{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T17:59:02Z","timestamp":1775325542192,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["1937786"],"award-info":[{"award-number":["1937786"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3437526","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"14-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":110,"title":["IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary"],"prefix":"10.1145","author":[{"given":"Xiaoyu","family":"Cao","sequence":"first","affiliation":[{"name":"Duke University, Durham, NC, USA"}]},{"given":"Jinyuan","family":"Jia","sequence":"additional","affiliation":[{"name":"Duke University, Durham, NC, USA"}]},{"given":"Neil Zhenqiang","family":"Gong","sequence":"additional","affiliation":[{"name":"Duke University, Durham, NC, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"USENIX Security Symposium.","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi , Carsten Baum , Moustapha Cisse , Benny Pinkas , and Joseph Keshet . 2018 . Turning your weakness into a strength: Watermarking deep neural networks by backdooring . In USENIX Security Symposium. Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. 2018. Turning your weakness into a strength: Watermarking deep neural networks by backdooring. In USENIX Security Symposium."},{"key":"e_1_3_2_1_2_1","volume-title":"The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern recognition","author":"Bradley Andrew P.","year":"1997","unstructured":"Andrew P. Bradley . 1997. The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern recognition , Vol. 30 , 7 ( 1997 ), 1145--1159. Andrew P. Bradley. 1997. The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern recognition, Vol. 30, 7 (1997), 1145--1159."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_4_1","volume-title":"Bita Darvish Rohani, and Farinaz Koushanfar","author":"Chen Huili","year":"2018","unstructured":"Huili Chen , Bita Darvish Rohani, and Farinaz Koushanfar . 2018 . Deepmarks : A digital fingerprinting framework for deep neural networks. arXiv preprint arXiv:1804.03648 (2018). Huili Chen, Bita Darvish Rohani, and Farinaz Koushanfar. 2018. Deepmarks: A digital fingerprinting framework for deep neural networks. arXiv preprint arXiv:1804.03648 (2018)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.195"},{"key":"e_1_3_2_1_6_1","unstructured":"Franccois Chollet et al. 2015. Keras. https:\/\/keras.io.  Franccois Chollet et al. 2015. Keras. https:\/\/keras.io."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Bita Darvish Rouhani Huili Chen and Farinaz Koushanfar. 2019. DeepSigns: An End-to-End Watermarking Framework for Ownership Protection of Deep Neural Networks. In Architectural Support for Programming Languages and Operating Systems.  Bita Darvish Rouhani Huili Chen and Farinaz Koushanfar. 2019. DeepSigns: An End-to-End Watermarking Framework for Ownership Protection of Deep Neural Networks. In Architectural Support for Programming Languages and Operating Systems.","DOI":"10.1145\/3297858.3304051"},{"key":"e_1_3_2_1_8_1","volume-title":"International Conference on Learning Representations.","author":"Goodfellow Ian J","year":"2015","unstructured":"Ian J Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and harnessing adversarial examples . In International Conference on Learning Representations. Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240862"},{"key":"e_1_3_2_1_10_1","unstructured":"Song Han Jeff Pool John Tran and William Dally. 2015. Learning both weights and connections for efficient neural network. In Advances in neural information processing systems. 1135--1143.  Song Han Jeff Pool John Tran and William Dally. 2015. Learning both weights and connections for efficient neural network. In Advances in neural information processing systems. 1135--1143."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.771066"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46493-0_38"},{"key":"e_1_3_2_1_14_1","volume-title":"Mobilenets: Efficient convolutional neural networks for mobile vision applications. arXiv preprint arXiv:1704.04861","author":"Howard Andrew G.","year":"2017","unstructured":"Andrew G. Howard , Menglong Zhu , Bo Chen , Dmitry Kalenichenko , Weijun Wang , Tobias Weyand , Marco Andreetto , and Hartwig Adam . 2017 . Mobilenets: Efficient convolutional neural networks for mobile vision applications. arXiv preprint arXiv:1704.04861 (2017). Andrew G. Howard, Menglong Zhu, Bo Chen, Dmitry Kalenichenko, Weijun Wang, Tobias Weyand, Marco Andreetto, and Hartwig Adam. 2017. Mobilenets: Efficient convolutional neural networks for mobile vision applications. arXiv preprint arXiv:1704.04861 (2017)."},{"key":"e_1_3_2_1_15_1","unstructured":"Xing Hu Ling Liang Lei Deng Shuangchen Li Xinfeng Xie Yu Ji Yufei Ding Chang Liu Timothy Sherwood and Yuan Xie. 2019. Neural Network Model Extraction Attacks in Edge Devices by Hearing Architectural Hints. In arxiv.  Xing Hu Ling Liang Lei Deng Shuangchen Li Xinfeng Xie Yu Ji Yufei Ding Chang Liu Timothy Sherwood and Yuan Xie. 2019. Neural Network Model Extraction Attacks in Edge Devices by Hearing Architectural Hints. In arxiv."},{"key":"e_1_3_2_1_16_1","volume-title":"ACM\/ESDA\/IEEE Design Automation Conference (DAC).","author":"Hua Weizhe","unstructured":"Weizhe Hua , Zhiru Zhang , and G. Edward Suh . 2018. Reverse engineering convolutional neural networks through side-channel information leaks . In ACM\/ESDA\/IEEE Design Automation Conference (DAC). Weizhe Hua, Zhiru Zhang, and G. Edward Suh. 2018. Reverse engineering convolutional neural networks through side-channel information leaks. In ACM\/ESDA\/IEEE Design Automation Conference (DAC)."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition. 4700--4708","author":"Huang Gao","unstructured":"Gao Huang , Zhuang Liu , Laurens Van Der Maaten , and Kilian Q. Weinberger . 2017. Densely connected convolutional networks . In Proceedings of the IEEE conference on computer vision and pattern recognition. 4700--4708 . Gao Huang, Zhuang Liu, Laurens Van Der Maaten, and Kilian Q. Weinberger. 2017. Densely connected convolutional networks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 4700--4708."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Mika Juuti Sebastian Szyller Alexey Dmitrenko Samuel Marchal and N. Asokan. 2018. PRADA: protecting against DNN model stealing attacks. arXiv preprint arXiv:1805.02628 (2018).  Mika Juuti Sebastian Szyller Alexey Dmitrenko Samuel Marchal and N. Asokan. 2018. PRADA: protecting against DNN model stealing attacks. arXiv preprint arXiv:1805.02628 (2018).","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"e_1_3_2_1_19_1","volume-title":"Kingma and Jimmy Ba","author":"Diederik","year":"2014","unstructured":"Diederik P. Kingma and Jimmy Ba . 2014 . Adam : A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014). Diederik P. Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)."},{"key":"e_1_3_2_1_21_1","volume-title":"International Conference on Learning Representations.","author":"Kurakin Alexey","year":"2017","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2017 . Adversarial examples in the physical world . In International Conference on Learning Representations. Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2017. Adversarial examples in the physical world. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_23_1","volume-title":"Pruning filters for efficient convnets. arXiv preprint arXiv:1608.08710","author":"Li Hao","year":"2016","unstructured":"Hao Li , Asim Kadav , Igor Durdanovic , Hanan Samet , and Hans Peter Graf . 2016. Pruning filters for efficient convnets. arXiv preprint arXiv:1608.08710 ( 2016 ). Hao Li, Asim Kadav, Igor Durdanovic, Hanan Samet, and Hans Peter Graf. 2016. Pruning filters for efficient convnets. arXiv preprint arXiv:1608.08710 (2016)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359801"},{"key":"e_1_3_2_1_25_1","volume-title":"Adversarial frontier stitching for remote neural network watermarking. arXiv preprint arXiv:1711.01894","author":"Merrer Erwan Le","year":"2017","unstructured":"Erwan Le Merrer , Patrick Perez , and Gilles Tr\u00e9dan . 2017. Adversarial frontier stitching for remote neural network watermarking. arXiv preprint arXiv:1711.01894 ( 2017 ). Erwan Le Merrer, Patrick Perez, and Gilles Tr\u00e9dan. 2017. Adversarial frontier stitching for remote neural network watermarking. arXiv preprint arXiv:1711.01894 (2017)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13735-018-0147-1"},{"key":"e_1_3_2_1_27_1","volume-title":"International Conference on Learning Representations.","author":"Oh Seong Joon","year":"2018","unstructured":"Seong Joon Oh , Max Augustin , Bernt Schiele , and Mario Fritz . 2018 . Towards reverse-engineering black-box neural networks . In International Conference on Learning Representations. Seong Joon Oh, Max Augustin, Bernt Schiele, and Mario Fritz. 2018. Towards reverse-engineering black-box neural networks. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-015-0816-y"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00474"},{"key":"e_1_3_2_1_30_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman . 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 ( 2014 ). Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/3298023.3298188"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.308"},{"key":"e_1_3_2_1_33_1","volume-title":"International Conference on Learning Representations.","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2014 . Intriguing properties of neural networks . In International Conference on Learning Representations. Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_34_1","volume-title":"USENIX Security Symposium.","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r , Fan Zhang , Ari Juels , Michael K Reiter , and Thomas Ristenpart . 2016 . Stealing machine learning models via prediction apis . In USENIX Security Symposium. Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In USENIX Security Symposium."},{"key":"e_1_3_2_1_35_1","volume-title":"Stealing Hyperparameters in Machine Learning. In IEEE Symposium on Security and Privacy.","author":"Wang Binghui","year":"2018","unstructured":"Binghui Wang and Neil Zhenqiang Gong . 2018 . Stealing Hyperparameters in Machine Learning. In IEEE Symposium on Security and Privacy. Binghui Wang and Neil Zhenqiang Gong. 2018. Stealing Hyperparameters in Machine Learning. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.634"},{"key":"e_1_3_2_1_37_1","volume-title":"Cache telepathy: Leveraging shared resource attacks to learn DNN architectures. arXiv preprint arXiv:1808.04761","author":"Yan Mengjia","year":"2018","unstructured":"Mengjia Yan , Christopher Fletcher , and Josep Torrellas . 2018. Cache telepathy: Leveraging shared resource attacks to learn DNN architectures. arXiv preprint arXiv:1808.04761 ( 2018 ). Mengjia Yan, Christopher Fletcher, and Josep Torrellas. 2018. Cache telepathy: Leveraging shared resource attacks to learn DNN architectures. arXiv preprint arXiv:1808.04761 (2018)."},{"key":"e_1_3_2_1_38_1","volume-title":"Wide Residual Networks. In British Machine Vision Conference","author":"Zagoruyko Sergey","year":"2016","unstructured":"Sergey Zagoruyko and Nikos Komodakis . 2016 . Wide Residual Networks. In British Machine Vision Conference 2016. British Machine Vision Association. Sergey Zagoruyko and Nikos Komodakis. 2016. Wide Residual Networks. In British Machine Vision Conference 2016. British Machine Vision Association."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196550"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00907"}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3437526","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3437526","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3437526","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:11Z","timestamp":1750193291000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3437526"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":39,"alternative-id":["10.1145\/3433210.3437526","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3437526","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}