From d13cadd9427c862f688dbc9be3db6e02c7a9225a Mon Sep 17 00:00:00 2001
From: abigailgold <57357634+abigailgold@users.noreply.github.com>
Date: Sun, 20 Jun 2021 12:34:20 +0300
Subject: [PATCH] Updated Relevant papers (markdown)

---
 Relevant-papers.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Relevant-papers.md b/Relevant-papers.md
index 0de36cf..6b17682 100644
--- a/Relevant-papers.md
+++ b/Relevant-papers.md
@@ -19,11 +19,15 @@ Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin D
 
 Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures (2015): https://rist.tech.cornell.edu/papers/mi-ccs.pdf
 
+Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations (2018): https://dl.acm.org/doi/10.1145/3243734.3243834
+
 On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models (2021): https://arxiv.org/abs/2103.07101
 
 ### Additional privacy attacks:
 Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning (2019): https://arxiv.org/pdf/1904.01067.pdf
 
+ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models (2021): https://arxiv.org/abs/2102.02551
+
 ## Risk assessment of ML models:
 Towards Measuring Membership Privacy (2017): https://arxiv.org/abs/1712.09136