{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T18:52:05Z","timestamp":1769280725862,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":62,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Trustworthy Federated Data Analytics","award":["ZT-I-OO1 4"],"award-info":[{"award-number":["ZT-I-OO1 4"]}]},{"name":"The Major Scientific and Technological Innovation Project of Shandong Province","award":["2019JZZY010133"],"award-info":[{"award-number":["2019JZZY010133"]}]},{"name":"The Major Program of Guangdong Basic and Applied Research","award":["2019B030302008"],"award-info":[{"award-number":["2019B030302008"]}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2018YFA0704701, 2020YFA0309705"],"award-info":[{"award-number":["2018YFA0704701, 2020YFA0309705"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3559355","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"579-593","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["SSLGuard"],"prefix":"10.1145","author":[{"given":"Tianshuo","family":"Cong","sequence":"first","affiliation":[{"name":"Institute for Advanced Study, BNRist, Tsinghua University, Beijing, China"}]},{"given":"Xinlei","family":"He","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Yang","family":"Zhang","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"https:\/\/openai.com\/api\/.  https:\/\/openai.com\/api\/."},{"key":"e_1_3_2_2_2_1","unstructured":"https:\/\/www.clarifai.com\/.  https:\/\/www.clarifai.com\/."},{"key":"e_1_3_2_2_3_1","unstructured":"https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html.  https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html."},{"key":"e_1_3_2_2_4_1","unstructured":"http:\/\/yann.lecun.com\/exdb\/mnist\/.  http:\/\/yann.lecun.com\/exdb\/mnist\/."},{"key":"e_1_3_2_2_5_1","first-page":"1615","volume-title":"USENIX Security Symposium (USENIX Security)","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi , Carsten Baum , Moustapha Cisse , Benny Pinkas , and Joseph Keshet . Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring . In USENIX Security Symposium (USENIX Security) , pages 1615 -- 1631 . USENIX, 2018 . Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. In USENIX Security Symposium (USENIX Security), pages 1615--1631. USENIX, 2018."},{"key":"e_1_3_2_2_6_1","volume-title":"Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS","author":"Brown Tom B.","year":"2020","unstructured":"Tom B. Brown , Benjamin Mann , Nick Ryder , Melanie Subbiah , Jared Kaplan , Prafulla Dhariwal , Arvind Neelakantan , Pranav Shyam , Girish Sastry , Amanda Askell , Sandhini Agarwal , Ariel Herbert-Voss , Gretchen Krueger , Tom Henighan , Rewon Child , Aditya Ramesh , Daniel M. Ziegler , Jeffrey Wu , Clemens Winter , Christopher Hesse , Mark Chen , Eric Sigler , Mateusz Litwin , Scott Gray , Benjamin Chess , Jack Clark , Christopher Berner , Sam McCandlish , Alec Radford , Ilya Sutskever , and Dario Amodei . Language Models are Few-Shot Learners . In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS , 2020 . Tom B. Brown, Benjamin Mann, Nick Ryder, Melanie Subbiah, Jared Kaplan, Prafulla Dhariwal, Arvind Neelakantan, Pranav Shyam, Girish Sastry, Amanda Askell, Sandhini Agarwal, Ariel Herbert-Voss, Gretchen Krueger, Tom Henighan, Rewon Child, Aditya Ramesh, Daniel M. Ziegler, Jeffrey Wu, Clemens Winter, Christopher Hesse, Mark Chen, Eric Sigler, Mateusz Litwin, Scott Gray, Benjamin Chess, Jack Clark, Christopher Berner, Sam McCandlish, Alec Radford, Ilya Sutskever, and Dario Amodei. Language Models are Few-Shot Learners. In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS, 2020."},{"key":"e_1_3_2_2_7_1","volume-title":"Journal of Machine Learning Research","author":"Cai T. Tony","year":"2013","unstructured":"T. Tony Cai , Jianqing Fan , and Tiefeng Jiang . Distributions of Angles in Random Packing on Spheres . Journal of Machine Learning Research , 2013 . T. Tony Cai, Jianqing Fan, and Tiefeng Jiang. Distributions of Angles in Random Packing on Spheres. Journal of Machine Learning Research, 2013."},{"key":"e_1_3_2_2_8_1","first-page":"14","volume-title":"ACM Asia Conference on Computer and Communications Security (ASIACCS)","author":"Cao Xiaoyu","year":"2021","unstructured":"Xiaoyu Cao , Jinyuan Jia , and Neil Zhenqiang Gong . IPGuard : Protecting Intel- lectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary . In ACM Asia Conference on Computer and Communications Security (ASIACCS) , pages 14 -- 25 . ACM, 2021 . Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. IPGuard: Protecting Intel- lectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary. In ACM Asia Conference on Computer and Communications Security (ASIACCS), pages 14--25. ACM, 2021."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140444"},{"key":"e_1_3_2_2_10_1","volume-title":"Model Extraction and Active Learning. CoRR abs\/1811.02054","author":"Chandrasekaran Varun","year":"2018","unstructured":"Varun Chandrasekaran , Kamalika Chaudhuri , Irene Giacomelli , Somesh Jha , and Songbai Yan . Model Extraction and Active Learning. CoRR abs\/1811.02054 , 2018 . Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli, Somesh Jha, and Songbai Yan. Model Extraction and Active Learning. CoRR abs\/1811.02054, 2018."},{"key":"e_1_3_2_2_11_1","first-page":"1309","volume-title":"Songbai Yan. Exploring Connections Between Active Learning and Model Extraction. In USENIX Security Symposium (USENIX Security)","author":"Chandrasekaran Varun","year":"2020","unstructured":"Varun Chandrasekaran , Kamalika Chaudhuri , Irene Giacomelli , Somesh Jha , and Songbai Yan. Exploring Connections Between Active Learning and Model Extraction. In USENIX Security Symposium (USENIX Security) , pages 1309 -- 1326 . USENIX, 2020 . Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli, Somesh Jha, and Songbai Yan. Exploring Connections Between Active Learning and Model Extraction. In USENIX Security Symposium (USENIX Security), pages 1309--1326. USENIX, 2020."},{"key":"e_1_3_2_2_12_1","volume-title":"Testing Framework for Copyright Protection of Deep Learning Models. In IEEE Symposium on Security and Privacy (S&P). IEEE","author":"Chen Jialuo","year":"2022","unstructured":"Jialuo Chen , Jingyi Wang , Tinglan Peng , Youcheng Sun , Peng Cheng , Shouling Ji , Xingjun Ma , Bo Li , and Dawn Song . Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models. In IEEE Symposium on Security and Privacy (S&P). IEEE , 2022 . Jialuo Chen, Jingyi Wang, Tinglan Peng, Youcheng Sun, Peng Cheng, Shouling Ji, Xingjun Ma, Bo Li, and Dawn Song. Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models. In IEEE Symposium on Security and Privacy (S&P). IEEE, 2022."},{"key":"e_1_3_2_2_13_1","volume-title":"PMLR","author":"Chen Ting","year":"2020","unstructured":"Ting Chen , Simon Kornblith , Mohammad Norouzi , and Geoffrey E. Hinton . A Simple Framework for Contrastive Learning of Visual Representations. In In- ternational Conference on Machine Learning (ICML), pages 1597--1607 . PMLR , 2020 . Ting Chen, Simon Kornblith, Mohammad Norouzi, and Geoffrey E. Hinton. A Simple Framework for Contrastive Learning of Visual Representations. In In- ternational Conference on Machine Learning (ICML), pages 1597--1607. PMLR, 2020."},{"key":"e_1_3_2_2_14_1","first-page":"554","volume-title":"Yang Zhang. BadNL: Backdoor Attacks Against NLP Models with Semantic-preserving Improvements. In Annual Computer Security Applications Conference (ACSAC)","author":"Chen Xiaoyi","year":"2021","unstructured":"Xiaoyi Chen , Ahmed Salem , Michael Backes , Shiqing Ma , Qingni Shen , Zhonghai Wu , and Yang Zhang. BadNL: Backdoor Attacks Against NLP Models with Semantic-preserving Improvements. In Annual Computer Security Applications Conference (ACSAC) , pages 554 -- 569 . ACSAC, 2021 . Xiaoyi Chen, Ahmed Salem, Michael Backes, Shiqing Ma, Qingni Shen, Zhonghai Wu, and Yang Zhang. BadNL: Backdoor Attacks Against NLP Models with Semantic-preserving Improvements. In Annual Computer Security Applications Conference (ACSAC), pages 554--569. ACSAC, 2021."},{"key":"e_1_3_2_2_15_1","volume-title":"Improved Baselines with Momentum Contrastive Learning. CoRR abs\/2003.04297","author":"Chen Xinlei","year":"2020","unstructured":"Xinlei Chen , Haoqi Fan , Ross B. Girshick , and Kaiming He . Improved Baselines with Momentum Contrastive Learning. CoRR abs\/2003.04297 , 2020 . Xinlei Chen, Haoqi Fan, Ross B. Girshick, and Kaiming He. Improved Baselines with Momentum Contrastive Learning. CoRR abs\/2003.04297, 2020."},{"key":"e_1_3_2_2_16_1","first-page":"215","volume-title":"Honglak Lee. An Analysis of Single-Layer Networks in Unsupervised Feature Learning. In International Conference on Artificial Intelligence and Statistics (AISTATS)","author":"Coates Adam","year":"2011","unstructured":"Adam Coates , Andrew Y. Ng , and Honglak Lee. An Analysis of Single-Layer Networks in Unsupervised Feature Learning. In International Conference on Artificial Intelligence and Statistics (AISTATS) , pages 215 -- 223 . JMLR, 2011 . Adam Coates, Andrew Y. Ng, and Honglak Lee. An Analysis of Single-Layer Networks in Unsupervised Feature Learning. In International Conference on Artificial Intelligence and Statistics (AISTATS), pages 215--223. JMLR, 2011."},{"key":"e_1_3_2_2_17_1","volume-title":"Adversarial Model Extraction on Graph Neural Networks. CoRR abs\/1912.07721","author":"DeFazio David","year":"2019","unstructured":"David DeFazio and Arti Ramesh . Adversarial Model Extraction on Graph Neural Networks. CoRR abs\/1912.07721 , 2019 . David DeFazio and Arti Ramesh. Adversarial Model Extraction on Graph Neural Networks. CoRR abs\/1912.07721, 2019."},{"key":"e_1_3_2_2_18_1","first-page":"826","volume-title":"Cong Wang. Anti-Distillation Backdoor Attacks: Backdoors Can Really Survive in Knowledge Distillation. In ACM International Conference on Multimedia (MM)","author":"Ge Yunjie","year":"2021","unstructured":"Yunjie Ge , Qian Wang , Baolin Zheng , Xinlu Zhuang , Qi Li , Chao Shen , and Cong Wang. Anti-Distillation Backdoor Attacks: Backdoors Can Really Survive in Knowledge Distillation. In ACM International Conference on Multimedia (MM) , pages 826 -- 834 . ACM, 2021 . Yunjie Ge, Qian Wang, Baolin Zheng, Xinlu Zhuang, Qi Li, Chao Shen, and Cong Wang. Anti-Distillation Backdoor Attacks: Backdoors Can Really Survive in Knowledge Distillation. In ACM International Conference on Multimedia (MM), pages 826--834. ACM, 2021."},{"key":"e_1_3_2_2_19_1","first-page":"879","volume-title":"Bader. DeCLUTR: Deep Contrastive Learning for Unsupervised Textual Representations. In Annual Meeting of the Association for Computational Linguistics (ACL)","author":"Giorgi John M.","year":"2021","unstructured":"John M. Giorgi , Osvald Nitski , Bo Wang , and Gary D . Bader. DeCLUTR: Deep Contrastive Learning for Unsupervised Textual Representations. In Annual Meeting of the Association for Computational Linguistics (ACL) , pages 879 -- 895 . ACL, 2021 . John M. Giorgi, Osvald Nitski, Bo Wang, and Gary D. Bader. DeCLUTR: Deep Contrastive Learning for Unsupervised Textual Representations. In Annual Meeting of the Association for Computational Linguistics (ACL), pages 879--895. ACL, 2021."},{"key":"e_1_3_2_2_20_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Goodfellow Ian","year":"2015","unstructured":"Ian Goodfellow , Jonathon Shlens , and Christian Szegedy . Explaining and Harness- ing Adversarial Examples . In International Conference on Learning Representations (ICLR) , 2015 . Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and Harness- ing Adversarial Examples. In International Conference on Learning Representations (ICLR), 2015."},{"key":"e_1_3_2_2_21_1","volume-title":"Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS","author":"Grill Jean-Bastien","year":"2020","unstructured":"Jean-Bastien Grill , Florian Strub , Florent Altch\u00e9 , Corentin Tallec , Pierre H. Richemond , Elena Buchatskaya , Carl Doersch , Bernardo \u00c1vila Pires , Zhaohan Guo , Mohammad Gheshlaghi Azar , Bilal Piot , Koray Kavukcuoglu , R\u00e9mi Munos , and Michal Valko . Bootstrap Your Own Latent - A New Approach to Self- Supervised Learning . In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS , 2020 . Jean-Bastien Grill, Florian Strub, Florent Altch\u00e9, Corentin Tallec, Pierre H. Richemond, Elena Buchatskaya, Carl Doersch, Bernardo \u00c1vila Pires, Zhaohan Guo, Mohammad Gheshlaghi Azar, Bilal Piot, Koray Kavukcuoglu, R\u00e9mi Munos, and Michal Valko. Bootstrap Your Own Latent - A New Approach to Self- Supervised Learning. In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS, 2020."},{"key":"e_1_3_2_2_22_1","first-page":"9726","volume-title":"Girshick. Momentum Contrast for Unsupervised Visual Representation Learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"He Kaiming","year":"2020","unstructured":"Kaiming He , Haoqi Fan , Yuxin Wu , Saining Xie , and Ross B . Girshick. Momentum Contrast for Unsupervised Visual Representation Learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) , pages 9726 -- 9735 . IEEE, 2020 . Kaiming He, Haoqi Fan, Yuxin Wu, Saining Xie, and Ross B. Girshick. Momentum Contrast for Unsupervised Visual Representation Learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 9726--9735. IEEE, 2020."},{"key":"e_1_3_2_2_23_1","volume-title":"Membership- Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. CoRR abs\/2208.10445","author":"He Xinlei","year":"2022","unstructured":"Xinlei He , Zheng Li , Weilin Xu , Cory Cornelius , and Yang Zhang . Membership- Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. CoRR abs\/2208.10445 , 2022 . Xinlei He, Zheng Li, Weilin Xu, Cory Cornelius, and Yang Zhang. Membership- Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. CoRR abs\/2208.10445, 2022."},{"key":"e_1_3_2_2_24_1","volume-title":"Yang Zhang. Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning. In European Conference on Computer Vision (ECCV). Springer","author":"He Xinlei","year":"2022","unstructured":"Xinlei He , Hongbin Liu , Neil Zhenqiang Gong , and Yang Zhang. Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning. In European Conference on Computer Vision (ECCV). Springer , 2022 . Xinlei He, Hongbin Liu, Neil Zhenqiang Gong, and Yang Zhang. Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning. In European Conference on Computer Vision (ECCV). Springer, 2022."},{"key":"e_1_3_2_2_25_1","volume-title":"Node- Level Membership Inference Attacks Against Graph Neural Networks. CoRR abs\/2102.05429","author":"He Xinlei","year":"2021","unstructured":"Xinlei He , Rui Wen , Yixin Wu , Michael Backes , Yun Shen , and Yang Zhang . Node- Level Membership Inference Attacks Against Graph Neural Networks. CoRR abs\/2102.05429 , 2021 . Xinlei He, Rui Wen, Yixin Wu, Michael Backes, Yun Shen, and Yang Zhang. Node- Level Membership Inference Attacks Against Graph Neural Networks. CoRR abs\/2102.05429, 2021."},{"key":"e_1_3_2_2_26_1","first-page":"845","volume-title":"He and Yang Zhang. Quantifying and Mitigating Privacy Risks of Contrastive Learning. In ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Xinlei","year":"2021","unstructured":"Xinlei He and Yang Zhang. Quantifying and Mitigating Privacy Risks of Contrastive Learning. In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 845 -- 863 . ACM, 2021 . Xinlei He and Yang Zhang. Quantifying and Mitigating Privacy Risks of Contrastive Learning. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 845--863. ACM, 2021."},{"key":"e_1_3_2_2_27_1","first-page":"1345","volume-title":"Nicolas Papernot. High Accuracy and High Fidelity Extraction of Neural Networks. In USENIX Security Symposium (USENIX Security)","author":"Jagielski Matthew","year":"2020","unstructured":"Matthew Jagielski , Nicholas Carlini , David Berthelot , Alex Kurakin , and Nicolas Papernot. High Accuracy and High Fidelity Extraction of Neural Networks. In USENIX Security Symposium (USENIX Security) , pages 1345 -- 1362 . USENIX, 2020 . Matthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, and Nicolas Papernot. High Accuracy and High Fidelity Extraction of Neural Networks. In USENIX Security Symposium (USENIX Security), pages 1345--1362. USENIX, 2020."},{"key":"e_1_3_2_2_28_1","first-page":"1937","volume-title":"USENIX Security Symposium (USENIX Security)","author":"Jia Hengrui","year":"2021","unstructured":"Hengrui Jia , Christopher A. Choquette-Choo , Varun Chandrasekaran , and Nicolas Papernot . Entangled Watermarks as a Defense against Model Extraction . In USENIX Security Symposium (USENIX Security) , pages 1937 -- 1954 . USENIX, 2021 . Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, and Nicolas Papernot. Entangled Watermarks as a Defense against Model Extraction. In USENIX Security Symposium (USENIX Security), pages 1937--1954. USENIX, 2021."},{"key":"e_1_3_2_2_29_1","volume-title":"10 Security and Privacy Problems in Self-Supervised Learning. CoRR abs\/2110.15444","author":"Jia Jinyuan","year":"2021","unstructured":"Jinyuan Jia , Hongbin Liu , and Neil Zhenqiang Gong . 10 Security and Privacy Problems in Self-Supervised Learning. CoRR abs\/2110.15444 , 2021 . Jinyuan Jia, Hongbin Liu, and Neil Zhenqiang Gong. 10 Security and Privacy Problems in Self-Supervised Learning. CoRR abs\/2110.15444, 2021."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833644"},{"key":"e_1_3_2_2_31_1","volume-title":"Kingma and Jimmy Ba. Adam: A Method for Stochastic Optimization. In International Conference on Learning Representations (ICLR)","author":"Diederik","year":"2015","unstructured":"Diederik P. Kingma and Jimmy Ba. Adam: A Method for Stochastic Optimization. In International Conference on Learning Representations (ICLR) , 2015 . Diederik P. Kingma and Jimmy Ba. Adam: A Method for Stochastic Optimization. In International Conference on Learning Representations (ICLR), 2015."},{"key":"e_1_3_2_2_32_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Krishna Kalpesh","year":"2020","unstructured":"Kalpesh Krishna , Gaurav Singh Tomar , Ankur P. Parikh , Nicolas Papernot , and Mohit Iyyer . Thieves on Sesame Street! Model Extraction of BERT-based APIs . In International Conference on Learning Representations (ICLR) , 2020 . Kalpesh Krishna, Gaurav Singh Tomar, Ankur P. Parikh, Nicolas Papernot, and Mohit Iyyer. Thieves on Sesame Street! Model Extraction of BERT-based APIs. In International Conference on Learning Representations (ICLR), 2020."},{"key":"e_1_3_2_2_33_1","volume-title":"Adversarial Examples in the Physical World. CoRR abs\/1607.02533","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . Adversarial Examples in the Physical World. CoRR abs\/1607.02533 , 2016 . Alexey Kurakin, Ian Goodfellow, and Samy Bengio. Adversarial Examples in the Physical World. CoRR abs\/1607.02533, 2016."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359801"},{"key":"e_1_3_2_2_35_1","volume-title":"Auditing Membership Leakages of Multi-Exit Networks. CoRR abs\/2208.11180","author":"Li Zheng","year":"2022","unstructured":"Zheng Li , Yiyong Liu , Xinlei He , Ning Yu , Michael Backes , and Yang Zhang . Auditing Membership Leakages of Multi-Exit Networks. CoRR abs\/2208.11180 , 2022 . Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes, and Yang Zhang. Auditing Membership Leakages of Multi-Exit Networks. CoRR abs\/2208.11180, 2022."},{"key":"e_1_3_2_2_36_1","first-page":"880","volume-title":"Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Zheng","year":"2021","unstructured":"Zheng Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 880 -- 895 . ACM, 2021 . Zheng Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 880--895. ACM, 2021."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484749"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"e_1_3_2_2_39_1","volume-title":"Delving into Transferable Adversarial Examples and Black-box Attacks. CoRR abs\/1611.02770","author":"Liu Yanpei","year":"2016","unstructured":"Yanpei Liu , Xinyun Chen , Chang Liu , and Dawn Song . Delving into Transferable Adversarial Examples and Black-box Attacks. CoRR abs\/1611.02770 , 2016 . Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. Delving into Transferable Adversarial Examples and Black-box Attacks. CoRR abs\/1611.02770, 2016."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833693"},{"key":"e_1_3_2_2_41_1","volume-title":"Adversarial Frontier Stitching for Remote Neural Network Watermarking. CoRR abs\/1711.01894","author":"Merrer Erwan Le","year":"2017","unstructured":"Erwan Le Merrer , Patrick Perez , and Gilles Tr\u00e9dan . Adversarial Frontier Stitching for Remote Neural Network Watermarking. CoRR abs\/1711.01894 , 2017 . Erwan Le Merrer, Patrick Perez, and Gilles Tr\u00e9dan. Adversarial Frontier Stitching for Remote Neural Network Watermarking. CoRR abs\/1711.01894, 2017."},{"key":"e_1_3_2_2_42_1","first-page":"4954","volume-title":"Mario Fritz. Knockoff Nets: Stealing Functionality of Black-Box Models. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Orekondy Tribhuvanesh","year":"2019","unstructured":"Tribhuvanesh Orekondy , Bernt Schiele , and Mario Fritz. Knockoff Nets: Stealing Functionality of Black-Box Models. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) , pages 4954 -- 4963 . IEEE, 2019 . Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz. Knockoff Nets: Stealing Functionality of Black-Box Models. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 4954--4963. IEEE, 2019."},{"key":"e_1_3_2_2_43_1","first-page":"506","volume-title":"Ananthram Swami. Practical Black-Box Attacks Against Machine Learning. In ACM Asia Conference on Computer and Communications Security (ASIACCS)","author":"Papernot Nicolas","year":"2017","unstructured":"Nicolas Papernot , Patrick D. McDaniel , Ian Goodfellow , Somesh Jha , Z. Berkay Celik , and Ananthram Swami. Practical Black-Box Attacks Against Machine Learning. In ACM Asia Conference on Computer and Communications Security (ASIACCS) , pages 506 -- 519 . ACM, 2017 . Nicolas Papernot, Patrick D. McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. Practical Black-Box Attacks Against Machine Learning. In ACM Asia Conference on Computer and Communications Security (ASIACCS), pages 506--519. ACM, 2017."},{"key":"e_1_3_2_2_44_1","first-page":"8748","volume-title":"Ilya Sutskever. Learning Transferable Visual Models From Natural Language Supervision. In International Conference on Machine Learning (ICML)","author":"Radford Alec","year":"2021","unstructured":"Alec Radford , Jong Wook Kim , Chris Hallacy , Aditya Ramesh , Gabriel Goh , Sandhini Agarwal , Girish Sastry , Amanda Askell , Pamela Mishkin , Jack Clark , Gretchen Krueger , and Ilya Sutskever. Learning Transferable Visual Models From Natural Language Supervision. In International Conference on Machine Learning (ICML) , pages 8748 -- 8763 . PMLR, 2021 . Alec Radford, Jong Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agarwal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, Gretchen Krueger, and Ilya Sutskever. Learning Transferable Visual Models From Natural Language Supervision. In International Conference on Machine Learning (ICML), pages 8748--8763. PMLR, 2021."},{"key":"e_1_3_2_2_45_1","volume-title":"DeepSigns: A Generic Watermarking Framework for IP Protection of Deep Learning Models. CoRR abs\/1804.00750","author":"Rouhani Bita Darvish","year":"2018","unstructured":"Bita Darvish Rouhani , Huili Chen , and Farinaz Koushanfar . DeepSigns: A Generic Watermarking Framework for IP Protection of Deep Learning Models. CoRR abs\/1804.00750 , 2018 . Bita Darvish Rouhani, Huili Chen, and Farinaz Koushanfar. DeepSigns: A Generic Watermarking Framework for IP Protection of Deep Learning Models. CoRR abs\/1804.00750, 2018."},{"key":"e_1_3_2_2_46_1","volume-title":"ImageNet Large Scale Visual Recognition Challenge. CoRR abs\/1409.0575","author":"Russakovsky Olga","year":"2015","unstructured":"Olga Russakovsky , Jia Deng , Hao Su , Jonathan Krause , Sanjeev Satheesh , Sean Ma , Zhiheng Huang , Andrej Karpathy , Aditya Khosla , Michael Bernstein , Alexander C. Berg , and Li Fei-Fei . ImageNet Large Scale Visual Recognition Challenge. CoRR abs\/1409.0575 , 2015 . Olga Russakovsky, Jia Deng, Hao Su, Jonathan Krause, Sanjeev Satheesh, Sean Ma, Zhiheng Huang, Andrej Karpathy, Aditya Khosla, Michael Bernstein, Alexander C. Berg, and Li Fei-Fei. ImageNet Large Scale Visual Recognition Challenge. CoRR abs\/1409.0575, 2015."},{"key":"e_1_3_2_2_47_1","first-page":"11957","volume-title":"Hamed Pirsiavash. Hidden Trigger Backdoor Attacks. In AAAI Conference on Artificial Intelligence (AAAI)","author":"Saha Aniruddha","year":"2020","unstructured":"Aniruddha Saha , Akshayvarun Subramanya , and Hamed Pirsiavash. Hidden Trigger Backdoor Attacks. In AAAI Conference on Artificial Intelligence (AAAI) , pages 11957 -- 11965 . AAAI, 2020 . Aniruddha Saha, Akshayvarun Subramanya, and Hamed Pirsiavash. Hidden Trigger Backdoor Attacks. In AAAI Conference on Artificial Intelligence (AAAI), pages 11957--11965. AAAI, 2020."},{"key":"e_1_3_2_2_48_1","volume-title":"Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium (NDSS). Internet Society","author":"Salem Ahmed","year":"2019","unstructured":"Ahmed Salem , Yang Zhang , Mathias Humbert , Pascal Berrang , Mario Fritz , and Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium (NDSS). Internet Society , 2019 . Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed System Security Symposium (NDSS). Internet Society, 2019."},{"key":"e_1_3_2_2_49_1","volume-title":"Yang Zhang. Model Stealing Attacks Against Inductive Graph Neural Networks. In IEEE Symposium on Security and Privacy (S&P). IEEE","author":"Shen Yun","year":"2022","unstructured":"Yun Shen , Xinlei He , Yufei Han , and Yang Zhang. Model Stealing Attacks Against Inductive Graph Neural Networks. In IEEE Symposium on Security and Privacy (S&P). IEEE , 2022 . Yun Shen, Xinlei He, Yufei Han, and Yang Zhang. Model Stealing Attacks Against Inductive Graph Neural Networks. In IEEE Symposium on Security and Privacy (S&P). IEEE, 2022."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_51_1","volume-title":"Song and Prateek Mittal. Systematic Evaluation of Privacy Risks of Machine Learning Models. In USENIX Security Symposium (USENIX Security). USENIX","author":"Liwei","year":"2021","unstructured":"Liwei Song and Prateek Mittal. Systematic Evaluation of Privacy Risks of Machine Learning Models. In USENIX Security Symposium (USENIX Security). USENIX , 2021 . Liwei Song and Prateek Mittal. Systematic Evaluation of Privacy Risks of Machine Learning Models. In USENIX Security Symposium (USENIX Security). USENIX, 2021."},{"key":"e_1_3_2_2_52_1","first-page":"1453","volume-title":"Christian Igel. The German Traffic Sign Recognition Benchmark: A Multi-class Classification Competition. In International Joint Conference on Neural Networks (IJCNN)","author":"Stallkamp Johannes","year":"2011","unstructured":"Johannes Stallkamp , Marc Schlipsing , Jan Salmen , and Christian Igel. The German Traffic Sign Recognition Benchmark: A Multi-class Classification Competition. In International Joint Conference on Neural Networks (IJCNN) , pages 1453 -- 1460 . IEEE, 2011 . Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. The German Traffic Sign Recognition Benchmark: A Multi-class Classification Competition. In International Joint Conference on Neural Networks (IJCNN), pages 1453--1460. IEEE, 2011."},{"key":"e_1_3_2_2_53_1","first-page":"601","volume-title":"USENIX Security Symposium (USENIX Security)","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r , Fan Zhang , Ari Juels , Michael K. Reiter , and Thomas Ristenpart . Stealing Machine Learning Models via Prediction APIs . In USENIX Security Symposium (USENIX Security) , pages 601 -- 618 . USENIX, 2016 . Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing Machine Learning Models via Prediction APIs. In USENIX Security Symposium (USENIX Security), pages 601--618. USENIX, 2016."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3078971.3078974"},{"key":"e_1_3_2_2_55_1","volume-title":"Journal of Machine Learning Research","author":"van der Maaten Laurens","year":"2008","unstructured":"Laurens van der Maaten and Geoffrey Hinton . Visualizing Data using t-SNE . Journal of Machine Learning Research , 2008 . Laurens van der Maaten and Geoffrey Hinton. Visualizing Data using t-SNE. Journal of Machine Learning Research, 2008."},{"key":"e_1_3_2_2_56_1","volume-title":"Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization. CoRR abs\/2010.12751","author":"Wu Bang","year":"2020","unstructured":"Bang Wu , Xiangwen Yang , Shirui Pan , and Xingliang Yuan . Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization. CoRR abs\/2010.12751 , 2020 . Bang Wu, Xiangwen Yang, Shirui Pan, and Xingliang Yuan. Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization. CoRR abs\/2010.12751, 2020."},{"key":"e_1_3_2_2_57_1","first-page":"3","volume-title":"Wu and Kaiming He. Group Normalization. In European Conference on Computer Vision (ECCV)","author":"Yuxin","year":"2018","unstructured":"Yuxin Wu and Kaiming He. Group Normalization. In European Conference on Computer Vision (ECCV) , pages 3 -- 19 . Springer , 2018 . Yuxin Wu and Kaiming He. Group Normalization. In European Conference on Computer Vision (ECCV), pages 3--19. Springer, 2018."},{"key":"e_1_3_2_2_58_1","volume-title":"Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. CoRR abs\/1708.07747","author":"Xiao Han","year":"2017","unstructured":"Han Xiao , Kashif Rasul , and Roland Vollgraf . Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. CoRR abs\/1708.07747 , 2017 . Han Xiao, Kashif Rasul, and Roland Vollgraf. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. CoRR abs\/1708.07747, 2017."},{"key":"e_1_3_2_2_59_1","first-page":"2041","volume-title":"Zhao. Latent Backdoor Attacks on Deep Neural Networks. In ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Yao Yuanshun","year":"2019","unstructured":"Yuanshun Yao , Huiying Li , Haitao Zheng , and Ben Y . Zhao. Latent Backdoor Attacks on Deep Neural Networks. In ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages 2041 -- 2055 . ACM, 2019 . Yuanshun Yao, Huiying Li, Haitao Zheng, and Ben Y. Zhao. Latent Backdoor Attacks on Deep Neural Networks. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 2041--2055. ACM, 2019."},{"key":"e_1_3_2_2_60_1","volume-title":"Yang Shen. Graph Contrastive Learning with Augmentations. In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS","author":"You Yuning","year":"2020","unstructured":"Yuning You , Tianlong Chen , Yongduo Sui , Ting Chen , Zhangyang Wang , and Yang Shen. Graph Contrastive Learning with Augmentations. In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS , 2020 . Yuning You, Tianlong Chen, Yongduo Sui, Ting Chen, Zhangyang Wang, and Yang Shen. Graph Contrastive Learning with Augmentations. In Annual Conference on Neural Information Processing Systems (NeurIPS). NeurIPS, 2020."},{"key":"e_1_3_2_2_61_1","first-page":"159","volume-title":"Ian Molloy. Protecting Intellectual Property of Deep Neural Networks with Watermarking. In ACM Asia Conference on Computer and Communications Security (ASIACCS)","author":"Zhang Jialong","year":"2018","unstructured":"Jialong Zhang , Zhongshu Gu , Jiyong Jang , Hui Wu , Marc Ph. Stoecklin , Heqing Huang , and Ian Molloy. Protecting Intellectual Property of Deep Neural Networks with Watermarking. In ACM Asia Conference on Computer and Communications Security (ASIACCS) , pages 159 -- 172 . ACM, 2018 . Jialong Zhang, Zhongshu Gu, Jiyong Jang, Hui Wu, Marc Ph. Stoecklin, Heqing Huang, and Ian Molloy. Protecting Intellectual Property of Deep Neural Networks with Watermarking. In ACM Asia Conference on Computer and Communications Security (ASIACCS), pages 159--172. ACM, 2018."},{"key":"e_1_3_2_2_62_1","volume-title":"Prune: Exploring the Efficacy of Pruning for Model Compression. In International Conference on Learning Representations (ICLR)","author":"Zhu Michael","year":"2018","unstructured":"Michael Zhu and Suyog Gupta . To Prune , or Not to Prune: Exploring the Efficacy of Pruning for Model Compression. In International Conference on Learning Representations (ICLR) , 2018 . Michael Zhu and Suyog Gupta. To Prune, or Not to Prune: Exploring the Efficacy of Pruning for Model Compression. In International Conference on Learning Representations (ICLR), 2018."}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559355","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3559355","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:50:56Z","timestamp":1750182656000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559355"}},"subtitle":["A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":62,"alternative-id":["10.1145\/3548606.3559355","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3559355","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}