{"id":"https://openalex.org/W3164111940","doi":"https://doi.org/10.1145/3433210.3437526","title":"IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary","display_name":"IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary","publication_year":2021,"publication_date":"2021-05-24","ids":{"openalex":"https://openalex.org/W3164111940","doi":"https://doi.org/10.1145/3433210.3437526","mag":"3164111940"},"language":"en","primary_location":{"id":"doi:10.1145/3433210.3437526","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3437526","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032504910","display_name":"Xiaoyu Cao","orcid":"https://orcid.org/0000-0002-9403-2059"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaoyu Cao","raw_affiliation_strings":["Duke University, Durham, NC, USA"],"affiliations":[{"raw_affiliation_string":"Duke University, Durham, NC, USA","institution_ids":["https://openalex.org/I170897317"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101997385","display_name":"Jinyuan Jia","orcid":"https://orcid.org/0000-0003-4452-1396"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinyuan Jia","raw_affiliation_strings":["Duke University, Durham, NC, USA"],"affiliations":[{"raw_affiliation_string":"Duke University, Durham, NC, USA","institution_ids":["https://openalex.org/I170897317"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009102659","display_name":"Neil Zhenqiang Gong","orcid":"https://orcid.org/0000-0002-9900-9309"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Neil Zhenqiang Gong","raw_affiliation_strings":["Duke University, Durham, NC, USA"],"affiliations":[{"raw_affiliation_string":"Duke University, Durham, NC, USA","institution_ids":["https://openalex.org/I170897317"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5032504910"],"corresponding_institution_ids":["https://openalex.org/I170897317"],"apc_list":null,"apc_paid":null,"fwci":12.4589,"has_fulltext":false,"cited_by_count":122,"citation_normalized_percentile":{"value":0.98924292,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"14","last_page":"25"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.984000027179718,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.8906569480895996},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.7127354145050049},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6597449779510498},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5493766665458679},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.540459394454956},{"id":"https://openalex.org/keywords/digital-watermarking","display_name":"Digital watermarking","score":0.5181483030319214},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.497621089220047},{"id":"https://openalex.org/keywords/intellectual-property","display_name":"Intellectual property","score":0.4448551535606384},{"id":"https://openalex.org/keywords/margin-classifier","display_name":"Margin classifier","score":0.440212607383728}],"concepts":[{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.8906569480895996},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7127354145050049},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6597449779510498},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5493766665458679},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.540459394454956},{"id":"https://openalex.org/C150817343","wikidata":"https://www.wikidata.org/wiki/Q875932","display_name":"Digital watermarking","level":3,"score":0.5181483030319214},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.497621089220047},{"id":"https://openalex.org/C34974158","wikidata":"https://www.wikidata.org/wiki/Q131257","display_name":"Intellectual property","level":2,"score":0.4448551535606384},{"id":"https://openalex.org/C173102733","wikidata":"https://www.wikidata.org/wiki/Q6760396","display_name":"Margin classifier","level":3,"score":0.440212607383728},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3433210.3437526","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3437526","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W2112796928","https://openalex.org/W2117539524","https://openalex.org/W2155653793","https://openalex.org/W2161647295","https://openalex.org/W2183341477","https://openalex.org/W2194775991","https://openalex.org/W2302255633","https://openalex.org/W2531409750","https://openalex.org/W2549139847","https://openalex.org/W2787075213","https://openalex.org/W2806082141","https://openalex.org/W2809523935","https://openalex.org/W2899585792","https://openalex.org/W2921058674","https://openalex.org/W2935349488","https://openalex.org/W2963163009","https://openalex.org/W2963674932","https://openalex.org/W2963857521","https://openalex.org/W2964081807","https://openalex.org/W2969695741","https://openalex.org/W2990980946","https://openalex.org/W3102111060","https://openalex.org/W3105676597","https://openalex.org/W4234552385","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W2297694731","https://openalex.org/W206493657","https://openalex.org/W2554106811","https://openalex.org/W1964081096","https://openalex.org/W1483596504","https://openalex.org/W1501134308","https://openalex.org/W204488290","https://openalex.org/W2009506202","https://openalex.org/W58702947","https://openalex.org/W2438464946"],"abstract_inverted_index":{"A":[0,125],"deep":[1],"neural":[2],"network":[3],"(DNN)":[4],"classifier":[5,16,49,91,117,127,139,169,180,211,229],"represents":[6],"a":[7,14,38,89,132,168,179],"model":[8,47,115,137,209,227],"owner's":[9,48,116,138,210,228],"intellectual":[10,29,70],"property":[11,30,71],"as":[12,212,234],"training":[13,55,183],"DNN":[15,32,73,90,126],"often":[17],"requires":[18],"lots":[19],"of":[20,31,45,72,113,135,167,207,215,237],"resource.":[21],"Watermarking":[22],"was":[23],"recently":[24],"proposed":[25],"to":[26,68,121,130],"protect":[27,69],"the":[28,43,46,53,65,82,110,114,123,136,143,164,208,216,226,238],"classifiers.":[33,83],"However,":[34],"watermarking":[35,175],"suffers":[36],"from":[37,155],"key":[39,85],"limitation:":[40],"it":[41,51],"sacrifices":[42],"utility/accuracy":[44],"because":[50],"tampers":[52],"classifier's":[54],"or":[56,184],"fine-tuning":[57,185],"process.":[58,186],"In":[59],"this":[60,102],"work,":[61],"we":[62],"propose":[63],"IPGuard,":[64],"first":[66],"method":[67],"classifiers":[74],"that":[75,88,170,200],"provably":[76],"incurs":[77],"no":[78],"accuracy":[79],"loss":[80],"for":[81,146],"Our":[84,197],"observation":[86],"is":[87,128,152,171],"can":[92,202,220],"be":[93,131],"uniquely":[94],"represented":[95],"by":[96],"its":[97,182,231],"classification":[98,111,165],"boundary.":[99],"Based":[100],"on":[101,191],"observation,":[103],"IPGuard":[104,151,158,190,201,219],"extracts":[105,159],"some":[106],"data":[107,149,161],"points":[108,162],"near":[109,163],"boundary":[112,166],"and":[118,194,218],"uses":[119],"them":[120],"fingerprint":[122],"classifier.":[124,239],"said":[129],"pirated":[133,213],"version":[134],"if":[140],"they":[141],"predict":[142],"same":[144],"labels":[145],"most":[147],"fingerprinting":[148,160],"points.":[150],"qualitatively":[153],"different":[154],"watermarking.":[156],"Specifically,":[157],"already":[172],"trained,":[173],"while":[174],"embeds":[176],"watermarks":[177],"into":[178],"during":[181],"We":[187],"extensively":[188],"evaluate":[189],"CIFAR-10,":[192],"CIFAR-100,":[193],"ImageNet":[195],"datasets.":[196],"results":[198],"show":[199],"robustly":[203],"identify":[204,221],"post-processed":[205,232],"versions":[206,214,236],"classifier,":[217],"classifiers,":[222],"which":[223],"are":[224],"not":[225],"nor":[230],"versions,":[233],"non-pirated":[235]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":31},{"year":2024,"cited_by_count":32},{"year":2023,"cited_by_count":29},{"year":2022,"cited_by_count":20},{"year":2021,"cited_by_count":8}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2025-10-10T00:00:00"}