| LOGAN: evaluating privacy leakage of generative models using generative adversarial networks J Hayes, L Melis, G Danezis, E De Cristofaro arXiv preprint arXiv:1705.07663, 506-519, 2017 | 437* | 2017 |
| k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. J Hayes, G Danezis USENIX security symposium, 1187-1203, 2016 | 315 | 2016 |
| Generating steganographic images via adversarial training J Hayes, G Danezis Advances in neural information processing systems 30, 2017 | 221 | 2017 |
| The loopix anonymity system AM Piotrowska, J Hayes, T Elahi, S Meiser, G Danezis 26th {USENIX} Security Symposium ({USENIX} Security 17), 1199-1216, 2017 | 167 | 2017 |
| Learning universal adversarial perturbations with generative models J Hayes, G Danezis 2018 IEEE Security and Privacy Workshops (SPW), 43-49, 2018 | 110 | 2018 |
| Website Fingerprinting Defenses at the Application Layer. G Cherubin, J Hayes, M Juarez Proc. Priv. Enhancing Technol. 2017 (2), 186-203, 2017 | 74 | 2017 |
| Contamination attacks and mitigation in multi-party machine learning J Hayes, O Ohrimenko Advances in neural information processing systems 31, 2018 | 72 | 2018 |
| On visible adversarial perturbations & digital watermarking J Hayes Proceedings of the IEEE Conference on Computer Vision and Pattern …, 2018 | 68 | 2018 |
| Toward robustness and privacy in federated learning: Experimenting with local and central differential privacy M Naseri, J Hayes, E De Cristofaro arXiv preprint arXiv:2009.03561, 2020 | 54 | 2020 |
| Guard Sets for Onion Routing J Hayes, G Danezis Proceedings on Privacy Enhancing Technologies 1 (2), Pages 65–80, 2015 | 34* | 2015 |
| A framework for robustness certification of smoothed classifiers using f-divergences KD Dvijotham, J Hayes, B Balle, Z Kolter, C Qin, A Gyorgy, K Xiao, ... | 32 | 2020 |
| Local and central differential privacy for robustness and privacy in federated learning M Naseri, J Hayes, E De Cristofaro arXiv preprint arXiv:2009.03561, 2020 | 30 | 2020 |
| Unlocking high-accuracy differentially private image classification through scale S De, L Berrada, J Hayes, SL Smith, B Balle arXiv preprint arXiv:2204.13650, 2022 | 26 | 2022 |
| Evading classifiers in discrete domains with provable optimality guarantees B Kulynych, J Hayes, N Samarin, C Troncoso arXiv preprint arXiv:1810.10939, 2018 | 20 | 2018 |
| AnNotify: A private notification service AM Piotrowska, J Hayes, N Gelernter, G Danezis, A Herzberg Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, 5-15, 2017 | 19 | 2017 |
| Extensions and limitations of randomized smoothing for robustness guarantees J Hayes Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern …, 2020 | 17 | 2020 |
| Reconstructing training data with informed adversaries B Balle, G Cherubin, J Hayes 2022 IEEE Symposium on Security and Privacy (SP), 1138-1156, 2022 | 16 | 2022 |
| TASP: Towards anonymity sets that persist J Hayes, C Troncoso, G Danezis Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society …, 2016 | 6 | 2016 |
| Traffic confirmation attacks despite noise J Hayes arXiv preprint arXiv:1601.04893, 2016 | 6 | 2016 |
| Provable trade-offs between private & robust machine learning J Hayes arXiv preprint arXiv:2006.04622, 2020 | 5 | 2020 |
George DanezisUniversity College LondonVerified email at ucl.ac.uk
