Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
158 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Deep Intellectual Property Protection: A Survey (2304.14613v2)

Published 28 Apr 2023 in cs.AI and cs.CR

Abstract: Deep Neural Networks (DNNs), from AlexNet to ResNet to ChatGPT, have made revolutionary progress in recent years, and are widely used in various fields. The high performance of DNNs requires a huge amount of high-quality data, expensive computing hardware, and excellent DNN architectures that are costly to obtain. Therefore, trained DNNs are becoming valuable assets and must be considered the Intellectual Property (IP) of the legitimate owner who created them, in order to protect trained DNN models from illegal reproduction, stealing, redistribution, or abuse. Although being a new emerging and interdisciplinary field, numerous DNN model IP protection methods have been proposed. Given this period of rapid evolution, the goal of this paper is to provide a comprehensive survey of two mainstream DNN IP protection methods: deep watermarking and deep fingerprinting, with a proposed taxonomy. More than 190 research contributions are included in this survey, covering many aspects of Deep IP Protection: problem definition, main threats and challenges, merits and demerits of deep watermarking and deep fingerprinting methods, evaluation metrics, and performance discussion. We finish the survey by identifying promising directions for future research.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (233)
  1. A. Krizhevsky, I. Sutskever, and G. E. Hinton, “Imagenet classification with deep convolutional neural networks,” in Advances in Neural Information Processing Systems (NeurIPS), 2012, pp. 1097–1105.
  2. Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” nature, vol. 521, no. 7553, pp. 436–444, 2015.
  3. S. Khan, M. Naseer, M. Hayat, S. W. Zamir, F. S. Khan, and M. Shah, “Transformers in vision: A survey,” ACM computing surveys (CSUR), vol. 54, no. 10s, pp. 1–41, 2022.
  4. A. Jabbar, X. Li, and B. Omar, “A survey on generative adversarial networks: Variants, applications, and training,” ACM Computing Surveys (CSUR), vol. 54, no. 8, 2021.
  5. L. Liu, W. Ouyang, X. Wang, P. Fieguth, J. Chen, X. Liu, and M. Pietikäinen, “Deep learning for generic object detection: A survey,” International Journal of Computer Vision (IJCV), vol. 128, no. 2, pp. 261–318, 2020.
  6. Y. Taigman, M. Yang, M. Ranzato, and L. Wolf, “DeepFace: Closing the gap to human-level performance in face verification,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2014, pp. 1701–1708.
  7. J. Li et al., “Recent advances in end-to-end automatic speech recognition,” APSIPA Transactions on Signal and Information Processing, vol. 11, no. 1, 2022.
  8. J. Devlin, M. Chang, K. Lee, and K. Toutanova, “BERT: pretraining of deep bidirectional transformers for language understanding,” arXiv:1810.04805, 2018.
  9. C. Chen, A. Seff, A. Kornhauser, and J. Xiao, “Deepdriving: Learning affordance for direct perception in autonomous driving,” in ICCV, 2015, pp. 2722–2730.
  10. A. Esteva, B. Kuprel, R. A. Novoa, J. Ko, S. M. Swetter, H. M. Blau, and S. Thrun, “Dermatologist level classification of skin cancer with deep neural networks,” Nature, vol. 542, no. 7639, pp. 115–118, 2017.
  11. J. M. Stokes, K. Yang, K. Swanson, W. Jin, A. Cubillos-Ruiz, N. M. Donghia, C. R. MacNair, S. French, L. A. Carfrae, Z. Bloom-Ackerman et al., “A deep learning approach to antibiotic discovery,” Cell, vol. 180, no. 4, pp. 688–702, 2020.
  12. D. Silver, T. Hubert, J. Schrittwieser, I. Antonoglou, M. Lai, A. Guez, M. Lanctot, L. Sifre, D. Kumaran, T. Graepel et al., “A general reinforcement learning algorithm that masters chess, shogi, and go through self-play,” Science, vol. 362, no. 6419, pp. 1140–1144, 2018.
  13. O. Vinyals, I. Babuschkin, W. M. Czarnecki, M. Mathieu, A. Dudzik, J. Chung, D. H. Choi, R. Powell, T. Ewalds, P. Georgiev et al., “Grandmaster level in starcraft ii using multiagent reinforcement learning,” Nature, vol. 575, no. 7782, pp. 350–354, 2019.
  14. N. Brown and T. Sandholm, “Superhuman ai for multiplayer poker,” Science, vol. 365, no. 6456, pp. 885–890, 2019.
  15. A. Da’u and N. Salim, “Recommendation system based on deep learning methods: a systematic review and new directions,” Artificial Intelligence Review, vol. 53, no. 4, pp. 2709–2748, 2020.
  16. L. Antonyshyn, J. Silveira, S. Givigi, and J. Marshall, “Multiple mobile robot task and motion planning: A survey,” ACM Computing Surveys (CSUR), 2022.
  17. J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei, “Imagenet: A large-scale hierarchical image database,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).   IEEE, 2009, pp. 248–255.
  18. C. Sun, A. Shrivastava, S. Singh, and A. Gupta, “Revisiting unreasonable effectiveness of data in deep learning era,” in Proceedings of the IEEE International Conference on Computer Vision (ICCV), 2017, pp. 843–852.
  19. T.-Y. Lin, M. Maire, S. Belongie, J. Hays, P. Perona, D. Ramanan, P. Dollár, and C. L. Zitnick, “Microsoft coco: Common objects in context,” in European Conference on Computer Vision (ECCV).   Springer, 2014, pp. 740–755.
  20. T. Weyand, A. Araujo, B. Cao, and J. Sim, “Google landmarks dataset v2-a large-scale benchmark for instance-level recognition and retrieval,” in Proceedings of the IEEE/CVF conference on Computer Vision and Pattern Recognition (CVPR), 2020, pp. 2575–2584.
  21. P. Nakkiran, G. Kaplun, Y. Bansal, T. Yang, B. Barak, and I. Sutskever, “Deep double descent: Where bigger models and more data hurt,” Journal of Statistical Mechanics: Theory and Experiment, vol. 2021, no. 12, p. 124003, 2021.
  22. Z. Sun, R. Sun, L. Lu, and A. Mislove, “Mind your weight (s): A large-scale study on insufficient machine learning model protection in mobile apps,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 1955–1972.
  23. D. Oliynyk, R. Mayer, and A. Rauber, “I know what you trained last summer: A survey on stealing machine learning models and defences,” arXiv preprint arXiv:2206.08451, 2022.
  24. Y. Uchida, Y. Nagai, S. Sakazawa, and S. Satoh, “Embedding watermarks into deep neural networks,” in Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval (ICMR), 2017, pp. 269–277.
  25. X. Cao, J. Jia, and N. Z. Gong, “Ipguard: Protecting intellectual property of deep neural networks via fingerprinting the classification boundary,” in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021, pp. 14–25.
  26. H. Chen, B. D. Rouhani, C. Fu, J. Zhao, and F. Koushanfar, “Deepmarks: A secure fingerprinting framework for digital rights management of deep learning models,” in Proceedings of the 2019 on International Conference on Multimedia Retrieval (ICMR), 2019, pp. 105–113.
  27. B. D. Rouhani, H. Chen, and F. Koushanfar, “Deepsigns: an end-to-end watermarking framework for protecting the ownership of deep neural networks,” in ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2019.
  28. L. Fan, K. W. Ng, and C. S. Chan, “Rethinking deep neural network ownership verification: Embedding passports to defeat ambiguity attacks,” Advances in Neural Information Processing Systems (NeurIPS), vol. 32, 2019.
  29. L. Fan, K. W. Ng, C. S. Chan, and Q. Yang, “Deepipr: Deep neural network intellectual property protection with passports,” IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2021.
  30. E. Le Merrer, P. Perez, and G. Trédan, “Adversarial frontier stitching for remote neural network watermarking,” Neural Computing and Applications (NCA), vol. 32, no. 13, pp. 9233–9244, 2020.
  31. Y. Adi, C. Baum, M. Cisse, B. Pinkas, and J. Keshet, “Turning your weakness into a strength: Watermarking deep neural networks by backdooring,” in 27th USENIX Security Symposium (USENIX Security 18), 2018, pp. 1615–1631.
  32. J. Zhang, Z. Gu, J. Jang, H. Wu, M. P. Stoecklin, H. Huang, and I. Molloy, “Protecting intellectual property of deep neural networks with watermarking,” in Proceedings of the 2018 on Asia Conference on Computer and Communications Security (AsiaCCS), 2018, pp. 159–172.
  33. H. Chen, B. D. Rouhani, and F. Koushanfar, “Blackmarks: Blackbox multibit watermarking for deep neural networks,” arXiv preprint arXiv:1904.00344, 2019.
  34. N. Lukas, Y. Zhang, and F. Kerschbaum, “Deep neural network fingerprinting by conferrable adversarial examples,” in International Conference on Learning Representations (ICLR), 2021.
  35. Z. Peng, S. Li, G. Chen, C. Zhang, H. Zhu, and M. Xue, “Fingerprinting deep neural networks globally via universal adversarial perturbations,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022, pp. 13 430–13 439.
  36. G. Liu, T. Xu, X. Ma, and C. Wang, “Your model trains on my data? protecting intellectual property of training data via membership fingerprint authentication,” IEEE Transactions on Information Forensics and Security (TIFS), vol. 17, pp. 1024–1037, 2022.
  37. Y. Li, Z. Zhang, B. Liu, Z. Yang, and Y. Liu, “Modeldiff: testing-based dnn similarity comparison for model reuse detection,” in Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2021, pp. 139–151.
  38. X. Pan, Y. Yan, M. Zhang, and M. Yang, “Metav: A meta-verifier approach to task-agnostic model fingerprinting,” in Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (SIGKDD), 2022, pp. 1327–1336.
  39. J. Chen, J. Wang, T. Peng, Y. Sun, P. Cheng, S. Ji, X. Ma, B. Li, and D. Song, “Copy, right? a testing framework for copyright protection of deep learning models,” in IEEE Symposium on Security and Privacy (S&P), 2022.
  40. X. Pan, M. Zhang, Y. Lu, and M. Yang, “Tafa: A task-agnostic fingerprinting algorithm for neural networks,” in European Symposium on Research in Computer Security (ESORICS).   Springer, 2021, pp. 542–562.
  41. F. Regazzoni, P. Palmieri, F. Smailbegovic, R. Cammarota, and I. Polian, “Protecting artificial intelligence ips: a survey of watermarking and fingerprinting for machine learning,” CAAI Transactions on Intelligence Technology, vol. 6, no. 2, pp. 180–191, 2021.
  42. M. Xue, Y. Zhang, J. Wang, and W. Liu, “Intellectual property protection for deep learning models: Taxonomy, methods, attacks, and evaluations,” IEEE Transactions on Artificial Intelligence (TAI), vol. 1, no. 01, pp. 1–1, 2022.
  43. N. Lukas, E. Jiang, X. Li, and F. Kerschbaum, “Sok: How robust is image classification deep neural network watermarking?” IEEE Symposium on Security and Privacy (S&P), 2022.
  44. F. Boenisch, “A systematic review on model watermarking for neural networks,” Frontiers in big Data, vol. 4, 2021.
  45. Y. Li, H. Wang, and M. Barni, “A survey of deep neural network watermarking techniques,” Neurocomputing, vol. 461, pp. 171–193, 2021.
  46. H. Chen, B. D. Rouhani, X. Fan, O. C. Kilinc, and F. Koushanfar, “Performance comparison of contemporary dnn watermarking techniques,” arXiv preprint arXiv:1811.03713, 2018.
  47. A. Fkirin, G. Attiya, A. El-Sayed, and M. A. Shouman, “Copyright protection of deep neural network models using digital watermarking: a comparative study,” Multimedia Tools and Applications, vol. 81, no. 11, pp. 15 961–15 975, 2022.
  48. M. Barni, F. Pérez-González, and B. Tondi, “Dnn watermarking: four challenges and a funeral,” in Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, 2021, pp. 189–196.
  49. S. Peng, Y. Chen, J. Xu, Z. Chen, C. Wang, and X. Jia, “Intellectual property protection of dnn models,” World Wide Web, pp. 1–35, 2022.
  50. S. Lee, W. Song, S. Jana, M. Cha, and S. Son, “Evaluating the robustness of trigger set-based watermarks embedded in deep neural networks,” IEEE Transactions on Dependable and Secure Computing (TDSC), 2022.
  51. M. Jagielski, N. Carlini, D. Berthelot, A. Kurakin, and N. Papernot, “High accuracy and high fidelity extraction of neural networks,” in 29th USENIX security symposium (USENIX Security 20), 2020, pp. 1345–1362.
  52. Y. He, G. Meng, K. Chen, X. Hu, and J. He, “Towards security threats of deep learning systems: A survey,” IEEE Transactions on Software Engineering (TSE), 2020.
  53. T. Wang and F. Kerschbaum, “Riga: Covert and robust white-box watermarking of deep neural networks,” in Proceedings of the Web Conference 2021 (WWW), 2021, pp. 993–1004.
  54. H. Liu, Z. Weng, and Y. Zhu, “Watermarking deep neural networks with greedy residuals,” in Proceedings of the International Conference on Machine Learning (ICML).   PMLR, 2021, pp. 6978–6988.
  55. X. Guan, H. Feng, W. Zhang, H. Zhou, J. Zhang, and N. Yu, “Reversible watermarking in deep convolutional neural networks for integrity authentication,” in Proceedings of the 28th ACM International Conference on Multimedia (MM), 2020, pp. 2273–2280.
  56. M. Botta, D. Cavagnino, and R. Esposito, “Neunac: A novel fragile watermarking algorithm for integrity protection of neural networks,” Information Sciences, vol. 576, pp. 228–241, 2021.
  57. H. Chen, C. Fu, B. D. Rouhani, J. Zhao, and F. Koushanfar, “Deepattest: an end-to-end attestation framework for deep neural networks,” in 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).   IEEE, 2019, pp. 487–498.
  58. Y. Li, L. Zhu, X. Jia, Y. Jiang, S.-T. Xia, and X. Cao, “Defending against model stealing via verifying embedded external features,” in Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), vol. 36, no. 2, 2022, pp. 1464–1472.
  59. Y. Li, L. Zhu, X. Jia, Y. Bai, Y. Jiang, S.-T. Xia, and X. Cao, “Move: Effective and harmless ownership verification via embedded external features,” arXiv preprint arXiv:2208.02820, 2022.
  60. A. Sablayrolles, M. Douze, C. Schmid, and H. Jégou, “Radioactive data: tracing through training,” in Proceedings of the International Conference on Machine Learning (ICML).   PMLR, 2020, pp. 8326–8335.
  61. X. Lou, S. Guo, T. Zhang, Y. Zhang, and Y. Liu, “When nas meets watermarking: ownership verification of dnn models via cache side channels,” IEEE Transactions on Circuits and Systems for Video Technology (TCSVT), 2022.
  62. X. Chen, T. Chen, Z. Zhang, and Z. Wang, “You are caught stealing my winning lottery ticket! making a lottery ticket claim its ownership,” Advances in Neural Information Processing Systems (NeurIPS), vol. 34, pp. 1780–1791, 2021.
  63. J. Zhang, D. Chen, J. Liao, W. Zhang, G. Hua, and N. Yu, “Passport-aware normalization for deep model protection,” Advances in Neural Information Processing Systems (NeurIPS), vol. 33, pp. 22 619–22 628, 2020.
  64. J. H. Lim, C. S. Chan, K. W. Ng, L. Fan, and Q. Yang, “Protect, show, attend and tell: Empowering image captioning models with ownership protection,” Pattern Recognition (PR), vol. 122, p. 108285, 2022.
  65. P. Lv, P. Li, S. Zhang, K. Chen, R. Liang, H. Ma, Y. Zhao, and Y. Li, “A robustness-assured white-box watermark in neural networks,” IEEE Transactions on Dependable and Secure Computing (TDSC), 2023.
  66. J. Jia, Y. Wu, A. Li, S. Ma, and Y. Liu, “Subnetwork-lossless robust watermarking for hostile theft attacks in deep transfer learning models,” IEEE Transactions on Dependable and Secure Computing (TDSC), 2022.
  67. L. Sofiane, M. Njeh, O. Ermis, M. Önen, and S. Trabelsi, “Yes we can: Watermarking machine learning models beyond classification,” in CFS 2021, 34th IEEE Computer Security Foundations Symposium, 2021.
  68. Y. Lao, P. Yang, W. Zhao, and P. Li, “Identification for deep neural network: Simply adjusting few weights!” in 2022 IEEE 38th International Conference on Data Engineering (ICDE).   IEEE, 2022, pp. 1328–1341.
  69. H. Jia, C. A. Choquette-Choo, V. Chandrasekaran, and N. Papernot, “Entangled watermarks as a defense against model extraction,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 1937–1954.
  70. J. Guo and M. Potkonjak, “Watermarking deep neural networks for embedded systems,” in 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).   IEEE, 2018, pp. 1–8.
  71. R. Zhu, X. Zhang, M. Shi, and Z. Tang, “Secure neural network watermarking protocol against forging attack,” EURASIP Journal on Image and Video Processing, vol. 2020, no. 1, pp. 1–12, 2020.
  72. A. P. Maung Maung and H. Kiya, “Piracy-resistant dnn watermarking by block-wise image transformation with secret key,” in Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security (IHMM&Sec), 2021, pp. 159–164.
  73. Y. Li, Y. Bai, Y. Jiang, Y. Yang, S.-T. Xia, and B. Li, “Untargeted backdoor watermark: Towards harmless and stealthy dataset copyright protection,” in Advances in Neural Information Processing Systems (NeurIPS), 2022.
  74. Z. Li, C. Hu, Y. Zhang, and S. Guo, “How to prove your model belongs to you: A blind-watermark based framework to protect intellectual property of dnn,” in Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC), 2019, pp. 126–137.
  75. Y. Lao, W. Zhao, P. Yang, and P. Li, “Deepauth: A dnn authentication framework by model-unique and fragile signature embedding,” in Proceedings of the Thirty-Sixth AAAI Conference on Artificial Intelligence (AAAI), Virtual Event, 2022.
  76. P. Yang, Y. Lao, and P. Li, “Robust watermarking for deep neural networks via bi-level optimization,” in Proceedings of the IEEE/CVF International Conference on Computer Vision, 2021, pp. 14 841–14 850.
  77. L. Charette, L. Chu, Y. Chen, J. Pei, L. Wang, and Y. Zhang, “Cosine model watermarking against ensemble distillation,” in Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), 2022.
  78. T. Wu, X. Li, Y. Miao, M. Xu, H. Zhang, X. Liu, and K.-K. R. Choo, “Cits-mew: Multi-party entangled watermark in cooperative intelligent transportation system,” IEEE Transactions on Intelligent Transportation Systems, 2022.
  79. G. Ren, J. Wu, G. Li, S. Li, and M. Guizani, “Protecting intellectual property with reliable availability of learning models in ai-based cybersecurity services,” IEEE Transactions on Dependable and Secure Computing (TDSC), 2022.
  80. L. Wang, S. Xu, R. Xu, X. Wang, and Q. Zhu, “Non-transferable learning: A new approach for model ownership verification and applicability authorization,” in International Conference on Learning Representations, 2022.
  81. R. Namba and J. Sakuma, “Robust watermarking of neural network with exponential weighting,” in Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2019, pp. 228–240.
  82. A. Bansal, P.-Y. Chiang, M. J. Curry, R. Jain, C. Wigington, V. Manjunatha, J. P. Dickerson, and T. Goldstein, “Certified neural network watermarks with randomized smoothing,” in Proceedings of the International Conference on Machine Learning (ICML).   PMLR, 2022, pp. 1450–1465.
  83. B. Li, L. Fan, H. Gu, J. Li, and Q. Yang, “Fedipr: Ownership verification for federated deep neural network models,” IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022.
  84. T. Cong, X. He, and Y. Zhang, “Sslguard: A watermarking scheme for self-supervised learning pre-trained encoders,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2022, pp. 579–593.
  85. D. S. Ong, C. S. Chan, K. W. Ng, L. Fan, and Q. Yang, “Protecting intellectual property of generative adversarial networks from ambiguity attacks,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2021, pp. 3630–3639.
  86. Z. Sun, X. Du, F. Song, M. Ni, and L. Li, “Coprotector: Protect open-source code against unauthorized training usage with data poisoning,” in Proceedings of the ACM Web Conference (WWW), 2022, pp. 652–660.
  87. H. Jia, M. Yaghini, C. A. Choquette-Choo, N. Dullerud, A. Thudi, V. Chandrasekaran, and N. Papernot, “Proof-of-learning: Definitions and practice,” in IEEE Symposium on Security and Privacy (S&P).   IEEE, 2021, pp. 1039–1056.
  88. Y. Zheng, S. Wang, and C.-H. Chang, “A dnn fingerprint for non-repudiable model ownership identification and piracy detection,” IEEE Transactions on Information Forensics and Security, vol. 17, pp. 2977–2989, 2022.
  89. H. Chen, H. Zhou, J. Zhang, D. Chen, W. Zhang, K. Chen, G. Hua, and N. Yu, “Perceptual hashing of deep convolutional neural networks for model copy detection,” ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), 2022.
  90. C. Xiong, G. Feng, X. Li, X. Zhang, and C. Qin, “Neural network model protection with piracy identification and tampering localization capability,” in Proceedings of the 30th ACM International Conference on Multimedia (MM), 2022, pp. 2881–2889.
  91. J. Guan, J. Liang, and R. He, “Are you stealing my model? sample correlation for fingerprinting deep neural networks,” in Advances in Neural Information Processing Systems (NeurIPS), 2022.
  92. J. Zhao, Q. Hu, G. Liu, X. Ma, F. Chen, and M. M. Hassan, “Afa: Adversarial fingerprinting authentication for deep neural networks,” Computer Communications, vol. 150, pp. 488–497, 2020.
  93. K. Yang, R. Wang, and L. Wang, “Metafinger: Fingerprinting the deep neural networks with meta-training,” in Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI), 2022.
  94. S. Wang and C.-H. Chang, “Fingerprinting deep neural networks-a deepfool approach,” in 2021 IEEE International Symposium on Circuits and Systems (ISCAS).   IEEE, 2021, pp. 1–5.
  95. S. Wang, X. Wang, P.-Y. Chen, P. Zhao, and X. Lin, “Characteristic examples: High-robustness, low-transferability fingerprinting of neural networks.” in Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI), 2021, pp. 575–582.
  96. Y. Chen, C. Shen, C. Wang, and Y. Zhang, “Teacher model fingerprinting attacks against transfer learning,” in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 3593–3610.
  97. Z. He, T. Zhang, and R. Lee, “Sensitive-sample fingerprinting of deep neural networks,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2019, pp. 4729–4737.
  98. S. Wang, S. Abuadbba, S. Agarwal, K. Moore, R. Sun, M. Xue, S. Nepal, S. Camtepe, and S. Kanhere, “Publiccheck: Public integrity verification for services of run-time deep models,” in IEEE Symposium on Security and Privacy (S&P), 2023, pp. 1239–1256.
  99. S. Wang, P. Zhao, X. Wang, S. Chin, T. Wahl, Y. Fei, Q. A. Chen, and X. Lin, “Intrinsic examples: Robust fingerprinting of deep neural networks,” in British Machine Vision Conference (BMVC), 2021.
  100. P. Maini, M. Yaghini, and N. Papernot, “Dataset inference: Ownership resolution in machine learning,” in International Conference on Learning Representations (ICLR), 2021.
  101. A. Dziedzic, H. Duan, M. A. Kaleem, N. Dhawan, J. Guan, Y. Cattan, F. Boenisch, and N. Papernot, “Dataset inference for self-supervised models,” in Advances in Neural Information Processing Systems (NeurIPS), 2022.
  102. H. Jia, H. Chen, J. Guan, A. S. Shamsabadi, and N. Papernot, “A zest of LIME: Towards architecture-independent model distances,” in International Conference on Learning Representations (ICLR), 2022.
  103. Y. Nagai, Y. Uchida, S. Sakazawa, and S. Satoh, “Digital watermarking for deep neural networks,” International Journal of Multimedia Information Retrieval, vol. 7, no. 1, pp. 3–16, 2018.
  104. N. Lin, X. Chen, H. Lu, and X. Li, “Chaotic weights: A novel approach to protect intellectual property of deep neural networks,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), vol. 40, no. 7, pp. 1327–1339, 2020.
  105. M. Alam, S. Saha, D. Mukhopadhyay, and S. Kundu, “Nn-lock: A lightweight authorization to prevent ip threats of deep learning models,” ACM Journal on Emerging Technologies in Computing Systems (JETC), vol. 18, no. 3, pp. 1–19, 2022.
  106. M. Xue, Z. Wu, Y. Zhang, J. Wang, and W. Liu, “Advparams: An active dnn intellectual property protection technique via adversarial perturbation based parameter encryption,” IEEE Transactions on Emerging Topics in Computing, 2022.
  107. W. Peng and J. Chen, “Learnability lock: Authorized learnability control through adversarial invertible transformations,” in International Conference on Learning Representations (ICLR), 2022.
  108. R. Mishra and H. Gupta, “Transforming large-size to lightweight deep neural networks for iot applications,” ACM Computing Surveys (CSUR), vol. 55, no. 11, pp. 1–35, 2023.
  109. F. Zhuang, Z. Qi, K. Duan, D. Xi, Y. Zhu, H. Zhu, H. Xiong, and Q. He, “A comprehensive survey on transfer learning,” Proceedings of the IEEE, vol. 109, no. 1, pp. 43–76, 2020.
  110. A. Garcia-Garcia, S. Orts-Escolano, S. Oprea, V. Villena-Martinez, and J. Garcia-Rodriguez, “A review on deep learning techniques applied to semantic segmentation,” arXiv preprint arXiv:1704.06857, 2017.
  111. Z. Wang, J. Chen, and S. C. Hoi, “Deep learning for image super-resolution: A survey,” IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), vol. 43, no. 10, pp. 3365–3387, 2020.
  112. Y. Jing, Y. Yang, Z. Feng, J. Ye, Y. Yu, and M. Song, “Neural style transfer: A review,” IEEE Transactions on Visualization and Computer Graphics (TVCG), vol. 26, no. 11, pp. 3365–3385, 2019.
  113. S. Ranathunga, E.-S. A. Lee, M. Prifti Skenduli, R. Shekhar, M. Alam, and R. Kaur, “Neural machine translation for low-resource languages: A survey,” ACM Computing Surveys (CSUR), vol. 55, no. 11, pp. 1–37, 2023.
  114. T. Wang and F. Kerschbaum, “Attacks on digital watermarks for deep neural networks,” in ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).   IEEE, 2019, pp. 2622–2626.
  115. D. Hitaj, B. Hitaj, and L. V. Mancini, “Evasion attacks against watermarking techniques found in mlaas systems,” in 2019 Sixth International Conference on Software Defined Systems (SDS).   IEEE, 2019, pp. 55–63.
  116. H. Wang, M. Xue, S. Sun, Y. Zhang, J. Wang, and W. Liu, “Detect and remove watermark in deep neural networks via generative adversarial networks,” in International Conference on Information Security (ISC 2021), 2021.
  117. W. Aiken, H. Kim, S. Woo, and J. Ryoo, “Neural network laundering: Removing black-box backdoor watermarks from deep neural networks,” Computers & Security, vol. 106, p. 102277, 2021.
  118. W.-A. Lin, Y. Balaji, P. Samangouei, and R. Chellappa, “Invert and defend: Model-based approximate inversion of generative adversarial networks for secure inference,” arXiv preprint arXiv:1911.10291, 2019.
  119. J. Lin, C. Gan, and S. Han, “Defensive quantization: When efficiency meets robustness,” in International Conference on Learning Representations (ICLR), 2019.
  120. W. Xu, D. Evans, and Y. Qi, “Feature squeezing: Detecting adversarial examples in deep neural networks,” in Network and Distributed System Security Symposium (NDSS), 2018.
  121. V. Zantedeschi, M.-I. Nicolae, and A. Rawat, “Efficient defenses against adversarial attacks,” in Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 2017, pp. 39–49.
  122. S. Guo, T. Zhang, H. Qiu, Y. Zeng, T. Xiang, and Y. Liu, “Fine-tuning is not enough: A simple yet effective watermark removal attack for dnn models,” in Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI), 2021, pp. 3635–3641.
  123. G. K. Dziugaite, Z. Ghahramani, and D. M. Roy, “A study of the effect of jpg compression on adversarial images,” arXiv preprint arXiv:1608.00853, 2016.
  124. R. Wang, H. Li, L. Mu, J. Ren, S. Guo, L. Liu, L. Fang, J. Chen, and L. Wang, “Rethinking the vulnerability of dnn watermarking: Are watermarks robust against naturalness-aware perturbations?” in Proceedings of the 30th ACM International Conference on Multimedia (MM), 2022, pp. 1808–1818.
  125. X. Chen, W. Wang, Y. Ding, C. Bender, R. Jia, B. Li, and D. Song, “Leveraging unlabeled data for watermark removal of deep neural networks,” in ICML workshop on Security and Privacy of Machine Learning, 2019, pp. 1–6.
  126. X. Chen, W. Wang, C. Bender, Y. Ding, R. Jia, B. Li, and D. Song, “Refit: a unified watermark removal framework for deep learning systems with limited data,” in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021, pp. 321–335.
  127. X. Liu, F. Li, B. Wen, and Q. Li, “Removing backdoor-based watermarks in neural networks with limited data,” in 2020 25th International Conference on Pattern Recognition (ICPR).   IEEE, 2021, pp. 10 149–10 156.
  128. Z. Zhong, L. Zheng, G. Kang, S. Li, and Y. Yang, “Random erasing data augmentation,” in Proceedings of the AAAI conference on artificial intelligence (AAAI), vol. 34, no. 07, 2020, pp. 13 001–13 008.
  129. D. Blalock, J. J. Gonzalez Ortiz, J. Frankle, and J. Guttag, “What is the state of neural network pruning?” Proceedings of Machine Learning and Systems, vol. 2, pp. 129–146, 2020.
  130. K. Liu, B. Dolan-Gavitt, and S. Garg, “Fine-pruning: Defending against backdooring attacks on deep neural networks,” in International Symposium on Research in Attacks, Intrusions, and Defenses.   Springer, 2018, pp. 273–294.
  131. C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens, and Z. Wojna, “Rethinking the inception architecture for computer vision,” in Proceedings of the IEEE conference on Computer Vision and Pattern Recognition (CVPR), 2016, pp. 2818–2826.
  132. M. Shafieinejad, N. Lukas, J. Wang, X. Li, and F. Kerschbaum, “On the robustness of backdoor-based watermarking in deep neural networks,” in Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, 2021, pp. 177–188.
  133. T. D. Nguyen, P. Rieger, H. Chen, H. Yalame, H. Möllering, H. Fereidooni, S. Marchal, M. Miettinen, A. Mirhoseini, S. Zeitouni, F. Koushanfar, A.-R. Sadeghi, and T. Schneider, “FLAME: Taming backdoors in federated learning,” in 31st USENIX Security Symposium (USENIX Security 22), 2022.
  134. Z. Zhang, Y. Li, J. Wang, B. Liu, D. Li, Y. Guo, X. Chen, and Y. Liu, “Remos: reducing defect inheritance in transfer learning via relevant model slicing,” in Proceedings of the 44th International Conference on Software Engineering (ICSE), 2022, pp. 1856–1868.
  135. B. Wang, Y. Yao, S. Shan, H. Li, B. Viswanath, H. Zheng, and B. Y. Zhao, “Neural cleanse: Identifying and mitigating backdoor attacks in neural networks,” in IEEE Symposium on Security and Privacy (S&P).   IEEE, 2019, pp. 707–723.
  136. I. Hubara, M. Courbariaux, D. Soudry, R. El-Yaniv, and Y. Bengio, “Quantized neural networks: Training neural networks with low precision weights and activations,” The Journal of Machine Learning Research (JMLR), vol. 18, no. 1, pp. 6869–6898, 2017.
  137. A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,” in International Conference on Learning Representations (ICLR), 2018.
  138. Q. Zhong, L. Y. Zhang, S. Hu, L. Gao, J. Zhang, and Y. Xiang, “Attention distraction: Watermark removal through continual learning with selective forgetting,” in IEEE International Conference on Multimedia & Expo (ICME), 2022.
  139. B. Goldberger, G. Katz, Y. Adi, and J. Keshet, “Minimal modifications of deep neural networks using verification,” in LPAR-23: 23rd International Conference on Logic for Programming, Artificial Intelligence and Reasoning, vol. 73, 2020, pp. 260–278.
  140. Y. Xue, Y. Zhu, Z. Zhu, S. Li, Z. Qian, and X. Zhang, “Removing watermarks for image processing networks via referenced subspace attention,” The Computer Journal, 2022.
  141. Y. Yan, X. Pan, M. Zhang, and M. Yang, “Rethinking white-box watermarks on deep learning models under neural structural obfuscation,” in 32th USENIX security symposium (USENIX Security 23), 2023.
  142. T. Orekondy, B. Schiele, and M. Fritz, “Knockoff nets: Stealing functionality of black-box models,” in Proceedings of the IEEE/CVF conference on Computer Vision and Pattern Recognition (CVPR), 2019, pp. 4954–4963.
  143. Z. Yang, H. Dang, and E.-C. Chang, “Effectiveness of distillation attack and countermeasure on neural network watermarking,” arXiv preprint arXiv:1906.06046, 2019.
  144. L. Feng and X. Zhang, “Watermarking neural network with compensation mechanism,” in International Conference on Knowledge Science, Engineering and Management (KSEM).   Springer, 2020, pp. 363–375.
  145. M. Kuribayashi, T. Tanaka, S. Suzuki, T. Yasui, and N. Funabiki, “White-box watermarking scheme for fully-connected layers in fine-tuning model,” in Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security (IH&MMSec), 2021, pp. 165–170.
  146. X. Zhao, Y. Yao, H. Wu, and X. Zhang, “Structural watermarking to deep neural networks via network channel pruning,” in 2021 IEEE International Workshop on Information Forensics and Security (WIFS).   IEEE, 2021, pp. 1–6.
  147. C. Xie, P. Yi, B. Zhang, and F. Zou, “Deepmark: Embedding watermarks into deep neural network using pruning,” in 2021 IEEE 33rd International Conference on Tools with Artificial Intelligence (ICTAI).   IEEE, 2021, pp. 169–175.
  148. Q. Zhong, L. Y. Zhang, J. Zhang, L. Gao, and Y. Xiang, “Protecting ip of deep neural networks with watermarking: A new label helps,” in Pacific-Asia Conference on Knowledge Discovery and Data Mining.   Springer, 2020, pp. 462–474.
  149. D. Mehta, N. Mondol, F. Farahmandi, and M. Tehranipoor, “Aime: watermarking ai models by leveraging errors,” in 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE).   IEEE, 2022, pp. 304–309.
  150. J. Zhang, D. Chen, J. Liao, H. Fang, W. Zhang, W. Zhou, H. Cui, and N. Yu, “Model watermarking for image prolearning multiple layers of features from tiny imagescessing networks,” in Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), vol. 34, no. 07, 2020, pp. 12 805–12 812.
  151. J. Zhang, D. Chen, J. Liao, W. Zhang, H. Feng, G. Hua, and N. Yu, “Deep model intellectual property protection via deep watermarking,” IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2021.
  152. H. Wu, G. Liu, Y. Yao, and X. Zhang, “Watermarking neural networks with watermarked images,” IEEE Transactions on Circuits and Systems for Video Technology (TCSVT), vol. 31, no. 7, pp. 2591–2601, 2020.
  153. N. Yu, V. Skripniuk, S. Abdelnabi, and M. Fritz, “Artificial fingerprinting for generative models: Rooting deepfake attribution in training data,” in Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2021, pp. 14 448–14 457.
  154. S. Abdelnabi and M. Fritz, “Adversarial watermarking transformer: Towards tracing text provenance with data hiding,” in IEEE Symposium on Security and Privacy (S&P), 2021, pp. 121–140.
  155. X. He, Q. Xu, L. Lyu, F. Wu, and C. Wang, “Protecting intellectual property of language generation apis with lexical watermark,” in Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), vol. 36, no. 10, 2022, pp. 10 758–10 766.
  156. X. He, Q. Xu, Y. Zeng, L. Lyu, F. Wu, J. Li, and R. Jia, “CATER: Intellectual property protection on text generation APIs via conditional watermarks,” in Advances in Neural Information Processing Systems (NeurIPS), 2022.
  157. B. G. Tekgul, Y. Xia, S. Marchal, and N. Asokan, “Waffle: Watermarking in federated learning,” in 2021 40th International Symposium on Reliable Distributed Systems (SRDS).   IEEE, 2021, pp. 310–320.
  158. S. Shao, W. Yang, H. Gu, J. Lou, Z. Qin, L. Fan, Q. Yang, and K. Ren, “Fedtracker: Furnishing ownership verification and traceability for federated learning model,” arXiv preprint arXiv:2211.07160, 2022.
  159. H. Chen, B. D. Rouhani, and F. Koushanfar, “Specmark: A spectral watermarking framework for ip protection of speech recognition systems,” in INTERSPEECH, 2020, pp. 2312–2316.
  160. S. Szyller and N. Asokan, “Conflicting interactions among protections mechanisms for machine learning models,” in Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), 2023.
  161. G. Zhao, C. Qin, H. Yao, and Y. Han, “Dnn self-embedding watermarking: Towards tampering detection and parameter recovery for deep neural network,” Pattern Recognition Letters, vol. 164, pp. 16–22, 2022.
  162. J. Frankle and M. Carbin, “The lottery ticket hypothesis: Finding sparse, trainable neural networks,” in International Conference on Learning Representations (ICLR), 2019.
  163. R. Zhu, P. Wei, S. Li, Z. Yin, X. Zhang, and Z. Qian, “Fragile neural network watermarking with trigger image set,” in International Conference on Knowledge Science, Engineering and Management.   Springer, 2021, pp. 280–293.
  164. L. Lin and H. Wu, “Verifying integrity of deep ensemble models by lossless black-box watermarking with sensitive samples,” in 2022 10th International Symposium on Digital Forensics and Security (ISDFS).   IEEE, 2022, pp. 1–6.
  165. M. Mirza and S. Osindero, “Conditional generative adversarial nets,” arXiv preprint arXiv:1411.1784, 2014.
  166. X. Chen, Y. Duan, R. Houthooft, J. Schulman, I. Sutskever, and P. Abbeel, “Infogan: Interpretable representation learning by information maximizing generative adversarial nets,” Advances in Neural Information Processing Systems (NeurIPS), vol. 29, 2016.
  167. S. Szyller, B. G. Atli, S. Marchal, and N. Asokan, “Dawn: Dynamic adversarial watermarking of neural networks,” in Proceedings of the 29th ACM International Conference on Multimedia, 2021, pp. 4417–4425.
  168. J. Fei, Z. Xia, B. Tondi, and M. Barni, “Supervised gan watermarking for intellectual property protection,” in 2022 IEEE International Workshop on Information Forensics and Security (WIFS).   IEEE, 2022, pp. 1–6.
  169. J. Kirchenbauer, J. Geiping, Y. Wen, J. Katz, I. Miers, and T. Goldstein, “A watermark for large language models,” arXiv preprint arXiv:2301.10226, 2023.
  170. T. Xiang, C. Xie, S. Guo, J. Li, and T. Zhang, “Protecting your nlg models with semantic and robust watermarks,” arXiv preprint arXiv:2112.05428, 2021.
  171. X. Zhao, L. Li, and Y.-X. Wang, “Distillation-resistant watermarking for model protection in nlp,” arXiv preprint arXiv:2210.03312, 2022.
  172. X. Zhao, Y.-X. Wang, and L. Li, “Protecting language generation models via invisible watermarking,” arXiv preprint arXiv:2302.03162, 2023.
  173. A. Dziedzic, N. Dhawan, M. A. Kaleem, J. Guan, and N. Papernot, “On the difficulty of defending self-supervised learning against model extraction,” in Proceedings of the International Conference on Machine Learning (ICML), 2022.
  174. T. Zhang, H. Wu, X. Lu, and G. Sun, “Awencoder: Adversarial watermarking pre-trained encoders in contrastive learning,” arXiv preprint arXiv:2208.03948, 2022.
  175. M. AprilPyone and H. Kiya, “Transfer learning-based model protection with secret key,” in 2021 IEEE International Conference on Image Processing (ICIP).   IEEE, 2021, pp. 3877–3881.
  176. Q. Yang, A. Huang, L. Fan, C. S. Chan, J. H. Lim, K. W. Ng, D. S. Ong, and B. Li, “Federated learning with privacy-preserving and model ip-right-protection,” Machine Intelligence Research, vol. 20, no. 1, pp. 19–37, 2023.
  177. F.-Q. Li, S.-L. Wang, and A. W.-C. Liew, “Watermarking protocol for deep neural network ownership regulation in federated learning,” in IEEE International Conference on Multimedia and Expo Workshops (ICMEW).   IEEE, 2022, pp. 1–4.
  178. ——, “Regulating ownership verification for deep neural networks: Scenarios, protocols, and prospects,” IJCAI 2021 Workshop on Toward IPR on Deep Learning as Services, 2021.
  179. X. Liu, S. Shao, Y. Yang, K. Wu, W. Yang, and H. Fang, “Secure federated learning model verification: A client-side backdoor triggered watermarking scheme,” in IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2021, pp. 2414–2419.
  180. T. Qiao, Y. Ma, N. Zheng, H. Wu, Y. Chen, M. Xu, and X. Luo, “A novel model watermarking for protecting generative adversarial network,” Computers & Security, p. 103102, 2023.
  181. H. Ruan, H. Song, B. Liu, Y. Cheng, and Q. Liu, “Intellectual property protection for deep semantic segmentation models,” Frontiers of Computer Science, vol. 17, no. 1, p. 171306, 2023.
  182. Y. Quan, H. Teng, Y. Chen, and H. Ji, “Watermarking deep neural networks in image processing,” IEEE Transactions on neural networks and learning systems, vol. 32, no. 5, pp. 1852–1865, 2020.
  183. T. Dong, H. Qiu, T. Zhang, J. Li, H. Li, and J. Lu, “Fingerprinting multi-exit deep neural network models via inference time,” arXiv preprint arXiv:2110.03175, 2021.
  184. G. Li, G. Xu, H. Qiu, S. Guo, R. Wang, J. Li, and T. Zhang, “A novel verifiable fingerprinting scheme for generative adversarial networks,” arXiv preprint arXiv:2106.11760, 2021.
  185. Y. Jeong, D. Kim, Y. Ro, P. Kim, and J. Choi, “Fingerprintnet: Synthesized fingerprints for generated image detection,” in European Conference on Computer Vision (ECCV).   Springer, 2022, pp. 76–94.
  186. Y. Li, S. Bai, Y. Zhou, C. Xie, Z. Zhang, and A. Yuille, “Learning transferable adversarial examples via ghost networks,” in Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), 2020.
  187. I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” in International Conference on Learning Representations (ICLR), 2015.
  188. N. Carlini and D. Wagner, “Towards evaluating the robustness of neural networks,” in IEEE symposium on security and privacy (S&P).   IEEE, 2017, pp. 39–57.
  189. S.-M. Moosavi-Dezfooli, A. Fawzi, and P. Frossard, “Deepfool: a simple and accurate method to fool deep neural networks,” in Proceedings of the IEEE/CVF conference on Computer Vision and Pattern Recognition (CVPR), 2016, pp. 2574–2582.
  190. Y. Jia and M. Harman, “An analysis and survey of the development of mutation testing,” IEEE Transactions on Software Engineering (TSE), vol. 37, no. 5, pp. 649–678, 2010.
  191. S. Demir, H. F. Eniser, and A. Sen, “Deepsmartfuzzer: Reward guided test generation for deep learning,” arXiv preprint arXiv:1911.10621, 2019.
  192. K. He, X. Chen, S. Xie, Y. Li, P. Dollár, and R. Girshick, “Masked autoencoders are scalable vision learners,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022, pp. 16 000–16 009.
  193. A. Vedaldi and S. Soatto, “Quick shift and kernel methods for mode seeking,” in European Conference on Computer Vision (ECCV).   Springer, 2008, pp. 705–718.
  194. T. Chen, S. Kornblith, M. Norouzi, and G. Hinton, “A simple framework for contrastive learning of visual representations,” in Proceedings of the International Conference on Machine Learning (ICML), 2020, pp. 1597–1607.
  195. J. Vonderfecht and F. Liu, “Fingerprints of super resolution networks,” Transactions on Machine Learning Research (TMLR), 2022.
  196. https://github.com/yu4u/dnn-watermark.
  197. https://github.com/dnn-security/Watermark-Robustness-Toolbox.
  198. https://github.com/eil/greedy-residuals.
  199. https://github.com/TIANHAO-WANG/riga.
  200. https://github.com/THUYimingLi/MOVE.
  201. https://github.com/lvpeizhuo/HufuNet.
  202. https://github.com/WSP-LAB/wm-eval-zoo.
  203. https://github.com/arpitbansal297/Certified_Watermarks.
  204. https://github.com/THUYimingLi/Untargeted_Backdoor_Watermark.
  205. https://github.com/zhenglisec/Blind-Watermark-for-DNN.
  206. https://github.com/cleverhans-lab/entangled-watermark.
  207. https://github.com/dunky11/adversarial-frontier-stitching.
  208. https://github.com/conditionWang/NTL.
  209. https://developer.huaweicloud.com/develop/aigallery/notebook/detail?id=2d937a91-1692-4f88-94ca-82e1ae8d4d79.
  210. https://github.com/kamwoh/DeepIPR.
  211. https://github.com/ZJZAC/Passport-aware-Normalization.
  212. https://github.com/dingsheng-ong/ipr-gan.
  213. https://github.com/jianhanlim/ipr-image-captioning.
  214. https://github.com/VITA-Group/NO-stealing-LTH.
  215. https://github.com/ssg-research/WAFFLE.
  216. https://github.com/purp1eHaze/FedIPR.
  217. https://github.com/tianshuocong/SSLGuard.
  218. https://github.com/v587su/CoProtector.
  219. https://github.com/cleverhans-lab/Proof-of-Learning.
  220. https://github.com/Testing4AI/DeepJudge.
  221. https://github.com/ayberkuckun/DNN-Fingerprinting.
  222. http://www.chenwang.net.cn/code/MeFA-Code.zip.
  223. https://github.com/kangyangWHU/MetaFinger/.
  224. https://github.com/ylimit/ModelDiff.
  225. https://github.com/guanjiyang/SAC.
  226. https://github.com/cleverhans-lab/Zest-Model-Distance.
  227. https://github.com/yfchen1994/Teacher-Fingerprinting.
  228. https://github.com/cleverhans-lab/dataset-inference.
  229. https://github.com/cleverhans-lab/DatasetInferenceForSelfSupervisedModels.
  230. J. Cohen, E. Rosenfeld, and Z. Kolter, “Certified adversarial robustness via randomized smoothing,” in Proceedings of the International Conference on Machine Learning (ICML).   PMLR, 2019, pp. 1310–1320.
  231. Y. Zhang, P. Tiňo, A. Leonardis, and K. Tang, “A survey on neural network interpretability,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 5, no. 5, pp. 726–742, 2021.
  232. OpenAI, “Gpt-4 technical report,” 2023.
  233. A. Ramesh, P. Dhariwal, A. Nichol, C. Chu, and M. Chen, “Hierarchical text-conditional image generation with clip latents,” arXiv preprint arXiv:2204.06125, 2022.
Citations (4)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now