{"id":"https://openalex.org/W3202730227","doi":"https://doi.org/10.1109/ijcnn52387.2021.9534236","title":"Watermarking-based Defense against Adversarial Attacks on Deep Neural Networks","display_name":"Watermarking-based Defense against Adversarial Attacks on Deep Neural Networks","publication_year":2021,"publication_date":"2021-07-18","ids":{"openalex":"https://openalex.org/W3202730227","doi":"https://doi.org/10.1109/ijcnn52387.2021.9534236","mag":"3202730227"},"language":"en","primary_location":{"id":"doi:10.1109/ijcnn52387.2021.9534236","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn52387.2021.9534236","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://infoscience.epfl.ch/handle/20.500.14299/184519","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100621457","display_name":"Xiaoting Li","orcid":"https://orcid.org/0000-0002-1538-3644"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaoting Li","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017524689","display_name":"Lingwei Chen","orcid":"https://orcid.org/0000-0003-1550-6170"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lingwei Chen","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101565203","display_name":"Jinquan Zhang","orcid":"https://orcid.org/0000-0001-5193-0687"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinquan Zhang","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089781126","display_name":"James R. Larus","orcid":"https://orcid.org/0000-0002-5820-2524"},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"James Larus","raw_affiliation_strings":["EPFL, Switzerland"],"affiliations":[{"raw_affiliation_string":"EPFL, Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008435786","display_name":"Dinghao Wu","orcid":"https://orcid.org/0000-0002-0741-5511"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dinghao Wu","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100621457"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":0.5439,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.73015046,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9787999987602234,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9563000202178955,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.857784628868103},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8028510808944702},{"id":"https://openalex.org/keywords/digital-watermarking","display_name":"Digital watermarking","score":0.7334091067314148},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6749725341796875},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.666893482208252},{"id":"https://openalex.org/keywords/watermark","display_name":"Watermark","score":0.6050998568534851},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.5854701399803162},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5826911926269531},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5559155941009521},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5423051714897156},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5205798745155334},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.46046894788742065},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4573468863964081},{"id":"https://openalex.org/keywords/disadvantage","display_name":"Disadvantage","score":0.43029719591140747},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.39647042751312256},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.2516900897026062},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.09612664580345154}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.857784628868103},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8028510808944702},{"id":"https://openalex.org/C150817343","wikidata":"https://www.wikidata.org/wiki/Q875932","display_name":"Digital watermarking","level":3,"score":0.7334091067314148},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6749725341796875},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.666893482208252},{"id":"https://openalex.org/C164112704","wikidata":"https://www.wikidata.org/wiki/Q7974348","display_name":"Watermark","level":3,"score":0.6050998568534851},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.5854701399803162},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5826911926269531},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5559155941009521},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5423051714897156},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5205798745155334},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.46046894788742065},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4573468863964081},{"id":"https://openalex.org/C2777673361","wikidata":"https://www.wikidata.org/wiki/Q5281228","display_name":"Disadvantage","level":2,"score":0.43029719591140747},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.39647042751312256},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.2516900897026062},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.09612664580345154}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ijcnn52387.2021.9534236","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn52387.2021.9534236","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},{"id":"pmh:oai:infoscience.epfl.ch:291286","is_oa":true,"landing_page_url":"https://infoscience.epfl.ch/handle/20.500.14299/184519","pdf_url":null,"source":{"id":"https://openalex.org/S4306400487","display_name":"Infoscience (Ecole Polytechnique F\u00e9d\u00e9rale de Lausanne)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"WoS","raw_type":"conference proceedings"}],"best_oa_location":{"id":"pmh:oai:infoscience.epfl.ch:291286","is_oa":true,"landing_page_url":"https://infoscience.epfl.ch/handle/20.500.14299/184519","pdf_url":null,"source":{"id":"https://openalex.org/S4306400487","display_name":"Infoscience (Ecole Polytechnique F\u00e9d\u00e9rale de Lausanne)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"WoS","raw_type":"conference proceedings"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":59,"referenced_works":["https://openalex.org/W1542157244","https://openalex.org/W1551880514","https://openalex.org/W1945616565","https://openalex.org/W2018639540","https://openalex.org/W2051757928","https://openalex.org/W2069827024","https://openalex.org/W2108598243","https://openalex.org/W2112796928","https://openalex.org/W2116988482","https://openalex.org/W2139399084","https://openalex.org/W2158518777","https://openalex.org/W2163605009","https://openalex.org/W2243397390","https://openalex.org/W2408141691","https://openalex.org/W2460937040","https://openalex.org/W2489116008","https://openalex.org/W2503523779","https://openalex.org/W2607219512","https://openalex.org/W2610135452","https://openalex.org/W2734506812","https://openalex.org/W2750384547","https://openalex.org/W2759471388","https://openalex.org/W2765384636","https://openalex.org/W2787733970","https://openalex.org/W2794002979","https://openalex.org/W2798302089","https://openalex.org/W2810611310","https://openalex.org/W2963001136","https://openalex.org/W2963143631","https://openalex.org/W2963207607","https://openalex.org/W2963564844","https://openalex.org/W2963572611","https://openalex.org/W2963857521","https://openalex.org/W2963920068","https://openalex.org/W2964286909","https://openalex.org/W2964294232","https://openalex.org/W3034760359","https://openalex.org/W3118608800","https://openalex.org/W4300167250","https://openalex.org/W4300511536","https://openalex.org/W4300677102","https://openalex.org/W4300725094","https://openalex.org/W6640425456","https://openalex.org/W6684191040","https://openalex.org/W6714069269","https://openalex.org/W6719080892","https://openalex.org/W6725195833","https://openalex.org/W6736207377","https://openalex.org/W6736987314","https://openalex.org/W6740552771","https://openalex.org/W6743688258","https://openalex.org/W6744718598","https://openalex.org/W6745272055","https://openalex.org/W6748475379","https://openalex.org/W6748711285","https://openalex.org/W6750073798","https://openalex.org/W6752931940","https://openalex.org/W6755321455","https://openalex.org/W6787972765"],"related_works":["https://openalex.org/W2137394636","https://openalex.org/W2358993821","https://openalex.org/W1516446231","https://openalex.org/W2098152888","https://openalex.org/W1559740347","https://openalex.org/W2040356834","https://openalex.org/W2080353903","https://openalex.org/W2385289568","https://openalex.org/W2381486749","https://openalex.org/W1514507288"],"abstract_inverted_index":{"The":[0,130],"vulnerability":[1],"of":[2,36,51,71,82,145,177,185],"deep":[3,127],"neural":[4,128],"networks":[5],"to":[6,13,25,44,56,58,76,94,137,160],"adversarial":[7,62,99,167],"attacks":[8,191],"has":[9],"posed":[10],"significant":[11],"threats":[12],"real-world":[14],"applications,":[15],"especially":[16],"security-critical":[17],"ones.":[18],"Given":[19],"a":[20,88,92,106,112,121,182],"well-trained":[21],"model,":[22],"slight":[23],"modifications":[24],"the":[26,34,37,46,49,61,68,72,80,83,97,146,170,175,196],"input":[27],"samples":[28],"can":[29,74],"cause":[30],"drastic":[31],"changes":[32],"in":[33],"predictions":[35],"model.":[38,172],"Many":[39],"methods":[40],"have":[41,54],"been":[42],"proposed":[43],"mitigate":[45],"issue.":[47],"However,":[48],"majority":[50],"these":[52],"defenses":[53],"proven":[55],"fail":[57],"resist":[59],"all":[60],"attacks.":[63],"This":[64],"is":[65,133],"mainly":[66],"because":[67],"knowledge":[69,113,158],"advantage":[70],"attacker":[73,163],"help":[75],"either":[77],"easily":[78],"customize":[79],"information":[81],"target":[84],"model":[85,90,148],"or":[86],"create":[87],"surrogate":[89],"as":[91],"substitute":[93],"successfully":[95],"construct":[96],"corresponding":[98],"examples.":[100],"In":[101],"this":[102],"paper,":[103],"we":[104],"propose":[105],"new":[107],"defense":[108,147,180],"mechanism":[109],"that":[110],"creates":[111],"gap":[114],"between":[115],"attackers":[116],"and":[117,135,143,155,195],"defenders":[118],"by":[119],"imposing":[120],"designed":[122],"watermarking":[123,179,186],"system":[124],"into":[125],"standard":[126],"networks.":[129],"embedded":[131],"watermark":[132],"data-independent":[134],"non-reproducible":[136],"an":[138,162],"attacker,":[139],"which":[140],"improves":[141],"randomization":[142],"security":[144],"without":[149],"compromising":[150],"performance":[151,176],"on":[152,192],"clean":[153],"data,":[154],"thus":[156],"yields":[157],"disadvantage":[159],"prevent":[161],"from":[164],"crafting":[165],"effective":[166],"examples":[168],"targeting":[169],"defensive":[171],"We":[173],"evaluate":[174],"our":[178],"using":[181],"wide":[183],"range":[184],"algorithms":[187],"against":[188],"four":[189],"state-of-the-art":[190],"different":[193],"datasets,":[194],"experimental":[197],"results":[198],"validate":[199],"its":[200],"effectiveness.":[201]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}