{"id":"https://openalex.org/W4308562533","doi":"https://doi.org/10.1145/3560835.3564547","title":"An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain","display_name":"An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain","publication_year":2022,"publication_date":"2022-11-08","ids":{"openalex":"https://openalex.org/W4308562533","doi":"https://doi.org/10.1145/3560835.3564547"},"language":"en","primary_location":{"id":"doi:10.1145/3560835.3564547","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564547","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564547","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564547","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026463384","display_name":"Wenxin Jiang","orcid":"https://orcid.org/0000-0003-2608-8576"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Wenxin Jiang","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040525530","display_name":"Nicholas Synovic","orcid":"https://orcid.org/0000-0003-0413-4594"},"institutions":[{"id":"https://openalex.org/I1925986","display_name":"Loyola University Chicago","ror":"https://ror.org/04b6x2g63","country_code":"US","type":"education","lineage":["https://openalex.org/I1925986"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nicholas Synovic","raw_affiliation_strings":["Loyola University Chicago, Chicago, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Loyola University Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I1925986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113115571","display_name":"Rohan Sethi","orcid":null},"institutions":[{"id":"https://openalex.org/I1925986","display_name":"Loyola University Chicago","ror":"https://ror.org/04b6x2g63","country_code":"US","type":"education","lineage":["https://openalex.org/I1925986"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rohan Sethi","raw_affiliation_strings":["Loyola University Chicago, Chicago, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Loyola University Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I1925986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038603686","display_name":"Aryan Indarapu","orcid":null},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aryan Indarapu","raw_affiliation_strings":["University of Illinois-Urbana Champaign, Champaign, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Illinois-Urbana Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016016132","display_name":"Matt Hyatt","orcid":"https://orcid.org/0000-0002-6356-6832"},"institutions":[{"id":"https://openalex.org/I1925986","display_name":"Loyola University Chicago","ror":"https://ror.org/04b6x2g63","country_code":"US","type":"education","lineage":["https://openalex.org/I1925986"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matt Hyatt","raw_affiliation_strings":["Loyola University Chicago, Chicago, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Loyola University Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I1925986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058699162","display_name":"Taylor R. Schorlemmer","orcid":"https://orcid.org/0000-0003-2181-5527"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Taylor R. Schorlemmer","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074177185","display_name":"George K. Thiruvathukal","orcid":"https://orcid.org/0000-0002-0452-5571"},"institutions":[{"id":"https://openalex.org/I1925986","display_name":"Loyola University Chicago","ror":"https://ror.org/04b6x2g63","country_code":"US","type":"education","lineage":["https://openalex.org/I1925986"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"George K. Thiruvathukal","raw_affiliation_strings":["Loyola University Chicago, Chicago, IL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Loyola University Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I1925986"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013948143","display_name":"James C. Davis","orcid":"https://orcid.org/0000-0003-2495-686X"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James C. Davis","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5026463384"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":4.0249,"has_fulltext":true,"cited_by_count":29,"citation_normalized_percentile":{"value":0.94515041,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"105","last_page":"114"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.790519118309021},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7562893629074097},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.7285853624343872},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.7185542583465576},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5249341130256653},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.521430492401123},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5185809135437012},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.47658631205558777},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.4736382067203522},{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.4570922255516052},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.36398109793663025},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34440749883651733},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.23251071572303772},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1348358392715454},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12129372358322144}],"concepts":[{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.790519118309021},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7562893629074097},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.7285853624343872},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.7185542583465576},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5249341130256653},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.521430492401123},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5185809135437012},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.47658631205558777},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.4736382067203522},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.4570922255516052},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.36398109793663025},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34440749883651733},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.23251071572303772},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1348358392715454},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12129372358322144},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C548081761","wikidata":"https://www.wikidata.org/wiki/Q180388","display_name":"Waste management","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3560835.3564547","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564547","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564547","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:ecommons.luc.edu:cs_facpubs-1312","is_oa":true,"landing_page_url":"https://ecommons.luc.edu/cs_facpubs/315","pdf_url":null,"source":{"id":"https://openalex.org/S4306402030","display_name":"Loyola eCommons (Loyola University of Chicago)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1925986","host_organization_name":"Loyola University Chicago","host_organization_lineage":["https://openalex.org/I1925986"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computer Science: Faculty Publications and Other Works","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3560835.3564547","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564547","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564547","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2668631724","display_name":null,"funder_award_id":"2107230, 2229703, 2107020, 2104319","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3818114722","display_name":null,"funder_award_id":"2107020","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4440107309","display_name":null,"funder_award_id":"2104319","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5494311034","display_name":null,"funder_award_id":"2229703","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G902247565","display_name":null,"funder_award_id":"2107230","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"},{"id":"https://openalex.org/F4320309327","display_name":"Google","ror":"https://ror.org/00njsd438"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4308562533.pdf","grobid_xml":"https://content.openalex.org/works/W4308562533.grobid-xml"},"referenced_works_count":42,"referenced_works":["https://openalex.org/W2095577883","https://openalex.org/W2122041620","https://openalex.org/W2163605009","https://openalex.org/W2165698076","https://openalex.org/W2194775991","https://openalex.org/W2613019972","https://openalex.org/W2748789698","https://openalex.org/W2761330267","https://openalex.org/W2765811365","https://openalex.org/W2767094836","https://openalex.org/W2789570312","https://openalex.org/W2887280559","https://openalex.org/W2899462170","https://openalex.org/W2906669385","https://openalex.org/W2962700793","https://openalex.org/W2991970757","https://openalex.org/W2996800219","https://openalex.org/W2999321020","https://openalex.org/W3000315285","https://openalex.org/W3004493192","https://openalex.org/W3011574394","https://openalex.org/W3029775758","https://openalex.org/W3034368386","https://openalex.org/W3088409176","https://openalex.org/W3090561201","https://openalex.org/W3098772125","https://openalex.org/W3103078407","https://openalex.org/W3122184684","https://openalex.org/W3138154797","https://openalex.org/W3198659451","https://openalex.org/W3212298803","https://openalex.org/W4205480242","https://openalex.org/W4206688953","https://openalex.org/W4256234594","https://openalex.org/W4284680133","https://openalex.org/W4287204036","https://openalex.org/W4308338624","https://openalex.org/W4308562662","https://openalex.org/W4308731250","https://openalex.org/W4312343407","https://openalex.org/W6600388300","https://openalex.org/W6754002923"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2368605798","https://openalex.org/W2518037665","https://openalex.org/W2348524959","https://openalex.org/W2477036161","https://openalex.org/W2368049389","https://openalex.org/W2384861574","https://openalex.org/W4294565801","https://openalex.org/W2170801710","https://openalex.org/W2952704802"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"networks":[2],"achieve":[3],"state-of-the-art":[4],"performance":[5],"on":[6],"many":[7],"tasks,":[8],"but":[9],"require":[10],"increasingly":[11],"complex":[12],"architectures":[13],"and":[14,28,47,61,89,102,119,123,129],"costly":[15],"training":[16],"procedures.":[17],"Engineers":[18],"can":[19],"reduce":[20],"costs":[21],"by":[22,50],"reusing":[23],"a":[24,78],"pre-trained":[25],"model":[26,42,54,94],"(PTM)":[27],"fine-tuning":[29],"it":[30],"for":[31,110,126],"their":[32],"own":[33],"tasks.":[34],"To":[35],"facilitate":[36],"software":[37,65,79],"reuse,":[38],"engineers":[39],"collaborate":[40],"around":[41],"hubs,":[43],"collections":[44],"of":[45,87,114,135],"PTMs":[46],"datasets":[48],"organized":[49],"problem":[51],"domain.":[52],"Although":[53],"hubs":[55],"are":[56,108],"now":[57],"comparable":[58],"in":[59,92],"popularity":[60],"size":[62],"to":[63,131],"other":[64],"ecosystems,":[66],"the":[67,98,105,112,133,136],"associated":[68],"PTM":[69,118,137],"supply":[70,121,138],"chain":[71],"has":[72],"not":[73],"yet":[74],"been":[75],"examined":[76],"from":[77],"engineering":[80],"perspective.":[81],"We":[82,96,116],"present":[83],"an":[84],"empirical":[85],"study":[86],"artifacts":[88],"security":[90,113],"features":[91],"8":[93],"hubs.":[95],"indicate":[97],"potential":[99],"threat":[100],"models":[101],"show":[103],"that":[104],"existing":[106],"defenses":[107],"insufficient":[109],"ensuring":[111],"PTMs.":[115],"compare":[117],"traditional":[120],"chains,":[122],"propose":[124],"directions":[125],"further":[127],"measurements":[128],"tools":[130],"increase":[132],"reliability":[134],"chain.":[139]},"counts_by_year":[{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":4}],"updated_date":"2026-05-17T08:19:37.847499","created_date":"2025-10-10T00:00:00"}