323 | 2017 |
| Dynamic backdoor attacks against machine learning models A Salem, R Wen, M Backes, S Ma, Y Zhang 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P), 703-718, 2022 | 321 | 2022 |
| The reactive simulatability (RSIM) framework for asynchronous systems M Backes, B Pfitzmann, M Waidner Information and Computation 205 (12), 1685-1720, 2007 | 319* | 2007 |
| Acoustic {Side-Channel} attacks on printers M Backes, M Dürmuth, S Gerling, M Pinkal, C Sporleder 19th USENIX Security Symposium (USENIX Security 10), 2010 | 305 | 2010 |
| {Updates-Leak}: Data set inference and reconstruction attacks in online learning A Salem, A Bhattacharya, M Backes, M Fritz, Y Zhang 29th USENIX security symposium (USENIX Security 20), 1291-1308, 2020 | 285 | 2020 |
| Automatic discovery and quantification of information leaks M Backes, B Köpf, A Rybalchenko 2009 30th IEEE Symposium on Security and Privacy, 141-153, 2009 | 282 | 2009 |
