{"id":"https://openalex.org/W4404134237","doi":"https://doi.org/10.1145/3649329.3658251","title":"TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments","display_name":"TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments","publication_year":2024,"publication_date":"2024-06-23","ids":{"openalex":"https://openalex.org/W4404134237","doi":"https://doi.org/10.1145/3649329.3658251"},"language":"en","primary_location":{"id":"doi:10.1145/3649329.3658251","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3649329.3658251","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3649329.3658251?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 61st ACM/IEEE Design Automation Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3649329.3658251?download=true","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087935503","display_name":"Ziyu Liu","orcid":"https://orcid.org/0000-0003-1844-1114"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ziyu Liu","raw_affiliation_strings":["Northeastern University, Boston, MA, United States"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, United States","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101777618","display_name":"Tong Zhou","orcid":"https://orcid.org/0000-0002-8645-5246"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tong Zhou","raw_affiliation_strings":["Northeastern University, Boston, MA, United States"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, United States","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041001467","display_name":"Yukui Luo","orcid":"https://orcid.org/0000-0002-5852-4195"},"institutions":[{"id":"https://openalex.org/I100633361","display_name":"University of Massachusetts Dartmouth","ror":"https://ror.org/00fzmm222","country_code":"US","type":"education","lineage":["https://openalex.org/I100633361"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yukui Luo","raw_affiliation_strings":["University of Massachusetts Dartmouth, Dartmouth, MA, United States"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Dartmouth, Dartmouth, MA, United States","institution_ids":["https://openalex.org/I100633361"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054462808","display_name":"Xiaolin Xu","orcid":"https://orcid.org/0000-0001-8393-2783"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaolin Xu","raw_affiliation_strings":["Northeastern University, Boston, MA, United States"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, United States","institution_ids":["https://openalex.org/I12912129"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5087935503"],"corresponding_institution_ids":["https://openalex.org/I12912129"],"apc_list":null,"apc_paid":null,"fwci":1.4176,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.85214076,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7608405351638794},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.47019943594932556},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4507772624492645},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.3524557650089264},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.19377058744430542}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7608405351638794},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.47019943594932556},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4507772624492645},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3524557650089264},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.19377058744430542}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3649329.3658251","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3649329.3658251","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3649329.3658251?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 61st ACM/IEEE Design Automation Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3649329.3658251","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3649329.3658251","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3649329.3658251?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 61st ACM/IEEE Design Automation Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2851461307","display_name":null,"funder_award_id":"2319962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3468271231","display_name":null,"funder_award_id":"2326597","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3807710405","display_name":null,"funder_award_id":"OAC-2319962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4665888916","display_name":null,"funder_award_id":"2247892","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8013457670","display_name":"CAREER: Securing Reconfigurable Hardware Accelerator for Machine Learning: Threats and Defenses","funder_award_id":"2239672","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8432109843","display_name":null,"funder_award_id":"2153690","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8938442388","display_name":null,"funder_award_id":"CNS-2239672","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4404134237.pdf","grobid_xml":"https://content.openalex.org/works/W4404134237.grobid-xml"},"referenced_works_count":7,"referenced_works":["https://openalex.org/W2302255633","https://openalex.org/W2946635188","https://openalex.org/W2962851801","https://openalex.org/W2966086598","https://openalex.org/W2990887689","https://openalex.org/W3175296232","https://openalex.org/W4285490414"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Trusted":[0],"Execution":[1,72],"Environments":[2],"(TEEs)":[3],"have":[4],"become":[5],"a":[6,40,49,56,89,107],"promising":[7],"solution":[8],"to":[9,61],"secure":[10],"DNN":[11,46,94],"models":[12],"on":[13,88],"edge":[14],"devices.":[15],"However,":[16],"the":[17,65,69,80],"existing":[18],"solutions":[19],"either":[20],"provide":[21],"inadequate":[22],"protection":[23,105],"or":[24],"introduce":[25],"large":[26],"performance":[27,33],"overhead.":[28],"Taking":[29],"both":[30],"security":[31],"and":[32,78,97],"into":[34],"consideration,":[35],"this":[36],"paper":[37],"presents":[38],"TBNet,":[39],"TEE-based":[41],"defense":[42],"framework":[43],"that":[44,100],"protects":[45],"model":[47,84,95,104],"from":[48],"neural":[50],"architectural":[51],"perspective.":[52],"Specifically,":[53],"TBNet":[54,101],"generates":[55],"novel":[57],"Two-Branch":[58],"substitution":[59],"model,":[60],"respectively":[62],"exploit":[63],"(1)":[64],"computational":[66],"resources":[67],"in":[68],"untrusted":[70],"Rich":[71],"Environment":[73],"(REE)":[74],"for":[75,83],"latency":[76],"reduction":[77],"(2)":[79],"physically-isolated":[81],"TEE":[82],"protection.":[85],"Experimental":[86],"results":[87],"Raspberry":[90],"Pi":[91],"across":[92],"diverse":[93],"architectures":[96],"datasets":[98],"demonstrate":[99],"achieves":[102],"efficient":[103],"at":[106],"low":[108],"cost.":[109]},"counts_by_year":[{"year":2025,"cited_by_count":4}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}