{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T18:10:03Z","timestamp":1755886203904,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,4]],"date-time":"2023-12-04T00:00:00Z","timestamp":1701648000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Intel Labs","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,4]]},"DOI":"10.1145\/3627106.3627128","type":"proceedings-article","created":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T18:13:22Z","timestamp":1701540802000},"page":"492-505","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4120-6860","authenticated-orcid":false,"given":"Buse G.","family":"A. Tekgul","sequence":"first","affiliation":[{"name":"Network Systems and Security Research, Nokia Bell Labs, Finland and Computer Science, Aalto University, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5093-9871","authenticated-orcid":false,"family":"N. Asokan","sequence":"additional","affiliation":[{"name":"David R. Cheriton School of Computer Science, University of Waterloo, Canada and Computer Science, Aalto University, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi, Carsten Baum, Moustapha Ciss\u00e9, Benny Pinkas, and Joseph Keshet. 2018. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne\u00a0Porter Felt (Eds.). USENIX Association, 1615\u20131631."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33014561"},{"key":"e_1_3_2_1_3_1","volume-title":"Sequential Triggers for Watermarking of Deep Reinforcement Learning Policies. CoRR abs\/1906.01126","author":"Behzadan Vahid","year":"2019","unstructured":"Vahid Behzadan and William\u00a0H. Hsu. 2019. Sequential Triggers for Watermarking of Deep Reinforcement Learning Policies. CoRR abs\/1906.01126 (2019). arXiv:1906.01126http:\/\/arxiv.org\/abs\/1906.01126"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1613\/jair.3912"},{"key":"e_1_3_2_1_5_1","volume-title":"ACM Asia Conference on Computer and Communications Security, Virtual Event","author":"Cao Xiaoyu","year":"2021","unstructured":"Xiaoyu Cao, Jinyuan Jia, and Neil\u00a0Zhenqiang Gong. 2021. IPGuard: Protecting Intellectual Property of Deep Neural Networks via Fingerprinting the Classification Boundary. In ASIA CCS \u201921: ACM Asia Conference on Computer and Communications Security, Virtual Event, Hong Kong, June 7-11, 2021, Jiannong Cao, Man\u00a0Ho Au, Zhiqiang Lin, and Moti Yung (Eds.). ACM, 14\u201325."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/3463952.3463994"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453090"},{"key":"e_1_3_2_1_8_1","volume-title":"Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium, USENIX Security 2019","author":"Demontis Ambra","year":"2019","unstructured":"Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, and Fabio Roli. 2019. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 321\u2013338."},{"key":"e_1_3_2_1_9_1","volume-title":"Adversarial Policies: Attacking Deep Reinforcement Learning. In 8th International Conference on Learning Representations, ICLR 2020","author":"Gleave Adam","year":"2020","unstructured":"Adam Gleave, Michael Dennis, Cody Wild, Neel Kant, Sergey Levine, and Stuart Russell. 2020. Adversarial Policies: Attacking Deep Reinforcement Learning. In 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020. OpenReview.net. https:\/\/openreview.net\/forum?id=HJgEMpVFwB"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-19775-8_24"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 28th International Conference on Neural Information Processing Systems -","volume":"1","author":"Han Song","year":"2015","unstructured":"Song Han, Jeff Pool, John Tran, and William\u00a0J. Dally. 2015. Learning Both Weights and Connections for Efficient Neural Networks. In Proceedings of the 28th International Conference on Neural Information Processing Systems - Volume 1 (Montreal, Canada) (NIPS\u201915). MIT Press, Cambridge, MA, USA, 1135\u20131143."},{"key":"e_1_3_2_1_12_1","volume-title":"5th International Conference on Learning Representations, ICLR","author":"Huang H.","year":"2017","unstructured":"Sandy\u00a0H. Huang, Nicolas Papernot, Ian\u00a0J. Goodfellow, Yan Duan, and Pieter Abbeel. 2017. Adversarial Attacks on Neural Network Policies. In 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24-26, 2017, Workshop Track Proceedings. OpenReview.net. https:\/\/openreview.net\/forum?id=ryvlRyBKl"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/3398761.3398829"},{"key":"e_1_3_2_1_14_1","volume-title":"2nd Annual Conference on Robot Learning, CoRL","author":"Kalashnikov Dmitry","year":"2018","unstructured":"Dmitry Kalashnikov, Alex Irpan, Peter Pastor, Julian Ibarz, Alexander Herzog, Eric Jang, Deirdre Quillen, Ethan Holly, Mrinal Kalakrishnan, Vincent Vanhoucke, and Sergey Levine. 2018. Scalable Deep Reinforcement Learning for Vision-Based Robotic Manipulation. In 2nd Annual Conference on Robot Learning, CoRL 2018, Z\u00fcrich, Switzerland, 29-31 October 2018, Proceedings(Proceedings of Machine Learning Research, Vol.\u00a087). PMLR, 651\u2013673."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2021.3054625"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i7.20684"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2019.2927410"},{"key":"e_1_3_2_1_18_1","volume-title":"Detecting Adversarial Attacks on Neural Network Policies with Visual Foresight. CoRR abs\/1710.00814","author":"Lin Yen-Chen","year":"2017","unstructured":"Yen-Chen Lin, Ming-Yu Liu, Min Sun, and Jia-Bin Huang. 2017. Detecting Adversarial Attacks on Neural Network Policies with Visual Foresight. CoRR abs\/1710.00814 (2017). arXiv:1710.00814http:\/\/arxiv.org\/abs\/1710.00814"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2019.00303"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","unstructured":"Jian Liu Rui Zhang Sebastian Szyller Kui Ren and N. Asokan. 2023. False Claims against Model Ownership Resolution. CoRR abs\/2304.06607 (2023). https:\/\/doi.org\/10.48550\/arXiv.2304.06607 arXiv:2304.06607","DOI":"10.48550\/arXiv.2304.06607"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF51468.2021.00044"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833693"},{"key":"e_1_3_2_1_23_1","volume-title":"9th International Conference on Learning Representations, ICLR 2021","author":"Lukas Nils","year":"2021","unstructured":"Nils Lukas, Yuxuan Zhang, and Florian Kerschbaum. 2021. Deep Neural Network Fingerprinting by Conferrable Adversarial Examples. In 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, May 3-7, 2021. OpenReview.net. https:\/\/openreview.net\/forum?id=VqzVhqxkjH1"},{"key":"e_1_3_2_1_24_1","volume-title":"Robust Reinforcement Learning for Continuous Control with Model Misspecification. In 8th International Conference on Learning Representations, ICLR 2020","author":"Mankowitz J.","year":"2020","unstructured":"Daniel\u00a0J. Mankowitz, Nir Levine, Rae Jeong, Abbas Abdolmaleki, Jost\u00a0Tobias Springenberg, Yuanyuan Shi, Jackie Kay, Todd Hester, Timothy\u00a0A. Mann, and Martin\u00a0A. Riedmiller. 2020. Robust Reinforcement Learning for Continuous Control with Model Misspecification. In 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020. OpenReview.net."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016(JMLR Workshop and Conference Proceedings, Vol.\u00a048)","author":"Mnih Volodymyr","year":"2016","unstructured":"Volodymyr Mnih, Adri\u00e0\u00a0Puigdom\u00e8nech Badia, Mehdi Mirza, Alex Graves, Timothy\u00a0P. Lillicrap, Tim Harley, David Silver, and Koray Kavukcuoglu. 2016. Asynchronous Methods for Deep Reinforcement Learning. In Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016(JMLR Workshop and Conference Proceedings, Vol.\u00a048). JMLR.org, 1928\u20131937."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1038\/nature14236"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_1_28_1","volume-title":"NAG: Network for Adversary Generation. In 2018 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2018","author":"Mopuri Konda\u00a0Reddy","year":"2018","unstructured":"Konda\u00a0Reddy Mopuri, Utkarsh Ojha, Utsav Garg, and R.\u00a0Venkatesh Babu. 2018. NAG: Network for Adversary Generation. In 2018 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2018, Salt Lake City, UT, USA, June 18-22, 2018. Computer Vision Foundation \/ IEEE Computer Society, 742\u2013751."},{"key":"e_1_3_2_1_29_1","volume-title":"Advances in Neural Information Processing Systems 34: Annual Conference on Neural Information Processing Systems 2021","author":"Oikarinen P.","year":"2021","unstructured":"Tuomas\u00a0P. Oikarinen, Wang Zhang, Alexandre Megretski, Luca Daniel, and Tsui-Wei Weng. 2021. Robust Deep Reinforcement Learning through Adversarial Loss. In Advances in Neural Information Processing Systems 34: Annual Conference on Neural Information Processing Systems 2021, NeurIPS 2021, December 6-14, 2021, virtual, Marc\u2019Aurelio Ranzato, Alina Beygelzimer, Yann\u00a0N. Dauphin, Percy Liang, and Jennifer\u00a0Wortman Vaughan (Eds.). 26156\u201326167."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/3535850.3535963"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01307"},{"key":"e_1_3_2_1_32_1","volume-title":"CNN Features Off-the-Shelf: An Astounding Baseline for Recognition. In IEEE Conference on Computer Vision and Pattern Recognition, CVPR Workshops 2014","author":"Razavian Ali\u00a0Sharif","year":"2014","unstructured":"Ali\u00a0Sharif Razavian, Hossein Azizpour, Josephine Sullivan, and Stefan Carlsson. 2014. CNN Features Off-the-Shelf: An Astounding Baseline for Recognition. In IEEE Conference on Computer Vision and Pattern Recognition, CVPR Workshops 2014, Columbus, OH, USA, June 23-28, 2014. IEEE Computer Society, 512\u2013519."},{"key":"e_1_3_2_1_33_1","volume-title":"Proximal Policy Optimization Algorithms. CoRR abs\/1707.06347","author":"Schulman John","year":"2017","unstructured":"John Schulman, Filip Wolski, Prafulla Dhariwal, Alec Radford, and Oleg Klimov. 2017. Proximal Policy Optimization Algorithms. CoRR abs\/1707.06347 (2017). arxiv:1707.06347http:\/\/arxiv.org\/abs\/1707.06347"},{"key":"e_1_3_2_1_34_1","volume-title":"Reinforcement Learning: An Introduction. A Bradford Book","author":"Sutton S.","year":"2018","unstructured":"Richard\u00a0S. Sutton and Andrew\u00a0G. Barto. 2018. Reinforcement Learning: An Introduction. A Bradford Book, Cambridge, MA, USA."},{"key":"e_1_3_2_1_35_1","volume-title":"ACM Multimedia Conference","author":"Szyller Sebastian","year":"2021","unstructured":"Sebastian Szyller, Buse\u00a0Gul Atli, Samuel Marchal, and N. Asokan. 2021. DAWN: Dynamic Adversarial Watermarking of Neural Networks. In MM \u201921: ACM Multimedia Conference, Virtual Event, China, October 20 - 24, 2021, Heng\u00a0Tao Shen, Yueting Zhuang, John\u00a0R. Smith, Yang Yang, Pablo C\u00e9sar, Florian Metze, and Balakrishnan Prabhakaran (Eds.). ACM, 4417\u20134425."},{"key":"e_1_3_2_1_36_1","volume-title":"Real-Time Adversarial Perturbations Against Deep Reinforcement Learning Policies: Attacks and Defenses. In 27th European Symposium on Research in Computer Security","author":"Tekgul Buse","year":"2022","unstructured":"Buse G.\u00a0A. Tekgul, Shelly Wang, Samuel Marchal, and N. Asokan. 2022. Real-Time Adversarial Perturbations Against Deep Reinforcement Learning Policies: Attacks and Defenses. In 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26-30, 2022, Proceedings, Part III(Lecture Notes in Computer Science, Vol.\u00a013556). Springer, 384\u2013404."},{"key":"e_1_3_2_1_37_1","volume-title":"The Space of Transferable Adversarial Examples. CoRR abs\/1704.03453","author":"Tram\u00e8r Florian","year":"2017","unstructured":"Florian Tram\u00e8r, Nicolas Papernot, Ian\u00a0J. Goodfellow, Dan Boneh, and Patrick\u00a0D. McDaniel. 2017. The Space of Transferable Adversarial Examples. CoRR abs\/1704.03453 (2017). arXiv:1704.03453http:\/\/arxiv.org\/abs\/1704.03453"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1221"},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016(JMLR Workshop and Conference Proceedings, Vol.\u00a048)","author":"Wang Ziyu","year":"1995","unstructured":"Ziyu Wang, Tom Schaul, Matteo Hessel, Hado van Hasselt, Marc Lanctot, and Nando de Freitas. [n. d.]. Dueling Network Architectures for Deep Reinforcement Learning. In Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016(JMLR Workshop and Conference Proceedings, Vol.\u00a048), Maria-Florina Balcan and Kilian\u00a0Q. Weinberger (Eds.). JMLR.org, 1995\u20132003."},{"key":"e_1_3_2_1_40_1","volume-title":"Toward Evaluating Robustness of Deep Reinforcement Learning with Continuous Control. In 8th International Conference on Learning Representations, ICLR 2020","author":"Weng Tsui-Wei","year":"2020","unstructured":"Tsui-Wei Weng, Krishnamurthy\u00a0Dj Dvijotham, Jonathan Uesato, Kai Xiao, Sven Gowal, Robert Stanforth, and Pushmeet Kohli. 2020. Toward Evaluating Robustness of Deep Reinforcement Learning with Continuous Control. In 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020. OpenReview.net."},{"key":"e_1_3_2_1_41_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Yan Mengjia","year":"2020","unstructured":"Mengjia Yan, Christopher\u00a0W. Fletcher, and Josep Torrellas. 2020. Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2003\u20132020. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/yan"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2205.00199"},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016(JMLR Workshop and Conference Proceedings, Vol.\u00a048)","author":"Zahavy Tom","year":"1899","unstructured":"Tom Zahavy, Nir Ben-Zrihem, and Shie Mannor. [n. d.]. Graying the black box: Understanding DQNs. In Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016(JMLR Workshop and Conference Proceedings, Vol.\u00a048), Maria-Florina Balcan and Kilian\u00a0Q. Weinberger (Eds.). JMLR.org, 1899\u20131908."},{"key":"e_1_3_2_1_44_1","unstructured":"Huan Zhang Hongge Chen Chaowei Xiao Bo Li Mingyan Liu Duane\u00a0S. Boning and Cho-Jui Hsieh. 2020. Robust Deep Reinforcement Learning against Adversarial Perturbations on State Observations. (2020)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196550"}],"event":{"name":"ACSAC '23: Annual Computer Security Applications Conference","acronym":"ACSAC '23","location":"Austin TX USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627128","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3627106.3627128","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T17:38:46Z","timestamp":1755884326000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627128"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,4]]},"references-count":45,"alternative-id":["10.1145\/3627106.3627128","10.1145\/3627106"],"URL":"https:\/\/doi.org\/10.1145\/3627106.3627128","relation":{},"subject":[],"published":{"date-parts":[[2023,12,4]]},"assertion":[{"value":"2023-12-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}