{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,7]],"date-time":"2025-10-07T08:38:49Z","timestamp":1759826329703,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Federal Ministry of Education and Research of Germany","award":["16KIS1919"],"award-info":[{"award-number":["16KIS1919"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3657026","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"141-157","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Cloud-Based Machine Learning Models as Covert Communication Channels"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0810-6646","authenticated-orcid":false,"given":"Torsten","family":"Krau\u00df","sequence":"first","affiliation":[{"name":"University of W\u00fcrzburg, W\u00fcrzburg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0329-5849","authenticated-orcid":false,"given":"Jasper","family":"Stang","sequence":"additional","affiliation":[{"name":"University of W\u00fcrzburg, W\u00fcrzburg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5637-7016","authenticated-orcid":false,"given":"Alexandra","family":"Dmitrienko","sequence":"additional","affiliation":[{"name":"University of W\u00fcrzburg, W\u00fcrzburg, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Turning Your Weakness into a Strength: Watermarking Deep Neural Networks by Backdooring. USENIX Security","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. 2018. Turning Your Weakness into a Strength: Watermarking Deep Neural Networks by Backdooring. USENIX Security (2018)."},{"key":"e_1_3_2_1_2_1","volume-title":"Towards a real-time prediction of waiting times in emergency departments: A comparative analysis of machine learning techniques. IJF","author":"Benevento Elisabetta","year":"2023","unstructured":"Elisabetta Benevento, Davide Aloini, and Nunzia Squicciarini. 2023. Towards a real-time prediction of waiting times in emergency departments: A comparative analysis of machine learning techniques. IJF (2023)."},{"key":"e_1_3_2_1_3_1","volume-title":"A Systematic Review on Model Watermarking for Neural Networks. Frontiers in Big Data","author":"Boenisch Franziska","year":"2021","unstructured":"Franziska Boenisch. 2021. A Systematic Review on Model Watermarking for Neural Networks. Frontiers in Big Data (2021)."},{"key":"e_1_3_2_1_4_1","volume-title":"FL-Talk: Covert Communication in Federated Learning via Spectral Steganography. NeurIPS","author":"Chen Huili","year":"2022","unstructured":"Huili Chen and Farinaz Koushanfar. 2022. FL-Talk: Covert Communication in Federated Learning via Spectral Steganography. NeurIPS (2022)."},{"key":"e_1_3_2_1_5_1","volume-title":"Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv preprint arXiv:1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv preprint arXiv:1712.05526 (2017)."},{"key":"e_1_3_2_1_6_1","volume-title":"An Analysis of Single-Layer Networks in Unsupervised Feature Learning. AISTATS","author":"Coates Adam","year":"2011","unstructured":"Adam Coates, Andrew Ng, and Honglak Lee. 2011. An Analysis of Single-Layer Networks in Unsupervised Feature Learning. AISTATS (2011)."},{"key":"e_1_3_2_1_7_1","volume-title":"Turning Federated Learning Systems Into Covert Channels","author":"Costa Gabriele","year":"2022","unstructured":"Gabriele Costa, Fabio Pinelli, Simone Soderi, and Gabriele Tolomei. 2022. Turning Federated Learning Systems Into Covert Channels. IEEE Access (2022)."},{"key":"e_1_3_2_1_8_1","volume-title":"A comprehensive survey on automatic speech recognition using neural networks. Multimedia Tools and Applications","author":"Dhanjal Amandeep Singh","year":"2023","unstructured":"Amandeep Singh Dhanjal and Williamjeet Singh. 2023. A comprehensive survey on automatic speech recognition using neural networks. Multimedia Tools and Applications (2023)."},{"key":"e_1_3_2_1_9_1","unstructured":"Federal Bureau of Investigation. 2023. Ghost Stories - Russian Foreign Intelligence Service (SVR) Illegals. https:\/\/vault.fbi.gov\/ghost-stories-russian-foreign-intelligence-service-illegals"},{"key":"e_1_3_2_1_10_1","volume-title":"Beam Search Strategies for Neural Machine Translation. arXiv preprint arXiv:1702.01806","author":"Freitag Markus","year":"2017","unstructured":"Markus Freitag and Yaser Al-Onaizan. 2017. Beam Search Strategies for Neural Machine Translation. arXiv preprint arXiv:1702.01806 (2017)."},{"key":"e_1_3_2_1_11_1","volume-title":"A Survey of Covert Channels in BitTorrent Network. IJISET","author":"Gao Bin","year":"2016","unstructured":"Bin Gao and Jiangtao Zhai. 2016. A Survey of Covert Channels in BitTorrent Network. IJISET (2016)."},{"key":"e_1_3_2_1_12_1","volume-title":"Code Extension in ASCII. Commun. ACM","author":"Gorn S.","year":"1966","unstructured":"S. Gorn. 1966. Code Extension in ASCII. Commun. ACM (1966)."},{"key":"e_1_3_2_1_13_1","volume-title":"BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_14_1","volume-title":"Watermarking Deep Neural Networks for Embedded Systems. ICCAD","author":"Guo Jia","year":"2018","unstructured":"Jia Guo and Miodrag Potkonjak. 2018. Watermarking Deep Neural Networks for Embedded Systems. ICCAD (2018)."},{"key":"e_1_3_2_1_15_1","volume-title":"Image Steganography Techniques: An Overview. IJCSS","author":"Hamid Nagham","year":"2012","unstructured":"Nagham Hamid, Abid Yahya, R Badlishah Ahmad, and Osamah M Al-Qershi. 2012. Image Steganography Techniques: An Overview. IJCSS (2012)."},{"key":"e_1_3_2_1_16_1","volume-title":"Error Detecting and Error Correcting Codes. The Bell system technical journal","author":"Hamming Richard W","year":"1950","unstructured":"Richard W Hamming. 1950. Error Detecting and Error Correcting Codes. The Bell system technical journal (1950)."},{"key":"e_1_3_2_1_17_1","volume-title":"Deep Residual Learning for Image Recognition. CVPR","author":"He Kaiming","year":"2016","unstructured":"Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep Residual Learning for Image Recognition. CVPR (2016)."},{"key":"e_1_3_2_1_18_1","volume-title":"Mancini","author":"Hitaj Dorjan","year":"2023","unstructured":"Dorjan Hitaj, Giulio Pagnotta, Briland Hitaj, Fernando Perez-Cruz, and Luigi V. Mancini. 2023. FedComm: Federated Learning as a Medium for Covert Communication. arXiv preprint arXiv:2201.08786 [cs.CR]. (2023)."},{"key":"e_1_3_2_1_19_1","volume-title":"FedComm: Federated Learning as a Medium for Covert Communication","author":"Hitaj Dorjan","year":"2023","unstructured":"Dorjan Hitaj, Giulio Pagnotta, Briland Hitaj, Fernando Perez-Cruz, and Luigi V Mancini. 2023. FedComm: Federated Learning as a Medium for Covert Communication. IEEE TDSC (2023)."},{"key":"e_1_3_2_1_20_1","volume-title":"SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <0.5MB model size. arXiv preprint arXiv:1602.07360","author":"Iandola Forrest N.","year":"2016","unstructured":"Forrest N. Iandola, Song Han, Matthew W. Moskewicz, Khalid Ashraf, William J. Dally, and Kurt Keutzer. 2016. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <0.5MB model size. arXiv preprint arXiv:1602.07360 (2016)."},{"key":"e_1_3_2_1_21_1","unstructured":"INTERNATIONAL TELECOMMUNICATION UNION. 1993. International Telegraph Alphabet No. 2. https:\/\/www.itu.int\/rec\/T-REC-S.1-199303-I."},{"key":"e_1_3_2_1_22_1","volume-title":"Entangled Watermarks as a Defense against Model Extraction. USENIX Security","author":"Jia Hengrui","year":"2021","unstructured":"Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, and Nicolas Papernot. 2021. Entangled Watermarks as a Defense against Model Extraction. USENIX Security (2021)."},{"key":"e_1_3_2_1_23_1","volume-title":"Covert Communication over Federated Learning Channel. IMCOM","author":"Kim Sang Wu","year":"2023","unstructured":"Sang Wu Kim. 2023. Covert Communication over Federated Learning Channel. IMCOM (2023)."},{"key":"e_1_3_2_1_24_1","volume-title":"HMAC: Keyed-Hashing for Message Authentication. RFC 2104","author":"Krawczyk Hugo","year":"1997","unstructured":"Hugo Krawczyk. 1997. HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (1997). https:\/\/tools.ietf.org\/html\/rfc2104 Internet Engineering Task Force (IETF) Request for Comments (RFC)."},{"key":"e_1_3_2_1_25_1","unstructured":"Alex Krizhevsky Geoffrey Hinton et al. 2009. Learning Multiple Layers of Features from Tiny Images. Citeseer (2009)."},{"key":"e_1_3_2_1_26_1","volume-title":"ImageNet Classification with Deep Convolutional Neural Networks. NeurIPS","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. ImageNet Classification with Deep Convolutional Neural Networks. NeurIPS (2012)."},{"key":"e_1_3_2_1_27_1","volume-title":"Backdoor Learning: A Survey","author":"Li Yiming","year":"2022","unstructured":"Yiming Li, Yong Jiang, Zhifeng Li, and Shu-Tao Xia. 2022. Backdoor Learning: A Survey. IEEE Transactions on Neural Networks and Learning Systems (2022)."},{"key":"e_1_3_2_1_28_1","volume-title":"A survey of Deep Neural Network watermarking techniques. Neurocomputing","author":"Li Yue","year":"2021","unstructured":"Yue Li, Hongxia Wang, and Mauro Barni. 2021. A survey of Deep Neural Network watermarking techniques. Neurocomputing (2021)."},{"key":"e_1_3_2_1_29_1","volume-title":"How to Prove Your Model Belongs to You: A Blind-Watermark Based Framework to Protect Intellectual Property of DNN. ACSAC","author":"Li Zheng","year":"2019","unstructured":"Zheng Li, Chengyu Hu, Yang Zhang, and Shanqing Guo. 2019. How to Prove Your Model Belongs to You: A Blind-Watermark Based Framework to Protect Intellectual Property of DNN. ACSAC (2019)."},{"key":"e_1_3_2_1_30_1","volume-title":"Deep Learning for Generic Object Detection: A Survey. IJCV","author":"Liu Li","year":"2020","unstructured":"Li Liu, Wanli Ouyang, Xiaogang Wang, Paul Fieguth, Jie Chen, Xinwang Liu, and Matti Pietik\u00e4inen. 2020. Deep Learning for Generic Object Detection: A Survey. IJCV (2020)."},{"key":"e_1_3_2_1_31_1","volume-title":"Untargeted Backdoor Attack Against Object Detection. ICASSP","author":"Luo Chengxiao","year":"2023","unstructured":"Chengxiao Luo, Yiming Li, Yong Jiang, and Shu-Tao Xia. 2023. Untargeted Backdoor Attack Against Object Detection. ICASSP (2023)."},{"key":"e_1_3_2_1_32_1","volume-title":"Communication-Efficient Learning of Deep Networks from Decentralized Data. AISTATS","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Ag\u00fcera y Arcas. 2017. Communication-Efficient Learning of Deep Networks from Decentralized Data. AISTATS (2017)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Dinh C. Nguyen Quoc-Viet Pham Pubudu N. Pathirana Ming Ding Aruna Seneviratne Zihuai Lin Octavia Dobre and Won-Joo Hwang. 2022. Federated Learning for Smart Healthcare: A Survey. ACM Comput. Surv. (2022).","DOI":"10.1145\/3501296"},{"key":"e_1_3_2_1_34_1","volume-title":"Fitzek","author":"P\u00e9ter Vingelmann NVIDIA","year":"2020","unstructured":"NVIDIA, P\u00e9ter Vingelmann, and Frank H.P. Fitzek. 2020. CUDA, release: 10.2.89. https:\/\/developer.nvidia.com\/cuda-toolkit"},{"key":"e_1_3_2_1_35_1","unstructured":"Adam Paszke Sam Gross Francisco Massa Adam Lerer James Bradbury Gregory Chanan Trevor Killeen Zeming Lin Natalia Gimelshein Luca Antiga et al. 2019. PyTorch: An Imperative Style High-Performance Deep Learning Library. NeurIPS (2019)."},{"key":"e_1_3_2_1_36_1","volume":"200","author":"Rubinstein Benjamin IP","unstructured":"Benjamin IP Rubinstein, Blaine Nelson, Ling Huang, Anthony D Joseph, Shinghon Lau, Satish Rao, Nina Taft, and J Doug Tygar. 2009. ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors. IMC (2009).","journal-title":"J Doug Tygar."},{"key":"e_1_3_2_1_37_1","volume-title":"A Mathematical Theory of Communication. The Bell System Technical Journal","author":"Shannon Claude Elwood","year":"1948","unstructured":"Claude Elwood Shannon. 1948. A Mathematical Theory of Communication. The Bell System Technical Journal (1948)."},{"key":"e_1_3_2_1_38_1","volume-title":"A Survey of Key Technologies for Constructing Network Covert Channel. Security and Communication Networks","author":"Tian Jing","year":"2020","unstructured":"Jing Tian, Gang Xiong, Zhen Li, and Gaopeng Gou. 2020. A Survey of Key Technologies for Constructing Network Covert Channel. Security and Communication Networks (2020)."},{"key":"e_1_3_2_1_39_1","volume-title":"Label-Consistent Backdoor Attacks. arXiv preprint arXiv:1912.02771","author":"Turner Alexander","year":"2019","unstructured":"Alexander Turner, Dimitris Tsipras, and Aleksander Madry. 2019. Label-Consistent Backdoor Attacks. arXiv preprint arXiv:1912.02771 (2019)."},{"key":"e_1_3_2_1_40_1","volume-title":"Machine Learning Against Terrorism: How Big Data Collection and Analysis Infuences the Privacy-Security Dilemma. Science and Engineering Ethics","author":"Verhelst Hugo M","year":"2020","unstructured":"Hugo M Verhelst, AW Stannat, and Giulio Mecacci. 2020. Machine Learning Against Terrorism: How Big Data Collection and Analysis Infuences the Privacy-Security Dilemma. Science and Engineering Ethics (2020)."},{"key":"e_1_3_2_1_41_1","volume-title":"Dispersed Pixel Perturbation-Based Imperceptible Backdoor Trigger for Image Classifier Models","author":"Wang Yulong","year":"2022","unstructured":"Yulong Wang, Minghui Zhao, Shenghong Li, Xin Yuan, and Wei Ni. 2022. Dispersed Pixel Perturbation-Based Imperceptible Backdoor Trigger for Image Classifier Models. IEEE TIFS (2022)."},{"key":"e_1_3_2_1_42_1","volume-title":"Lee","author":"Wang Zhenghong","year":"2006","unstructured":"Zhenghong Wang and Ruby B. Lee. 2006. Covert and Side Channels Due to Processor Architecture. ACSAC (2006)."},{"key":"e_1_3_2_1_43_1","unstructured":"Chuck Young. 2022. How artificial intelligence is transforming national security. https:\/\/www.gao.gov\/blog\/how-artificial-intelligence-transforming-national-security."},{"key":"e_1_3_2_1_44_1","volume-title":"Model Watermarking for Image Processing Networks. AAAI","author":"Zhang Jie","year":"2020","unstructured":"Jie Zhang, Dongdong Chen, Jing Liao, Han Fang, Weiming Zhang, Wenbo Zhou, Hao Cui, and Nenghai Yu. 2020. Model Watermarking for Image Processing Networks. AAAI (2020)."},{"key":"e_1_3_2_1_45_1","volume-title":"Protecting Intellectual Property of Deep Neural Networks with Watermarking. ASIACCS","author":"Zhang Jialong","year":"2018","unstructured":"Jialong Zhang, Zhongshu Gu, Jiyong Jang, Hui Wu, Marc Ph. Stoecklin, Heqing Huang, and Ian Molloy. 2018. Protecting Intellectual Property of Deep Neural Networks with Watermarking. ASIACCS (2018)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Shengnan Zhang Yan Hu and Guangrong Bian. 2017. Research on String Similarity Algorithm based on Levenshtein Distance. (2017).","DOI":"10.1109\/IAEAC.2017.8054419"}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Singapore Singapore","acronym":"ASIA CCS '24"},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3657026","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:07Z","timestamp":1750290247000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3657026"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":46,"alternative-id":["10.1145\/3634737.3657026","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3657026","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}