[1] Common Vulnerabilities and Exposures, “CVE Database.”https://cve.mitre.org/, Jul 2024.
[2] CYFIRMA, “Thousands of hikvision cameras are still vulnerable and can be potentially exploited.” https://www.cyfirma.com/research/thousands-of-hikvision-cameras-are-still-vulnerable/, Aug 2022.
[3] N. P. Jouppi et al., “In-datacenter performance analysis of a tensor processing unit,” in Proceedings of the 44th Annual International Symposium on Computer Architecture, ISCA ’17, (New York, NY, USA), p. 1–12, Association for Computing Machinery, 2017.
[4] J. Redmon, S. Divvala, R. Girshick, and A. Farhadi, “You only look once: Unified, real-time object detection,” in 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 779–788, 2016.
[5] Raspberry Pi Foundation, “Raspberry Pi Documentation.” https://www.raspberrypi.com/documentation/computers/processors.html, Jul 2024.
[6] D. Oliynyk, R. Mayer, and A. Rauber, “I know what you trained last summer: A survey on stealing machine learning models and defences,” ACM Comput. Surv., vol. 55, jul 2023.
[7] J. R. Correia-Silva, R. F. Berriel, C. Badue, A. F. de Souza, and T. Oliveira-Santos, “Copycat cnn: Stealing knowledge by persuading confession with random non-labeled data,” in 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1–8, 2018.
[8] F. Tram`er, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, “Stealing machine learning models via prediction APIs,” in 25th USENIX Security Symposium (USENIX Security 16), (Austin, TX), pp. 601–618, USENIX Association, Aug. 2016.
[9] D. Lowd and C. Meek, “Adversarial learning,” in Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, KDD ’05, (New York, NY, USA), p. 641–647, Association for Computing Machinery, 2005.
[10] M. Jagielski, N. Carlini, D. Berthelot, A. Kurakin, and N. Papernot, “High accuracy and high fidelity extraction of neural networks,” in 29th USENIX Security Symposium (USENIX Security 20), pp. 1345–1362, USENIX Association, Aug. 2020.
[11] S. J. Oh, B. Schiele, and M. Fritz, Towards Reverse-Engineering Black-Box Neural Networks, p. 121–144. Berlin, Heidelberg: Springer-Verlag, 2022.
[12] I. Lederer, R. Mayer, and A. Rauber, “Identifying appropriate intellectual property protection mechanisms for machine learning models: A systematization of watermarking, fingerprinting, model access, and attacks,” IEEE Transactions on Neural Networks and Learning Systems, pp. 1–19, 2023.
[13] T. Kohno, A. Broido, and K. Claffy, “Remote physical device fingerprinting,” IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 2, pp. 93–108, 2005.
[14] H. Yan, X. Li, H. Li, J. Li, W. Sun, and F. Li, “Monitoring-based differential privacy mechanism against query flooding-based model extraction attack,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2680–2694, 2022.
[15] T. Orekondy, B. Schiele, and M. Fritz, “Prediction poisoning: Towards defenses against dnn model stealing attacks,” 2020.
[16] H. Chabanne, V. Despiegel, and L. Guiga, “A protection against the extraction of neural network models,” 2020.
[17] K. Szentannai, J. Al-Afandi, and A. Horv´ath, “Preventing neural network weight stealing via network obfuscation,” in Intelligent Computing (K. Arai, S. Kapoor, and R. Bhatia, eds.), (Cham), pp. 1–11, Springer International Publishing, 2020.
[18] V. Duddu, D. Samanta, D. V. Rao, and V. E. Balas, “Stealing neural networks via timing side channels,” CoRR, vol. abs/1812.11720, 2018.
[19] Y. Gao, H. Qiu, Z. Zhang, B. Wang, H. Ma, A. Abuadbba, M. Xue, A. Fu, and S. Nepal, “Deeptheft: Stealing dnn model architectures through power side channel,” in 2024 IEEE Symposium on Security and Privacy (SP), (Los Alamitos, CA, USA), pp. 188–188, IEEE Computer Society, may 2024.
[20] Y. Xiang, Z. Chen, Z. Chen, Z. Fang, H. Hao, J. Chen, Y. Liu, Z. Wu, Q. Xuan, and X. Yang, “Open dnn box by power side-channel attack,” IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 67, no. 11, pp. 2717–2721, 2020.
[21] H. Lee and J. Song, “Introduction to convolutional neural network using keras; an understanding from a statistician,” Communications for Statistical Applications and Methods, 2019.
[22] S. Hochreiter and J. Schmidhuber, “Long short-term memory,” Neural Comput., vol. 9, p. 1735–1780, nov 1997.
[23] A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, L. u. Kaiser, and I. Polosukhin, “Attention is all you need,” in Advances in Neural Information Processing Systems (I. Guyon, U. V. Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett, eds.), vol. 30, Curran Associates, Inc., 2017.
[24] A. Krizhevsky, “Learning multiple layers of features from tiny images,” University of Toronto, 05 2012.
[25] Y. Liu, J. Xue, D. Li, W. Zhang, T. K. Chiew, and Z. Xu, “Image recognition based on lightweight convolutional neural network: Recent advances,” Image Vision Comput., vol. 146, jul 2024.
[26] M. Sandler, A. Howard, M. Zhu, A. Zhmoginov, and L. Chen, “Mobilenetv2: Inverted residuals and linear bottlenecks,” in 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), (Los Alamitos, CA, USA), pp. 4510–4520, IEEE Computer Society, jun 2018.
[27] M. Tan and Q. V. Le, “Efficientnet: Rethinking model scaling for convolutional neural networks,” 2020.
[28] Facebook Research, “fvcore.” https://github.com/facebookresearch/fvcore, Apr 2021.
[29] B. Fu, X. Zhao, C. Song, X. Li, and X. Wang, “A salt and pepper noise image denoising method based on the generative classification,” Multimedia Tools and Applications, vol. 78, pp. 12043–12053, May 2019.