{"id":"https://openalex.org/W4403791939","doi":"https://doi.org/10.1145/3664647.3681691","title":"Towards Stricter Black-box Integrity Verification of Deep Neural Network Models","display_name":"Towards Stricter Black-box Integrity Verification of Deep Neural Network Models","publication_year":2024,"publication_date":"2024-10-26","ids":{"openalex":"https://openalex.org/W4403791939","doi":"https://doi.org/10.1145/3664647.3681691"},"language":"en","primary_location":{"id":"doi:10.1145/3664647.3681691","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3664647.3681691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM International Conference on Multimedia","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047690196","display_name":"Chaoxiang He","orcid":null},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Chaoxiang He","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, Hubei, China"],"raw_orcid":"https://orcid.org/0009-0008-8936-9336","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, Hubei, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Xiaofan Bai","orcid":"https://orcid.org/0009-0004-6796-3773"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaofan Bai","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, Hubei, China"],"raw_orcid":"https://orcid.org/0009-0004-6796-3773","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, Hubei, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109792165","display_name":"Xiaojing Ma","orcid":"https://orcid.org/0000-0001-6363-3209"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaojing Ma","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, Hubei, China"],"raw_orcid":"https://orcid.org/0000-0001-6363-3209","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, Hubei, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101883857","display_name":"Bin Zhu","orcid":"https://orcid.org/0000-0002-3571-7808"},"institutions":[{"id":"https://openalex.org/I4210113369","display_name":"Microsoft Research Asia (China)","ror":"https://ror.org/0300m5276","country_code":"CN","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210113369"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bin B. Zhu","raw_affiliation_strings":["Microsoft Corporation, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-3571-7808","affiliations":[{"raw_affiliation_string":"Microsoft Corporation, Beijing, China","institution_ids":["https://openalex.org/I4210113369"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040692607","display_name":"Pingyi Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Pingyi Hu","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, Hubei, China"],"raw_orcid":"https://orcid.org/0009-0006-5616-7418","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, Hubei, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031520034","display_name":"Junqiu Fu","orcid":"https://orcid.org/0000-0003-4908-3081"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiayun Fu","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, Hubei, China"],"raw_orcid":"https://orcid.org/0000-0003-4908-3081","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, Hubei, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022262922","display_name":"Hai Jin","orcid":"https://orcid.org/0000-0002-3934-7605"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hai Jin","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, Hubei, China"],"raw_orcid":"https://orcid.org/0000-0002-3934-7605","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, Hubei, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100331488","display_name":"Dongmei Zhang","orcid":"https://orcid.org/0000-0002-9230-2799"},"institutions":[{"id":"https://openalex.org/I4210113369","display_name":"Microsoft Research Asia (China)","ror":"https://ror.org/0300m5276","country_code":"CN","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210113369"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dongmei Zhang","raw_affiliation_strings":["Microsoft Corporation, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-9230-2799","affiliations":[{"raw_affiliation_string":"Microsoft Corporation, Beijing, China","institution_ids":["https://openalex.org/I4210113369"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5047690196"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":0.9934,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.80904145,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"9875","last_page":"9884"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9876999855041504,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.8263312578201294},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6563860177993774},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.572944700717926},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4260375499725342},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2382977306842804}],"concepts":[{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.8263312578201294},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6563860177993774},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.572944700717926},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4260375499725342},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2382977306842804}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3664647.3681691","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3664647.3681691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM International Conference on Multimedia","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1903029394","https://openalex.org/W2067713319","https://openalex.org/W2117539524","https://openalex.org/W2165698076","https://openalex.org/W2194775991","https://openalex.org/W2531409750","https://openalex.org/W2753783305","https://openalex.org/W2916086000","https://openalex.org/W2942091739","https://openalex.org/W2948833786","https://openalex.org/W2963037989","https://openalex.org/W2965862774","https://openalex.org/W2981860227","https://openalex.org/W3034414373","https://openalex.org/W3035644192","https://openalex.org/W3164111940","https://openalex.org/W3175121854","https://openalex.org/W3180355996","https://openalex.org/W3196445972","https://openalex.org/W3197041852","https://openalex.org/W3210158641","https://openalex.org/W3214399478","https://openalex.org/W4214502238","https://openalex.org/W4285603108","https://openalex.org/W4290945651","https://openalex.org/W4385325051"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W4312601715","https://openalex.org/W4377865163","https://openalex.org/W4392828243","https://openalex.org/W4312822655","https://openalex.org/W3157170264","https://openalex.org/W4298185893","https://openalex.org/W4402427143","https://openalex.org/W2896078964","https://openalex.org/W4281399026"],"abstract_inverted_index":{"Cloud-based":[0],"machine":[1],"learning":[2],"services":[3],"offer":[4],"significant":[5,106],"advantages":[6],"but":[7],"also":[8],"introduce":[9],"the":[10,44,54,62,71,109,148,154,160,164,168],"risk":[11],"of":[12,77,84,90,156],"tampering":[13],"with":[14,40,58],"cloud-deployed":[15,34],"deep":[16],"neural":[17],"network":[18],"(DNN)":[19],"models.":[20,79],"Black-box":[21],"integrity":[22],"verification":[23],"(BIV)":[24],"allows":[25],"model":[26,36,85,150,162,169],"owners":[27],"and":[28,118,152,163,176,192,202],"end-users":[29],"to":[30,52,112,171],"determine":[31],"if":[32],"a":[33,132,142],"DNN":[35,78],"has":[37],"been":[38],"tampered":[39],"by":[41],"examining":[42],"only":[43],"top-1":[45],"label":[46],"responses.":[47],"Fingerprinting":[48],"generates":[49],"fingerprint":[50,178],"samples":[51],"query":[53],"model,":[55],"achieving":[56],"BIV":[57,76],"no":[59],"impact":[60],"on":[61,105],"model's":[63],"accuracy.":[64],"In":[65],"this":[66,124],"paper,":[67],"we":[68,126],"present":[69],"BIVBench,":[70],"first":[72],"comprehensive":[73],"benchmark":[74],"for":[75],"BIVBench":[80,183,201],"covers":[81],"16":[82],"types":[83],"modifications,":[86],"providing":[87],"extensive":[88],"coverage":[89],"practical":[91],"modification":[92],"scenarios.":[93],"Our":[94],"analysis":[95],"reveals":[96],"that":[97,136,185],"existing":[98,188],"fingerprinting":[99,134],"methods,":[100],"which":[101],"are":[102,205],"typically":[103],"focused":[104],"tampering,":[107],"lack":[108],"sensitivity":[110],"needed":[111],"effectively":[113],"detect":[114],"subtle":[115,198],"yet":[116],"common":[117],"potentially":[119],"severe":[120],"modifications.":[121,199],"To":[122],"address":[123],"limitation,":[125],"propose":[127],"MiSentry":[128,139,186],"(Model":[129],"Integrity":[130],"Sentry),":[131],"novel":[133],"method":[135],"leverages":[137],"meta-learning.":[138],"strategically":[140],"incorporates":[141],"few":[143],"subtly":[144],"modified":[145,165],"models":[146,166],"into":[147],"meta-learning":[149],"zoo":[151,170],"maximizes":[153],"divergence":[155],"output":[157],"predictions":[158],"between":[159],"target":[161],"in":[167,196],"generate":[172],"highly":[173],"sensitive,":[174],"generalizable,":[175],"effective":[177],"samples.":[179],"Extensive":[180],"evaluations":[181],"using":[182],"demonstrate":[184],"outperforms":[187],"state-of-the-art":[189],"methods":[190],"overall":[191],"significantly":[193],"surpasses":[194],"them":[195],"detecting":[197],"The":[200],"supplementary":[203],"materials":[204],"available":[206],"at:":[207],"https://github.com/CGCL-codes/BIVBench.":[208]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2025-12-21T23:12:01.093139","created_date":"2025-10-10T00:00:00"}