{"id":"https://openalex.org/W3174961728","doi":"https://doi.org/10.1109/tdsc.2022.3196790","title":"Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks","display_name":"Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks","publication_year":2022,"publication_date":"2022-08-05","ids":{"openalex":"https://openalex.org/W3174961728","doi":"https://doi.org/10.1109/tdsc.2022.3196790","mag":"3174961728"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2022.3196790","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2022.3196790","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060870681","display_name":"Suyoung Lee","orcid":"https://orcid.org/0000-0001-8717-6890"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Suyoung Lee","raw_affiliation_strings":["School of Computing, KAIST, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"School of Computing, KAIST, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102933838","display_name":"Wonho Song","orcid":"https://orcid.org/0000-0002-3336-9256"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Wonho Song","raw_affiliation_strings":["School of Computing, KAIST, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"School of Computing, KAIST, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016425387","display_name":"Suman Jana","orcid":"https://orcid.org/0000-0002-9850-2169"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Suman Jana","raw_affiliation_strings":["Department of Computer Science, Columbia University, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Columbia University, New York, NY, USA","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061810530","display_name":"Meeyoung Cha","orcid":"https://orcid.org/0000-0003-4085-9648"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Meeyoung Cha","raw_affiliation_strings":["School of Computing, KAIST, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"School of Computing, KAIST, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082893706","display_name":"Sooel Son","orcid":"https://orcid.org/0000-0003-0904-2875"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sooel Son","raw_affiliation_strings":["School of Computing, KAIST, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"School of Computing, KAIST, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5060870681"],"corresponding_institution_ids":["https://openalex.org/I157485424"],"apc_list":null,"apc_paid":null,"fwci":2.2546,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.89314576,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"20","issue":"4","first_page":"3434","last_page":"3448"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9879000186920166,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9868999719619751,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/digital-watermarking","display_name":"Digital watermarking","score":0.9621978998184204},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.9173784255981445},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8027411699295044},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7738283276557922},{"id":"https://openalex.org/keywords/watermark","display_name":"Watermark","score":0.7672494053840637},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6984983682632446},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5311357378959656},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5129382610321045},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5002126693725586},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4924558103084564},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4416443109512329},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4052846133708954},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.37516552209854126},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.32806384563446045},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.10228604078292847}],"concepts":[{"id":"https://openalex.org/C150817343","wikidata":"https://www.wikidata.org/wiki/Q875932","display_name":"Digital watermarking","level":3,"score":0.9621978998184204},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.9173784255981445},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8027411699295044},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7738283276557922},{"id":"https://openalex.org/C164112704","wikidata":"https://www.wikidata.org/wiki/Q7974348","display_name":"Watermark","level":3,"score":0.7672494053840637},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6984983682632446},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5311357378959656},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5129382610321045},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5002126693725586},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4924558103084564},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4416443109512329},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4052846133708954},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37516552209854126},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32806384563446045},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.10228604078292847},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2022.3196790","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2022.3196790","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":84,"referenced_works":["https://openalex.org/W1899249567","https://openalex.org/W1901129140","https://openalex.org/W2051267297","https://openalex.org/W2065764259","https://openalex.org/W2106069707","https://openalex.org/W2112796928","https://openalex.org/W2117539524","https://openalex.org/W2123229215","https://openalex.org/W2133958774","https://openalex.org/W2170436791","https://openalex.org/W2194775991","https://openalex.org/W2269778407","https://openalex.org/W2340690086","https://openalex.org/W2344786740","https://openalex.org/W2543296129","https://openalex.org/W2566079294","https://openalex.org/W2579318729","https://openalex.org/W2593892853","https://openalex.org/W2603766943","https://openalex.org/W2618043096","https://openalex.org/W2624385633","https://openalex.org/W2748789698","https://openalex.org/W2749008552","https://openalex.org/W2750384547","https://openalex.org/W2768064608","https://openalex.org/W2768899812","https://openalex.org/W2774423163","https://openalex.org/W2806082141","https://openalex.org/W2890419535","https://openalex.org/W2899585792","https://openalex.org/W2913848079","https://openalex.org/W2934843808","https://openalex.org/W2935349488","https://openalex.org/W2952608669","https://openalex.org/W2963207607","https://openalex.org/W2963303354","https://openalex.org/W2963327228","https://openalex.org/W2963564844","https://openalex.org/W2963709863","https://openalex.org/W2963771448","https://openalex.org/W2963784236","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964121744","https://openalex.org/W2964128659","https://openalex.org/W2964153729","https://openalex.org/W2964318098","https://openalex.org/W2966689772","https://openalex.org/W2969695741","https://openalex.org/W2970272159","https://openalex.org/W2983140679","https://openalex.org/W2985954225","https://openalex.org/W2986013765","https://openalex.org/W2990980946","https://openalex.org/W2997717738","https://openalex.org/W3020403113","https://openalex.org/W3049082050","https://openalex.org/W3088733693","https://openalex.org/W3102111060","https://openalex.org/W3102733833","https://openalex.org/W3105926539","https://openalex.org/W3108175762","https://openalex.org/W3137695714","https://openalex.org/W3138597937","https://openalex.org/W3173775589","https://openalex.org/W3184974140","https://openalex.org/W4293846201","https://openalex.org/W4297779775","https://openalex.org/W6631190155","https://openalex.org/W6637162671","https://openalex.org/W6639736602","https://openalex.org/W6640425456","https://openalex.org/W6711870810","https://openalex.org/W6743688258","https://openalex.org/W6746286392","https://openalex.org/W6746897123","https://openalex.org/W6747838042","https://openalex.org/W6758975236","https://openalex.org/W6761377332","https://openalex.org/W6766821575","https://openalex.org/W6774150056","https://openalex.org/W6776865198","https://openalex.org/W6788876066","https://openalex.org/W6793164127"],"related_works":["https://openalex.org/W2137394636","https://openalex.org/W2358993821","https://openalex.org/W1516446231","https://openalex.org/W2098152888","https://openalex.org/W1559740347","https://openalex.org/W2040356834","https://openalex.org/W2385289568","https://openalex.org/W2381486749","https://openalex.org/W1514507288","https://openalex.org/W2183032046"],"abstract_inverted_index":{"Trigger":[0],"set-based":[1,30],"watermarking":[2,31,66,86,100,124,142,169],"schemes":[3,87,101,170],"have":[4],"gained":[5],"emerging":[6],"attention":[7],"as":[8],"they":[9],"provide":[10],"a":[11,79,127,183],"means":[12],"to":[13,147,159,181],"prove":[14],"ownership":[15,150],"for":[16],"deep":[17],"neural":[18],"network":[19],"model":[20],"owners.":[21],"In":[22],"this":[23,45],"paper,":[24],"we":[25],"argue":[26],"that":[27,44,54,96,116,132,176],"state-of-the-art":[28],"trigger":[29],"algorithms":[32],"do":[33],"not":[34],"achieve":[35],"their":[36,168],"designed":[37],"goal":[38],"of":[39,65,83,90,98,121,126,139,151,167,187],"proving":[40],"ownership.":[41],"We":[42,77,110,130,155],"posit":[43],"impaired":[46],"capability":[47],"stems":[48],"from":[49],"two":[50,107],"common":[51],"experimental":[52],"flaws":[53],"the":[55,63,91,118,122,133,140,149,165],"existing":[56,92],"research":[57],"practice":[58],"has":[59],"committed":[60],"when":[61,163],"evaluating":[62,164],"robustness":[64,103,166],"algorithms:":[67],"(1)":[68],"incomplete":[69],"adversarial":[70,81,174],"evaluation":[71,82,175],"and":[72,94],"(2)":[73],"overlooked":[74],"adaptive":[75,114,179],"attacks.":[76,109],"conduct":[78],"comprehensive":[80,173],"11":[84,141],"representative":[85],"against":[88,104],"six":[89],"attacks":[93,115,135,180],"demonstrate":[95,131,182],"each":[97],"these":[99],"lacks":[102],"at":[105],"least":[106],"non-adaptive":[108],"also":[111],"propose":[112],"novel":[113],"harness":[117],"adversary's":[119],"knowledge":[120],"underlying":[123],"algorithm":[125],"target":[128],"model.":[129,154],"proposed":[134],"effectively":[136],"break":[137],"all":[138],"schemes,":[143],"consequently":[144],"allowing":[145],"adversaries":[146],"obscure":[148],"any":[152],"watermarked":[153],"encourage":[156],"follow-up":[157],"studies":[158],"consider":[160],"our":[161,178],"guidelines":[162],"via":[171],"conducting":[172],"includes":[177],"meaningful":[184],"upper":[185],"bound":[186],"watermark":[188],"robustness.":[189]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}