{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:10:51Z","timestamp":1772039451236,"version":"3.50.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030913557","type":"print"},{"value":"9783030913564","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-91356-4_18","type":"book-chapter","created":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T06:01:25Z","timestamp":1637906485000},"page":"341-357","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Detect and Remove Watermark in Deep Neural Networks via Generative Adversarial Networks"],"prefix":"10.1007","author":[{"given":"Shichang","family":"Sun","sequence":"first","affiliation":[]},{"given":"Haoqi","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Mingfu","family":"Xue","sequence":"additional","affiliation":[]},{"given":"Yushu","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Jian","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Weiqiang","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,11,27]]},"reference":[{"key":"18_CR1","unstructured":"Adi, Y., Baum, C., Ciss\u00e9, M., Pinkas, B., Keshet, J.: Turning your weakness into a strength: watermarking deep neural networks by backdooring. In: 27th USENIX Security Symposium, pp. 1615\u20131631 (2018)"},{"key":"18_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2021.102277","volume":"106","author":"W Aiken","year":"2021","unstructured":"Aiken, W., Kim, H., Woo, S.S., Ryoo, J.: Neural network laundering: removing black-box backdoor watermarks from deep neural networks. Comput. Secur. 106, 1\u201314 (2021)","journal-title":"Comput. Secur."},{"issue":"3","key":"18_CR3","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1080\/00401706.1971.10488811","volume":"13","author":"DM Allen","year":"1971","unstructured":"Allen, D.M.: Mean square error prediction as a criterion for selecting regression variables. Technometrics 13(3), 469\u2013475 (1971)","journal-title":"Technometrics"},{"key":"18_CR4","doi-asserted-by":"crossref","unstructured":"Chen, H., Fu, C., Zhao, J., Koushanfar, F.: DeepInspect: a black-box trojan detection and mitigation framework for deep neural networks. In: Proceedings of the 28th International Joint Conference on Artificial Intelligence, pp. 4658\u20134664 (2019)","DOI":"10.24963\/ijcai.2019\/647"},{"key":"18_CR5","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted backdoor attacks on deep learning systems using data poisoning. arXiv:1712.05526 (2017)"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Chen, X., et al.: REFIT: a unified watermark removal framework for deep learning systems with limited data. In: ACM Asia Conference on Computer and Communications Security, pp. 321\u2013335 (2021)","DOI":"10.1145\/3433210.3453079"},{"issue":"6","key":"18_CR7","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1109\/MSP.2012.2211477","volume":"29","author":"L Deng","year":"2012","unstructured":"Deng, L.: The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Sig. Process. Mag. 29(6), 141\u2013142 (2012)","journal-title":"IEEE Sig. Process. Mag."},{"key":"18_CR8","unstructured":"Goodfellow, I.J., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672\u20132680 (2014)"},{"key":"18_CR9","unstructured":"Harrington, P.: Machine Learning in Action, 1st edn, Manning Publications, Shelter Island, April 2012"},{"key":"18_CR10","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"18_CR11","unstructured":"Krizhevsky, A.: Learning multiple layers of features from tiny images. Technical Report (2009)"},{"issue":"11","key":"18_CR12","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998)","journal-title":"Proc. IEEE"},{"key":"18_CR13","unstructured":"Liu, X., Li, F., Wen, B., Li, Q.: Removing backdoor-based watermarks in neural networks with limited data. In: 25th International Conference on Pattern Recognition, pp. 10149\u201310156 (2020)"},{"issue":"13","key":"18_CR14","doi-asserted-by":"publisher","first-page":"9233","DOI":"10.1007\/s00521-019-04434-z","volume":"32","author":"EL Merrer","year":"2020","unstructured":"Merrer, E.L., P\u00e9rez, P., Tr\u00e9dan, G.: Adversarial frontier stitching for remote neural network watermarking. Neural Comput. Appl. 32(13), 9233\u20139244 (2020)","journal-title":"Neural Comput. Appl."},{"key":"18_CR15","unstructured":"Mirza, M., Osindero, S.: Conditional generative adversarial nets. arXiv:1411.1784 (2014)"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Ribeiro, M., Grolinger, K., Capretz, M.A.M.: MLaaS: machine learning as a service. In: 14th IEEE International Conference on Machine Learning and Applications, pp. 896\u2013902 (2015)","DOI":"10.1109\/ICMLA.2015.152"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Shafieinejad, M., Lukas, N., Wang, J., Li, X., Kerschbaum, F.: On the robustness of backdoor-based watermarking in deep neural networks. In: Proceedings of the ACM Workshop on Information Hiding and Multimedia Security, pp. 177\u2013188 (2021)","DOI":"10.1145\/3437880.3460401"},{"key":"18_CR18","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. In: Proceedings of the 3rd International Conference on Learning Representations, pp. 1\u201314 (2015)"},{"key":"18_CR19","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium, pp. 601\u2013618 (2016)"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the ACM on International Conference on Multimedia Retrieval, pp. 269\u2013277 (2017)","DOI":"10.1145\/3078971.3078974"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Wang, B., et al.: Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: IEEE Symposium on Security and Privacy, pp. 707\u2013723 (2019)","DOI":"10.1109\/SP.2019.00031"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Wang, T., Kerschbaum, F.: Attacks on digital watermarks for deep neural networks. In: IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 2622\u20132626 (2019)","DOI":"10.1109\/ICASSP.2019.8682202"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Xiao, C., Li, B., Zhu, J., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence, pp. 3905\u20133911 (2018)","DOI":"10.24963\/ijcai.2018\/543"},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Xue, M., He, C., Wang, J., Liu, W.: One-to-N & N-to-one: Two advanced backdoor attacks against deep learning models. IEEE Transactions on Dependable and Secure Computing, pp. 1\u201317, early access (2020)","DOI":"10.1109\/TDSC.2020.3028448"},{"key":"18_CR25","doi-asserted-by":"crossref","unstructured":"Xue, M., Wang, J., Liu, W.: DNN intellectual property protection: taxonomy, attacks and evaluations (Invited paper). In: Great Lakes Symposium on VLSI, pp. 455\u2013460 (2021)","DOI":"10.1145\/3453688.3461752"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Xue, M., Wu, Z., He, C., Wang, J., Liu, W.: Active DNN IP protection: a novel user fingerprint management and DNN authorization control technique. In: 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 975\u2013982 (2020)","DOI":"10.1109\/TrustCom50675.2020.00130"},{"key":"18_CR27","doi-asserted-by":"publisher","first-page":"74720","DOI":"10.1109\/ACCESS.2020.2987435","volume":"8","author":"M Xue","year":"2020","unstructured":"Xue, M., Yuan, C., Wu, H., Zhang, Y., Liu, W.: Machine learning security: threats, countermeasures, and evaluations. IEEE Access 8, 74720\u201374742 (2020)","journal-title":"IEEE Access"},{"key":"18_CR28","unstructured":"Yang, Z., Dang, H., Chang, E.: Effectiveness of distillation attack and countermeasure on neural network watermarking. arXiv:1906.06046 (2019)"},{"key":"18_CR29","doi-asserted-by":"crossref","unstructured":"Zhang, J., et al.: Protecting intellectual property of deep neural networks with watermarking. In: Proceedings of the Asia Conference on Computer and Communications Security, pp. 159\u2013172 (2018)","DOI":"10.1145\/3196494.3196550"},{"key":"18_CR30","doi-asserted-by":"crossref","unstructured":"Zhu, L., Ning, R., Wang, C., Xin, C., Wu, H.: GangSweep: sweep out neural backdoors by GAN. In: The 28th ACM International Conference on Multimedia, pp. 3173\u20133181 (2020)","DOI":"10.1145\/3394171.3413546"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-91356-4_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T06:04:11Z","timestamp":1637906651000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-91356-4_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030913557","9783030913564"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-91356-4_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"27 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2021.petra.ac.id\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}