| LOGAN: evaluating privacy leakage of generative models using generative adversarial networks J Hayes, L Melis, G Danezis, E De Cristofaro arXiv preprint arXiv:1705.07663, 506-519, 2017 | 526* | 2017 |
| k-fingerprinting: A robust scalable website fingerprinting technique J Hayes, G Danezis 25th USENIX Security Symposium (USENIX Security 16), 1187-1203, 2016 | 370 | 2016 |
| Generating steganographic images via adversarial training J Hayes, G Danezis Advances in neural information processing systems 30, 2017 | 276 | 2017 |
| The loopix anonymity system AM Piotrowska, J Hayes, T Elahi, S Meiser, G Danezis 26th usenix security symposium (usenix security 17), 1199-1216, 2017 | 186 | 2017 |
| Learning universal adversarial perturbations with generative models J Hayes, G Danezis 2018 IEEE Security and Privacy Workshops (SPW), 43-49, 2018 | 138 | 2018 |
| Extracting training data from diffusion models N Carlini, J Hayes, M Nasr, M Jagielski, V Sehwag, F Tramer, B Balle, ... 32nd USENIX Security Symposium (USENIX Security 23), 5253-5270, 2023 | 107 | 2023 |
| On visible adversarial perturbations & digital watermarking J Hayes Proceedings of the IEEE Conference on Computer Vision and Pattern …, 2018 | 89 | 2018 |
| Website Fingerprinting Defenses at the Application Layer. G Cherubin, J Hayes, M Juárez Proc. Priv. Enhancing Technol. 2017 (2), 186-203, 2017 | 85 | 2017 |
| Contamination attacks and mitigation in multi-party machine learning J Hayes, O Ohrimenko Advances in neural information processing systems 31, 2018 | 84 | 2018 |
| Unlocking high-accuracy differentially private image classification through scale S De, L Berrada, J Hayes, SL Smith, B Balle arXiv preprint arXiv:2204.13650, 2022 | 77 | 2022 |
| Toward robustness and privacy in federated learning: Experimenting with local and central differential privacy M Naseri, J Hayes, E De Cristofaro arXiv preprint arXiv:2009.03561, 2020 | 68 | 2020 |
| Local and central differential privacy for robustness and privacy in federated learning M Naseri, J Hayes, E De Cristofaro arXiv preprint arXiv:2009.03561, 2020 | 58 | 2020 |
| Reconstructing training data with informed adversaries B Balle, G Cherubin, J Hayes 2022 IEEE Symposium on Security and Privacy (SP), 1138-1156, 2022 | 48 | 2022 |
| A framework for robustness certification of smoothed classifiers using f-divergences KD Dvijotham, J Hayes, B Balle, Z Kolter, C Qin, A Gyorgy, K Xiao, ... | 36 | 2020 |
| Guard Sets for Onion Routing J Hayes, G Danezis Proceedings on Privacy Enhancing Technologies 1 (2), Pages 65–80, 2015 | 35* | 2015 |
| Extensions and limitations of randomized smoothing for robustness guarantees J Hayes Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern …, 2020 | 23 | 2020 |
| Evading classifiers in discrete domains with provable optimality guarantees B Kulynych, J Hayes, N Samarin, C Troncoso arXiv preprint arXiv:1810.10939, 2018 | 22 | 2018 |
| AnNotify: A private notification service AM Piotrowska, J Hayes, N Gelernter, G Danezis, A Herzberg Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, 5-15, 2017 | 20 | 2017 |
| TASP: Towards anonymity sets that persist J Hayes, C Troncoso, G Danezis Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society …, 2016 | 8 | 2016 |
| Traffic confirmation attacks despite noise J Hayes arXiv preprint arXiv:1601.04893, 2016 | 7 | 2016 |
George DanezisMysten Labs & University College LondonVerified email at ucl.ac.uk
