[1] |
DENG J , DONG W , SOCHER R ,et al. ImageNet:a large-scale hierarchical image database[C]// Proceedings of 2009 IEEE Conference on Computer Vision and Pattern Recognition. 2009: 248-255.
|
[2] |
BROWN T , MANN B , RYDER N ,et al. Language models are few-shot learners[C]// Advances in Neural Information Processing Systems (NeurIPS). 2020: 1877-1901.
|
[3] |
CECIL R R , SOARES J . IBM Watson studio:a platform to transform data to intelligence[M]. Pharmaceutical Supply Chains-Medicines Shortages. Springer International Publishing, 2019: 183-192.
|
[4] |
HITAJ D , MANCINI L V . Have you stolen my model? evasion attacks against deep neural network watermarking techniques[J]. 2018:arXiv:1809.00615.
|
[5] |
TRAMèR F , ZHANG F , JUELS A ,et al. Stealing machine learning models via prediction APIs[C]// Proceedings of the 25th USENIX Conference on Security Symposium. 2016: 601-618.
|
[6] |
HUA G , HUANG J W , SHI Y Q ,et al. Twenty years of digital audio watermarking—a comprehensive review[J]. Signal Processing, 2016,128: 222-242.
|
[7] |
ASIKUZZAMAN M , PICKERING M R . An overview of digital video watermarking[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2018,28(9): 2131-2153.
|
[8] |
UCHIDA Y , NAGAI Y , SAKAZAWA S ,et al. Embedding watermarks into deep neural networks[C]// Proceedings of ICMR '17:Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. 2017: 269-277.
|
[9] |
LIN N , CHEN X M , LU H ,et al. Chaotic weights:a novel approach to protect intellectual property of deep neural networks[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2021,40(7): 1327-1339.
|
[10] |
LI Y , WANG H X , BARNI M . A survey of deep neural network watermarking techniques[J]. Neurocomputing, 2021,461: 171-193.
|
[11] |
ANDRIUSHCHENKO M , CROCE F , FLAMMARION N ,et al. Square attack:a query-efficient black-box adversarial attack via random search[M]. Computer Vision-ECCV 2020. Cham: Springer International Publishing, 2020: 484-501.
|
[12] |
SERBAN A , POLL E , VISSER J . Adversarial examples on object recognition[J]. ACM Computing Surveys, 2020,53(3): 1-38.
|
[13] |
MOOSAVI-DEZFOOLI S M , FAWZI A , FAWZI O ,et al. Universal adversarial perturbations[C]// Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2017: 86-94.
|
[14] |
ZHANG J , CHEN D D , LIAO J ,et al. Model watermarking for image processing networks[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2020,34(7): 12805-12812.
|
[15] |
ZHANG J , CHEN D , LIAO J ,et al. Deep model intellectual property protection via deep watermarking[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2021.
|
[16] |
WU H Z , LIU G , YAO Y W ,et al. Watermarking neural networks with watermarked images[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2021,31(7): 2591-2601.
|
[17] |
CHEN H L , ROUHANI B D , FU C ,et al. DeepMarks:a secure fingerprinting framework for digital rights management of deep learning models[C]// Proceedings of ICMR '19:Proceedings of the 2019 on International Conference on Multimedia Retrieval. 2019: 105-113.
|
[18] |
ROUHANI B D , CHEN H L , KOUSHANFAR F . DeepSigns:an end-to-end watermarking framework for ownership protection of deep neural networks[C]// Proceedings of ASPLOS '19:Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems. 2019: 485-497.
|
[19] |
KURIBAYASHI M , FUNABIKI N . Efficient decentralized tracing protocol for fingerprinting system with index table[C]// Proceedings of 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC). 2019: 1595-1601.
|
[20] |
FENG L , ZHANG X . Watermarking neural network with compensation mechanism[C]// Knowledge Science,Engineering and Management. 2020: 363-375.
|
[21] |
TARTAGLIONE E , GRANGETTO M , CAVAGNINO D ,et al. Delving in the loss landscape to embed robust watermarks into neural networks[C]// Proceedings of 2020 25th International Conference on Pattern Recognition (ICPR). 2021: 1243-1250.
|
[22] |
FAN L , NG K , CHAN C S . Rethinking deep neural network ownership verification:Embedding passports to defeat ambiguity attacks[C]// Advances in Neural Information Processing Systems (NeurIPS 2019). 2019: 4716-4725.
|
[23] |
SEBASTIAN S , ATLI B G , MARCHAL S ,et al. DAWN:dynamic adversarial watermarking of neural networks[C]// Proceedings of the 29th ACM International Conference on Multimedia. 2021.
|
[24] |
VENUGOPAL A , USZKOREIT J , TALBOT D ,et al. Watermarking the outputs of structured prediction with an application in statistical machine translation[R].
|
[25] |
LOU X X , GUO S W , ZHANG T W ,et al. When NAS meets watermarking:ownership verification of DNN models via cache side channels[J]. 2021:arXiv:2102.03523.
|
[26] |
HE H , KANG S , SAKAMOTO Y . A weight-wise watermarking technique for DNN models and its robustness against overwriting attack[C]// Proceedings of International Workshop on Advanced Imaging Technology (IWAIT) 2021. 2021: 442-446.
|
[27] |
LYU P Z , LI P , ZHANG S Z ,et al. HufuNet:embedding the left piece as watermark and keeping the right piece for ownership verification in deep neural networks[J]. 2021:arXiv:2103.13628.
|
[28] |
LI M , ZHONG Q , ZHANG L Y ,et al. Protecting the intellectual property of deep neural networks with watermarking:the frequency domain approach[C]// Proceedings of 2020 IEEE 19th International Conference on Trust,Security and Privacy in Computing and Communications (TrustCom). 2021: 402-409.
|
[29] |
LI Z , HU C Y , ZHANG Y ,et al. How to prove your model belongs to you:a blind-watermark based framework to protect intellectual property of DNN[C]// Proceedings of ACSAC '19:Proceedings of the 35th Annual Computer Security Applications Conference. 2019.
|
[30] |
LI M , ZHONG Q , ZHANG L Y ,et al. Protecting the intellectual property of deep neural networks with watermarking:the frequency domain approach[C]// Proceedings of 2020 IEEE 19th International Conference on Trust,Security and Privacy in Computing and Communications (TrustCom). 2021: 402-409.
|
[31] |
GUO J , POTKONJAK M . Evolutionary trigger set generation for DNN black-box watermarking[R].
|
[32] |
YOSSI A , BAUM C , CISSE M ,et al. Turning your weakness into a strength:Watermarking deep neural networks by backdooring[C]// 27th USENIX Security Symposium (USENIX Security 18). 2018: 1615-1631.
|
[33] |
ZHONG Q , ZHANG L Y , ZHANG J ,et al. Protecting IP of deep neural networks with watermarking:a new label helps[C]// Advances in Knowledge Discovery and Data Mining. 2020: 462-474.
|
[34] |
GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[J]. CoRR, 2014.
|
[35] |
SERBAN A , POLL E , VISSER J . Adversarial examples on object recognition[J]. ACM Computing Surveys, 2020,53(3): 1-38.
|
[36] |
MERRER L E , PéREZ P , TRéDAN G , . Adversarial frontier stitching for remote neural network watermarking[J]. Neural Computing and Applications, 2020,32(13): 9233-9244.
|
[37] |
LUKAS N , ZHANG Y , KERSCHBAUM F . Deep neural network fingerprinting by conferrable adversarial examples[C]// International Conference on Learning Representations (ICLR). 2021.
|
[38] |
ZHAO J J , HU Q Y , LIU G Y ,et al. AFA:adversarial fingerprinting authentication for deep neural networks[J]. Computer Communications, 2020,150: 488-497.
|
[39] |
CHEN H , ROUHANI B D , KOUSHANFAR F . Blackmarks:blackbox multibit watermarking for deep neural networks[J]. CoRR. 2019.
|
[40] |
ZHU R J , ZHANG X P , SHI M T ,et al. Secure neural network watermarking protocol against forging attack[J]. EURASIP Journal on Image and Video Processing, 2020(2020): 37.
|
[41] |
APRILPYONE M , KIYA H . Piracy-resistant DNN watermarking by block-wise image transformation with secret key[R]. 2021.
|
[42] |
Deepstego:protecting intellectual property of deep neural networks by steganography[J]. CoRR. 2019.
|
[43] |
ALDAGHRI N , MAHDAVIFAR H , BEIRAMI A . Coded machine unlearning[J]. IEEE Access, 2021,9: 88137-88150.
|
[44] |
BOURTOULE L , CHANDRASEKARAN V , CHOQUETTECHOO C A ,et al. Machine unlearning[C]// Proceedings of 2021 IEEE Symposium on Security and Privacy. 2021: 141-159.
|
[45] |
MOLNAR C , CASALICCHIO G , BISCHL B . Interpretable machine learning-a brief history,state-of-the-art and challenges[C]// ECML PKDD 2020 Workshops. 2020.
|
[46] |
MOLNAR C , K?NIG G , HERBINGER J ,et al. General pitfalls of model-agnostic interpretation methods for machine learning models[J]. 2020:arXiv:2007.04131.
|
[47] |
SAMEK W , MONTAVON G , LAPUSCHKIN S ,et al. Toward interpretable machine learning:transparent deep neural networks and beyond[R]. 2020.
|
[48] |
SU J W , VARGAS D V , SAKURAI K . One pixel attack for fooling deep neural networks[J]. IEEE Transactions on Evolutionary Computation, 2019,23(5): 828-841.
|
[49] |
GENG C X , HUANG S J , CHEN S C . Recent advances in open set recognition:a survey[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2021,43(10): 3614-3631.
|
[50] |
WANG T H , KERSCHBAUM F . Attacks on digital watermarks for deep neural networks[C]// Proceedings of ICASSP 2019 - 2019 IEEE International Conference on Acoustics,Speech and Signal Processing. 2019: 2622-2626.
|
[51] |
WANG T H , KERSCHBAUM F . Robust and undetectable white-box watermarks for deep neural networks[R]. 2019.
|
[52] |
SHAFIEINEJAD M , WANG J Q , LUKAS N ,et al. On the robustness of the backdoor-based watermarking in deep neural networks[R]. 2019.
|
[53] |
WANG T H , KERSCHBAUM F . RIGA:covert and robust white-box watermarking of deep neural networks[C]// Proceedings of the Web Conference 2021. 2021.
|
[54] |
CHEN X Y , WANG W X , BENDER C ,et al. REFIT:a unified watermark removal framework for deep learning systems with limited data[C]// Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. 2021: 321-335.
|
[55] |
LIU K , DOLAN-GAVITT B , GARG S . Fine-pruning:defending against backdooring attacks on deep neural networks[C]// Research in Attacks,Intrusions,and Defenses. 2018.
|
[56] |
HAN S , POOL J , TRAN J ,et al. Learning both weights and connections for efficient neural networks[R]. 2015.
|
[57] |
RYOTA N , SAKUMA J . Robust watermarking of neural network with exponential weighting[C]// Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. 2019: 228-240.
|
[58] |
YANG Z Q , DANG H , CHANG E C . Effectiveness of distillation attack and countermeasure on neural network watermarking[R]. 2019.
|
[59] |
CHEN X Y , WANG W X , DING Y M ,et al. Leveraging unlabeled data for watermark removal of deep neural networks[C]// Proc of the 36th Int Conf on Machine Learning. 2019.
|
[60] |
LIU X K , LI F T , WEN B H ,et al. Removing backdoor-based watermarks in neural networks with limited data[C]// Proceedings of 2020 25th International Conference on Pattern Recognition (ICPR). 2021: 10149-10156.
|
[61] |
AIKEN W , KIM H , WOO S ,et al. Neural network laundering:removing black-box backdoor watermarks from deep neural networks[J]. Computers & Security, 2021,106:102277.
|
[62] |
GUO J , POTKONJAK M . Watermarking deep neural networks for embedded systems[C]// Proceedings of the International Conference on Computer-Aided Design. 2018: 1-8.
|
[63] |
GUO S W , ZHANG T W , QIU H ,et al. The hidden vulnerability of watermarking for deep neural networks[R]. 2020.
|
[64] |
QUAN Y H , TENG H , CHEN Y X ,et al. Watermarking deep neural networks in image processing[J]. IEEE Transactions on Neural Networks and Learning Systems, 2021,32(5): 1852-1865.
|
[65] |
SKRIPNIUK V , YU N , ABDELNABI S ,et al. Black-box watermarking for generative adversarial networks[R]. 2020.
|
[66] |
YADOLLAHI M M , SHOELEH F , DADKHAH S ,et al. Robust black-box watermarking for deep neural network using inverse document frequency[R]. 2021.
|
[67] |
CHEN H L , DARVISH B , KOUSHANFAR F . SpecMark:a spectral watermarking framework for IP protection of speech recognition systems[C]// Proceedings of Interspeech 2020. 2020: 2312-2316.
|
[68] |
ZHAO X Y , WU H Z , ZHANG X P . Watermarking graph neural networks by random graphs[C]// Proceedings of 2021 9th International Symposium on Digital Forensics and Security (ISDFS). 2021: 1-6.
|
[69] |
GUAN X Q , FENG H M , ZHANG W M ,et al. Reversible watermarking in deep convolutional neural networks for integrity authentication[C]// Proceedings of the 28th ACM International Conference on Multimedia. 2020: 2273-2280.
|