diff --git a/Relevant-papers.md b/Relevant-papers.md
index 0de36cf..6b17682 100644
--- a/Relevant-papers.md
+++ b/Relevant-papers.md
@@ -19,11 +19,15 @@ Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin D
 
 Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures (2015): https://rist.tech.cornell.edu/papers/mi-ccs.pdf
 
+Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations (2018): https://dl.acm.org/doi/10.1145/3243734.3243834
+
 On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models (2021): https://arxiv.org/abs/2103.07101
 
 ### Additional privacy attacks:
 Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning (2019): https://arxiv.org/pdf/1904.01067.pdf
 
+ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models (2021): https://arxiv.org/abs/2102.02551
+
 ## Risk assessment of ML models:
 Towards Measuring Membership Privacy (2017): https://arxiv.org/abs/1712.09136