[1] Agarap A F. Deep learning using rectified linear units (ReLU)[J]. arXiv preprintarXiv:1803.08375, 2018.
[2] Szegedy C, Ioffe S, Vanhoucke V, et al. Inception-v4, Inception-ResNet and the impact of residual connections on learning[C]//Proceedings of the AAAI Conference on Artificial Intelligence, 2017:1-12.
[3] Kingma D P, Ba J. Adam:a method for stochastic optimization[C]//International Conference on Learning Representations (ICLR), 2014.
[4] Redmon J, Farhadi A. Yolov3:an incremental improvement[J]. arXiv preprintarXiv:1804.02767, 2018.
[5] He K, Gkioxari G, Dollár P, et al. Mask R-CNN[C]//Proceedings of the IEEE International Conference on Computer Vision, 2017:2961-2969.
[6] Glavaš G, Nanni F, Ponzetto S P. Computational analysis of political texts:bridging research efforts across communities[C]//Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics:Tutorial Abstracts, 2019:18-23.
[7] Conneau A, Khandelwal K, Goyal N, et al. Un-supervised cross-lingual representation learning at scale[J]. arXiv preprint arXiv:1911.02116, 2019.
[8] Moraes R, Valiati J F, Neto W P G. Document-level sentiment classification:an empirical comparison between SVM and ANN[J]. Expert Systems with Applications, 2013, 40(2):621-633.
[9] Mcguffie K, Newhouse A. The radicalization risks of GPT-3 and advanced neural language models[J]. arXiv preprint arXiv:2009.06807, 2020.
[10] Walia E, Suneja A. A robust watermark authentication technique based on Weber's descriptor[J]. Signal, Image and Video Processing, 2014, 8(5):859-872.
[11] Zhou N R, Luo A W, Zou W P. Secure and robust watermark scheme based on multiple transforms and particle swarm optimization algorithm[J]. Multimedia Tools and Applications, 2019, 78(2):2507-2523.
[12] Bravo-Solorio S, Calderon F, Li C, et al. Fast fragile watermark embedding and iterative mechanism with high self-restoration performance[J]. Digital Signal Processing, 2018, 73:83-92.
[13] Wu C, Shih Y. A simple image tamper detection and recovery based on fragile watermark with one parity section and two restoration sections[J]. Optics and Photonics Journal, 2013, 3(2):103-107.
[14] Cox I, Kilian J, Leighton F T, et al. Secure spread spectrum watermarking for multimedia[J]. IEEE Transactions on Image Processing, 1997, 6(12):1673-1687.
[15] Jiang N, Zhao N, Wang L. LSB based quantum image steganography algorithm[J]. International Journal of Theoretical Physics, 2016, 55(1):107-123.
[16] Barni M, Bartolini F, Cappellini V, et al. A DCT-domain system for robust image watermarking[J]. Signal Processing, 1998, 66(3):357-372.
[17] Srivastava R, Kumar B, Singh A K, et al. Computationally efficient joint imperceptible image watermarking and jpeg compression:a green computing approach[J]. Multimedia Tools and Applications, 2018, 77(13):16447-16459.
[18] Ganic E, Eskicioglu A M. Robust DWT-SVD domain image watermarking:embedding data in all frequencies[C]//Proceedings of the 2004 Workshop on Multimedia and Security, 2004:166-174.
[19] Zhang X. Reversible data hiding in encrypted image[J]. IEEE Signal Processing Letters, 2011, 18(4):255-258.
[20] Zhang X. Separable reversible data hiding in encrypted image[J]. IEEE Transactions on Information Forensics and Security, 2011, 7(2):826-832.
[21] Uchida Y, Nagai Y, Sakazawa S, et al. Embedding watermarks into deep neural networks[C]//Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, 2017:269-277.
[22] Adi Y, Baum C, Cisse M, et al. Turning your weakness into a strength:watermarking deep neural networks by backdooring[C]//The 27th Security Symposium, 2018:1615-1631.
[23] Wu H, Liu G, Yao Y, et al. Watermarking neural networks with water-marked images[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2020, 31(7):2591-2601.
[24] Guan X, Feng H, Zhang W, et al. Reversible watermarking in deep convolutional neural networks for integrity authentication[C]//Proceedings of the 28th ACM International Conference on Multimedia, 2020:2273-2280.
[25] Zhang T, Ye S, Zhang K, et al. A systematic DNN weight pruning framework using alternating direction method of multipliers[C]//Proceedings of the European Conference on Computer Vision (ECCV), 2018:184-199.
[26] Hou L, Kwok J T. Loss-aware weight quantization of deep networks[J]. arXiv preprintarXiv:1802.08635, 2018.
[27] Lu Z, Sindhwani V, Sainath T N. Learning compact recurrent neural networks[C]//IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2016:5960- 5964.
[28] Wang W, Sun Y, Eriksson B, et al. Wide compression:tensor ring nets[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2018:9329-9338.
[29] Polino A, Pascanu R, Dan A. Model compression via distillation and quantization[J]. arXiv preprint arXiv:1802.05668, 2018.
[30] Truong J, Maini P, Walls R, et al. Data-free model extraction[J]. arXiv preprint arXiv:2011.14779, 2020.
[31] Molnar C, König G, Herbinger J, et al. Pitfalls to avoid when interpreting machine learning models[J]. arXiv preprint arXiv:2007.04131, 2020.
[32] Wang T, Kerschbaum F. Attacks on digital watermarks for deep neural networks[C]//IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP2019), 2019:2622- 2626.
[33] Feng L, Zhang X. Watermarking neural network with compensation mechanism[C]//International Conference on Knowledge Science, Engineering and Management, 2020:363- 375.
[34] Rouhani B D, Chen H, Koushanfar F. Deepsigns:an end-to-end watermarking framework for ownership protection of deep neural networks[C]//Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems, 2019:485-497.
[35] Fan L X, Ng K W, Chan C S. Rethinking deep neural network ownership verification:embedding passports to defeat ambiguity attacks[C]//Advances in Neural Information Processing Systems 32:Annual Conference on Neural Information Processing Systems, Vancouver, Canada, 2019:4716-4725.
[36] He K, Zhang X, Ren S. Deep residual learning for image recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016:770-778.
[37] Gu T, Dolan-Gavitt B, Garg S. BadNets:identifying vulnerabilities in the machine learning model supply chain[J]. arXiv preprint arXiv:1708.06733, 2017.
[38] Zhang J, Gu Z, Jang J, et al. Protecting intellectual property of deep neural networks with watermarking[C]//Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018:159-172.
[39] Merrer E L, Perez P, Trédan G. Adversarial frontier stitching for remote neural network watermarking[J]. Neural Computing and Applications, 2020, 32(13):9233-9244.
[40] Guo J, Potkonjak M. Watermarking deep neural networks for embedded systems[C]//2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2018:1-8.
[41] Li Z, Hu C, Zhang Y, et al. How to prove your model belongs to you:a blind-watermark based framework to protect intellectual property of DNN[C]//Proceedings of the 35th Annual Computer Security Applications Conference, 2019:126-137.
[42] Xue M, Wu Z, He C, et al. Active DNN IP protection:a novel user fingerprint management and DNN authorization control technique[C]//2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, 2020:975-982.
[43] Li H, Willson E, Zheng H. Persistent and unforgeable watermarks for deep neural networks[J]. arXiv preprint arXiv:1910.01226, 2019a.
[44] Aprilpyone M, Kiya H. Piracy-resistant DNN watermarking by block-wise image transformation with secret key[J]. arXiv preprint arXiv:2104.04241, 2021.
[45] Hitaj D, Mancini L V. Have you stolen my model? evasion attacks against deep neural network watermarking techniques[J]. arXiv preprint arXiv:1809.00615, 2018.
[46] Zhu R, Zhang X, Shi M, et al. Secure neural network watermarking protocol against forging attack[J]. EURASIP Journal on Image and Video Processing, 2020, 2020(1):1-12.
[47] Quan Y, Teng H, Chen Y, et al. Watermarking deep neural networks in image processing[J]. IEEE Transactions on Neural Networks and Learning Systems, 2020, 32(5):1852-1865.
[48] Ong D S, Chan C S, Ng K W, et al. Protecting intellectual property of generative adversarial networks from ambiguity attack[J]. arXiv preprintarXiv:2102.04362, 2021.
[49] Zhang J, Chen D, Liao J, et al. Model watermarking for image processing networks[C]//Proceedings of the AAAI Conference on Artificial Intelligence, 2020:12805-12812.
[50] Zhang J, Chen D, Liao J, et al. Deep model intellectual property protection via deep watermarking[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2021, (99):1.
[51] Zhang X, Wang S. Fragile watermarking with error-free restoration capability[J]. IEEE Transactions on Multimedia, 2008, 10(8):1490-1499.
[52] Liu X L, Lin C C, Yuan S W. Blind dual watermarking for color images' authentication and copyright protection[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2016, 28(5):1047-1055.
[53] Fang H, Zhang W, Ma Z, et al. A camera shooting resilient watermarking scheme for underpainting documents[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2019, 30(11):4075-4089.
[54] Abuadbba L, Kim H, Nepal S. DeepiSign:invisible fragile watermark to protect the integrity and authenticity of CNN[C]//The 36th ACM/SIGAPP Symposium on Applied Computing, Virtual Event, Korea, 2021:952-959.
