{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:08:38Z","timestamp":1778166518771,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":88,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["2242024k30059"],"award-info":[{"award-number":["2242024k30059"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Natural Science Foundation of Jiangsu Province of China","award":["BK20241272"],"award-info":[{"award-number":["BK20241272"]}]},{"name":"Start-Up Research Fund of Southeast University","award":["RF1028623129"],"award-info":[{"award-number":["RF1028623129"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,28]]},"DOI":"10.1145\/3664647.3681610","type":"proceedings-article","created":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T06:59:49Z","timestamp":1729925989000},"page":"10124-10133","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Reliable Model Watermarking: Defending against Theft without Compromising on Evasion"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-0570-8626","authenticated-orcid":false,"given":"Hongyu","family":"Zhu","sequence":"first","affiliation":[{"name":"Southeast University, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-6798-1118","authenticated-orcid":false,"given":"Sichu","family":"Liang","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9881-2207","authenticated-orcid":false,"given":"Wentao","family":"Hu","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7965-5170","authenticated-orcid":false,"given":"Li","family":"Fangqi","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6894-1331","authenticated-orcid":false,"given":"Ju","family":"Jia","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8214-6809","authenticated-orcid":false,"given":"Shi-Lin","family":"Wang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2024,10,28]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. 2018. Turning your weakness into a strength: Watermarking deep neural networks by backdooring. In 27th USENIX Security Symposium (USENIX Security 18). 1615--1631."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1609\/AAAI.V35I8.16824"},{"key":"e_1_3_2_1_3_1","volume-title":"International Conference on Machine Learning. PMLR, 1450--1465","author":"Bansal Arpit","year":"2022","unstructured":"Arpit Bansal, Ping-yeh Chiang, Michael J Curry, Rajiv Jain, Curtis Wigington, Varun Manjunatha, John P Dickerson, and Tom Goldstein. 2022. Certified neural network watermarks with randomized smoothing. In International Conference on Machine Learning. PMLR, 1450--1465."},{"key":"e_1_3_2_1_4_1","unstructured":"Tom Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared D Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell et al. 2020. Language models are few-shot learners. Advances in neural information processing systems Vol. 33 (2020) 1877--1901."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). Ieee 39--57.","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV51070.2023.00421"},{"key":"e_1_3_2_1_7_1","volume-title":"Advances in Neural Information Processing Systems","volume":"36","author":"Chen Zhaoyu","year":"2024","unstructured":"Zhaoyu Chen, Bo Li, Shuang Wu, Kaixun Jiang, Shouhong Ding, and Wenqiang Zhang. 2024. Content-based unrestricted adversarial attack. Advances in Neural Information Processing Systems, Vol. 36 (2024)."},{"key":"e_1_3_2_1_8_1","volume-title":"international conference on machine learning. PMLR, 1310--1320","author":"Cohen Jeremy","year":"2019","unstructured":"Jeremy Cohen, Elan Rosenfeld, and Zico Kolter. 2019. Certified adversarial robustness via randomized smoothing. In international conference on machine learning. PMLR, 1310--1320."},{"key":"e_1_3_2_1_9_1","volume-title":"International conference on machine learning. PMLR, 2206--2216","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein. 2020. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning. PMLR, 2206--2216."},{"key":"e_1_3_2_1_10_1","volume-title":"Advdiff: Generating unrestricted adversarial examples using diffusion models. arXiv preprint arXiv:2307.12499","author":"Dai Xuelong","year":"2023","unstructured":"Xuelong Dai, Kaisheng Liang, and Bin Xiao. 2023. Advdiff: Generating unrestricted adversarial examples using diffusion models. arXiv preprint arXiv:2307.12499 (2023)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304051"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_13_1","volume-title":"Diffusion models beat gans on image synthesis. Advances in neural information processing systems","author":"Dhariwal Prafulla","year":"2021","unstructured":"Prafulla Dhariwal and Alexander Nichol. 2021. Diffusion models beat gans on image synthesis. Advances in neural information processing systems, Vol. 34 (2021), 8780--8794."},{"key":"e_1_3_2_1_14_1","volume-title":"Toward Student-oriented Teacher Network Training for Knowledge Distillation. In The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=wsWGcw6qKD","author":"Dong Chengyu","year":"2024","unstructured":"Chengyu Dong, Liyuan Liu, and Jingbo Shang. 2024. Toward Student-oriented Teacher Network Training for Knowledge Distillation. In The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=wsWGcw6qKD"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.01544"},{"key":"e_1_3_2_1_16_1","volume-title":"Efficient and accurate estimation of lipschitz constants for deep neural networks. Advances in neural information processing systems","author":"Fazlyab Mahyar","year":"2019","unstructured":"Mahyar Fazlyab, Alexander Robey, Hamed Hassani, Manfred Morari, and George Pappas. 2019. Efficient and accurate estimation of lipschitz constants for deep neural networks. Advances in neural information processing systems, Vol. 32 (2019)."},{"key":"e_1_3_2_1_17_1","volume-title":"Sharpness-aware Minimization for Efficiently Improving Generalization. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=6Tm1mposlrM","author":"Foret Pierre","year":"2021","unstructured":"Pierre Foret, Ariel Kleiner, Hossein Mobahi, and Behnam Neyshabur. 2021. Sharpness-aware Minimization for Efficiently Improving Generalization. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=6Tm1mposlrM"},{"key":"e_1_3_2_1_18_1","volume-title":"International conference on machine learning. PMLR, 1607--1616","author":"Furlanello Tommaso","year":"2018","unstructured":"Tommaso Furlanello, Zachary Lipton, Michael Tschannen, Laurent Itti, and Anima Anandkumar. 2018. Born again neural networks. In International conference on machine learning. PMLR, 1607--1616."},{"key":"e_1_3_2_1_19_1","volume-title":"International Conference on Machine Learning. PMLR, 10800--10834","author":"Gao Irena","year":"2023","unstructured":"Irena Gao, Shiori Sagawa, Pang Wei Koh, Tatsunori Hashimoto, and Percy Liang. 2023. Out-of-domain robustness via targeted augmentations. In International Conference on Machine Learning. PMLR, 10800--10834."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1038\/s42256-020-00257-z"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2022.3162397"},{"key":"e_1_3_2_1_22_1","volume-title":"International conference on machine learning. PMLR, 1321--1330","author":"Guo Chuan","year":"2017","unstructured":"Chuan Guo, Geoff Pleiss, Yu Sun, and Kilian Q Weinberger. 2017. On calibration of modern neural networks. In International conference on machine learning. PMLR, 1321--1330."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2021\/500"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_25_1","volume-title":"TechScape: Will Meta's massive leak democratise AI-and at what cost. The Guardian. https:\/\/www. theguardian. com\/technology\/2023\/mar\/07\/techscape-meta-leak-llama-chatgpt-ai-crossroads","author":"Hern Alex","year":"2023","unstructured":"Alex Hern. 2023. TechScape: Will Meta's massive leak democratise AI-and at what cost. The Guardian. https:\/\/www. theguardian. com\/technology\/2023\/mar\/07\/techscape-meta-leak-llama-chatgpt-ai-crossroads (2023)."},{"key":"e_1_3_2_1_26_1","volume-title":"NIPS Deep Learning and Representation Learning Workshop. http:\/\/arxiv.org\/abs\/1503","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton, Oriol Vinyals, and Jeffrey Dean. 2015. Distilling the Knowledge in a Neural Network. In NIPS Deep Learning and Representation Learning Workshop. http:\/\/arxiv.org\/abs\/1503.02531"},{"key":"e_1_3_2_1_27_1","volume-title":"Denoising diffusion probabilistic models. Advances in neural information processing systems","author":"Ho Jonathan","year":"2020","unstructured":"Jonathan Ho, Ajay Jain, and Pieter Abbeel. 2020. Denoising diffusion probabilistic models. Advances in neural information processing systems, Vol. 33 (2020), 6840--6851."},{"key":"e_1_3_2_1_28_1","volume-title":"Get M for Free. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=BJYwwY9ll","author":"Huang Gao","unstructured":"Gao Huang, Yixuan Li, Geoff Pleiss, Zhuang Liu, John E. Hopcroft, and Kilian Q. Weinberger. 2017. Snapshot Ensembles: Train 1, Get M for Free. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=BJYwwY9ll"},{"key":"e_1_3_2_1_29_1","volume-title":"Adversarial examples are not bugs, they are features. Advances in neural information processing systems","author":"Ilyas Andrew","year":"2019","unstructured":"Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, and Aleksander Madry. 2019. Adversarial examples are not bugs, they are features. Advances in neural information processing systems, Vol. 32 (2019)."},{"key":"e_1_3_2_1_30_1","volume-title":"Advances in Neural Information Processing Systems","volume":"36","author":"Jha Rishi","year":"2024","unstructured":"Rishi Jha, Jonathan Hayase, and Sewoong Oh. 2024. Label poisoning is all you need. Advances in Neural Information Processing Systems, Vol. 36 (2024)."},{"key":"e_1_3_2_1_31_1","volume-title":"30th USENIX security symposium (USENIX Security 21). 1937--1954.","author":"Jia Hengrui","unstructured":"Hengrui Jia, Christopher A Choquette-Choo, Varun Chandrasekaran, and Nicolas Papernot. 2021. Entangled watermarks as a defense against model extraction. In 30th USENIX security symposium (USENIX Security 21). 1937--1954."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/277044.277240"},{"key":"e_1_3_2_1_33_1","volume-title":"International Conference on Machine Learning. PMLR, 16696--16711","author":"Kim Byungjoo","year":"2023","unstructured":"Byungjoo Kim, Suyoung Lee, Seanie Lee, Sooel Son, and Sung Ju Hwang. 2023. Margin-based neural network watermarking. In International Conference on Machine Learning. PMLR, 16696--16711."},{"key":"e_1_3_2_1_34_1","volume-title":"EvoSeed: Unveiling the Threat on Deep Neural Networks with Real-World Illusions. arXiv preprint arXiv:2402.04699","author":"Kotyan Shashank","year":"2024","unstructured":"Shashank Kotyan, PoYuan Mao, and Danilo Vasconcellos Vargas. 2024. EvoSeed: Unveiling the Threat on Deep Neural Networks with Real-World Illusions. arXiv preprint arXiv:2402.04699 (2024)."},{"key":"e_1_3_2_1_35_1","volume-title":"International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=Byl5NREFDr","author":"Krishna Kalpesh","year":"2020","unstructured":"Kalpesh Krishna, Gaurav Singh Tomar, Ankur P. Parikh, Nicolas Papernot, and Mohit Iyyer. 2020. Thieves on Sesame Street! Model Extraction of BERT-based APIs. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=Byl5NREFDr"},{"key":"e_1_3_2_1_36_1","unstructured":"Alex Krizhevsky Geoffrey Hinton et al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_1_37_1","volume-title":"Deep learning. nature","author":"LeCun Yann","year":"2015","unstructured":"Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. nature, Vol. 521, 7553 (2015), 436--444."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV51070.2023.00210"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i19.30128"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3259881"},{"key":"e_1_3_2_1_41_1","volume-title":"ICASSP 2023--2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","author":"Li Fang-Qi","unstructured":"Fang-Qi Li, Shi-Lin Wang, and Yun Zhu. 2023. Measure and Countermeasure of the Capsulation Attack Against Backdoor-Based Deep Neural Network Watermarks. In ICASSP 2023--2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 1--5."},{"key":"e_1_3_2_1_42_1","volume-title":"Kai Ming Ting, and Zhi-Hua Zhou","author":"Liu Fei Tony","year":"2008","unstructured":"Fei Tony Liu, Kai Ming Ting, and Zhi-Hua Zhou. 2008. Isolation forest. In 2008 eighth ieee international conference on data mining. IEEE, 413--422."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833693"},{"key":"e_1_3_2_1_45_1","volume-title":"International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=VqzVhqxkjH1","author":"Lukas Nils","year":"2021","unstructured":"Nils Lukas, Yuxuan Zhang, and Florian Kerschbaum. 2021. Deep Neural Network Fingerprinting by Conferrable Adversarial Examples. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=VqzVhqxkjH1"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00099"},{"key":"e_1_3_2_1_47_1","volume-title":"International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=rJzIBfZAb","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=rJzIBfZAb"},{"key":"e_1_3_2_1_48_1","first-page":"3351","article-title":"Self-distillation amplifies regularization in hilbert space","volume":"33","author":"Mobahi Hossein","year":"2020","unstructured":"Hossein Mobahi, Mehrdad Farajtabar, and Peter Bartlett. 2020. Self-distillation amplifies regularization in hilbert space. Advances in Neural Information Processing Systems, Vol. 33 (2020), 3351--3361.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.00081"},{"key":"e_1_3_2_1_50_1","first-page":"5961","article-title":"On student-teacher deviations in distillation: does it pay to disobey","volume":"36","author":"Nagarajan Vaishnavh","year":"2023","unstructured":"Vaishnavh Nagarajan, Aditya K Menon, Srinadh Bhojanapalli, Hossein Mobahi, and Sanjiv Kumar. 2023. On student-teacher deviations in distillation: does it pay to disobey? Advances in Neural Information Processing Systems, Vol. 36 (2023), 5961--6000.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3595292"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00509"},{"key":"e_1_3_2_1_53_1","volume-title":"The Eleventh International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=0_TxFpAsEI","author":"Paleka Daniel","year":"2023","unstructured":"Daniel Paleka and Amartya Sanyal. 2023. A law of adversarial risk, interpolation, and label noise. In The Eleventh International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=0_TxFpAsEI"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3580305.3599291"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00048"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_57_1","unstructured":"Dae Young Park Moon-Hyun Cha Daesin Kim Bohyung Han et al. 2021. Learning student-friendly teacher networks for knowledge distillation. Advances in neural information processing systems Vol. 34 (2021) 13292--13303."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.emnlp-main.85"},{"key":"e_1_3_2_1_59_1","volume-title":"International conference on machine learning. PMLR, 8748--8763","author":"Radford Alec","year":"2021","unstructured":"Alec Radford, Jong Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agarwal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, et al. 2021. Learning transferable visual models from natural language supervision. In International conference on machine learning. PMLR, 8748--8763."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833743"},{"key":"e_1_3_2_1_61_1","volume-title":"International Conference on Machine Learning. PMLR, 28976--29008","author":"Ren Jiaxiang","year":"2023","unstructured":"Jiaxiang Ren, Yang Zhou, Jiayin Jin, Lingjuan Lyu, and Da Yan. 2023. Dimension-independent certified neural network watermarks via mollifier smoothing. In International Conference on Machine Learning. PMLR, 28976--29008."},{"key":"e_1_3_2_1_62_1","volume-title":"Advances in Neural Information Processing Systems","volume":"36","author":"Ren Yi","year":"2024","unstructured":"Yi Ren, Samuel Lavoie, Michael Galkin, Danica J Sutherland, and Aaron C Courville. 2024. Improving compositional generalization using iterated learning and simplicial embeddings. Advances in Neural Information Processing Systems, Vol. 36 (2024)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.acl-long.111"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i04.6017"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3420026"},{"key":"e_1_3_2_1_66_1","volume-title":"Constructing Unrestricted Adversarial Examples with Generative Models. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018","author":"Song Yang","year":"2018","unstructured":"Yang Song, Rui Shu, Nate Kushman, and Stefano Ermon. 2018. Constructing Unrestricted Adversarial Examples with Generative Models. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018, NeurIPS 2018, December 3--8, 2018, Montr\u00e9al, Canada, Samy Bengio, Hanna M. Wallach, Hugo Larochelle, Kristen Grauman, Nicol\u00f2 Cesa-Bianchi, and Roman Garnett (Eds.). 8322--8333. https:\/\/proceedings.neurips.cc\/paper\/2018\/hash\/8cea559c47e4fbdb73b23e0223d04e79-Abstract.html"},{"key":"e_1_3_2_1_67_1","volume-title":"Constructing unrestricted adversarial examples with generative models. Advances in neural information processing systems","author":"Song Yang","year":"2018","unstructured":"Yang Song, Rui Shu, Nate Kushman, and Stefano Ermon. 2018. Constructing unrestricted adversarial examples with generative models. Advances in neural information processing systems, Vol. 31 (2018)."},{"key":"e_1_3_2_1_68_1","first-page":"6906","article-title":"Does knowledge distillation really work","volume":"34","author":"Stanton Samuel","year":"2021","unstructured":"Samuel Stanton, Pavel Izmailov, Polina Kirichenko, Alexander A Alemi, and Andrew G Wilson. 2021. Does knowledge distillation really work? Advances in Neural Information Processing Systems, Vol. 34 (2021), 6906--6919.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v37i12.26771"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3474085.3475591"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i8.20817"},{"key":"e_1_3_2_1_72_1","volume-title":"International conference on machine learning. PMLR, 10096--10106","author":"Tan Mingxing","year":"2021","unstructured":"Mingxing Tan and Quoc Le. 2021. Efficientnetv2: Smaller models and faster training. In International conference on machine learning. PMLR, 10096--10106."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.acl-industry.15"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01301"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00474"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3078971.3078974"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2021.3055564"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/3581783.3612331"},{"key":"e_1_3_2_1_80_1","first-page":"10546","article-title":"Backdoorbench: A comprehensive benchmark of backdoor learning","volume":"35","author":"Wu Baoyuan","year":"2022","unstructured":"Baoyuan Wu, Hongrui Chen, Mingda Zhang, Zihao Zhu, Shaokui Wei, Danni Yuan, and Chao Shen. 2022. Backdoorbench: A comprehensive benchmark of backdoor learning. Advances in Neural Information Processing Systems, Vol. 35 (2022), 10546--10559.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_81_1","volume-title":"Advances in Neural Information Processing Systems","volume":"36","author":"Xue Haotian","year":"2024","unstructured":"Haotian Xue, Alexandre Araujo, Bin Hu, and Yongxin Chen. 2024. Diffusion-based adversarial sample generation for improved stealthiness and controllability. Advances in Neural Information Processing Systems, Vol. 36 (2024)."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3575693.3575738"},{"key":"e_1_3_2_1_83_1","volume-title":"RemovalNet: DNN Fingerprint Removal Attacks","author":"Yao Hongwei","year":"2023","unstructured":"Hongwei Yao, Zheng Li, Kunzhe Huang, Jian Lou, Zhan Qin, and Kui Ren. 2023. RemovalNet: DNN Fingerprint Removal Attacks. IEEE Transactions on Dependable and Secure Computing (2023)."},{"key":"e_1_3_2_1_84_1","first-page":"102","article-title":"CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples","volume":"38","author":"Yu Honggang","year":"2020","unstructured":"Honggang Yu, Kaichen Yang, Teng Zhang, Yun-Yun Tsai, Tsung-Yi Ho, and Yier Jin. 2020. CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples.. In NDSS, Vol. 38. 102.","journal-title":"NDSS"},{"key":"e_1_3_2_1_85_1","volume-title":"The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=PCm1oT8pZI","author":"Yu Shuyang","year":"2024","unstructured":"Shuyang Yu, Junyuan Hong, Haobo Zhang, Haotao Wang, Zhangyang Wang, and Jiayu Zhou. 2024. Safe and Robust Watermark Injection with a Single OoD Image. In The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=PCm1oT8pZI"},{"key":"e_1_3_2_1_86_1","unstructured":"Xuyang Zhong Yixiao HUANG and Chen Liu. 2024. Sparse-PGD: An Effective and Efficient Attack for $l_0$ Bounded Adversarial Perturbation. https:\/\/openreview.net\/forum?id=BtmB8WrPSp"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i07.7000"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/3648351"}],"event":{"name":"MM '24: The 32nd ACM International Conference on Multimedia","location":"Melbourne VIC Australia","acronym":"MM '24","sponsor":["SIGMM ACM Special Interest Group on Multimedia"]},"container-title":["Proceedings of the 32nd ACM International Conference on Multimedia"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3681610","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664647.3681610","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:49Z","timestamp":1750295869000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3681610"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,28]]},"references-count":88,"alternative-id":["10.1145\/3664647.3681610","10.1145\/3664647"],"URL":"https:\/\/doi.org\/10.1145\/3664647.3681610","relation":{},"subject":[],"published":{"date-parts":[[2024,10,28]]},"assertion":[{"value":"2024-10-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}