Nowadays, deep neural networks are used for solving complex tasks in several critical applications and protecting both their integrity and intellectual property rights (IPR) has become of utmost importance. To this end, we advance WaterMAS, a substitutive, white-box neural network watermarking method that improves the trade-off among robustness, imperceptibility, and computational complexity, while making provisions for increased data payload and security. WasterMAS insertion keeps unchanged the watermarked weights while sharpening their underlying gradient space. The robustness is thus ensured by limiting the attack's strength: even small alterations of the watermarked weights would impact the model's performance. The imperceptibility is ensured by inserting the watermark during the training process. The relationship among the WaterMAS data payload, imperceptibility, and robustness properties is discussed. The secret key is represented by the positions of the weights conveying the watermark, randomly chosen through multiple layers of the model. The security is evaluated by investigating the case in which an attacker would intercept the key. The experimental validations consider 5 models and 2 tasks (VGG16, ResNet18, MobileNetV3, SwinT for CIFAR10 image classification, and DeepLabV3 for Cityscapes image segmentation) as well as 4 types of attacks (Gaussian noise addition, pruning, fine-tuning, and quantization). The code will be released open-source upon acceptance of the article.

Abstract--As the primary standard protocol for modern cars, the Controller Area Network (CAN) is a critical research target for automotive cybersecurity threats and autonomous applications. The Controller Area Network OBD-II diagnostic data is easy to access via the OBD-II port, (CAN) protocol was firstly developed by Bosch in the as all modern cars are equipped with the OBD-II diagnostic 1980s [1] and serves as the de facto standard protocol for connecting system. OBD-II diagnostic data can be converted into humanreadable ECUs embedded in cars [3]-[5]. The standard structure accurate vehicle data with public formulas to be used of the CAN frame is composed of the start of frame, arbitration in the matching process for associating semantic meanings field, control field, data field, CRC field, ACK field and end with CAN signals. Both OBD-II diagnostic data and regular of frame, as shown in Figure 1. While the CAN protocol has CAN frames can be collected from the OBD-II port. The a standardized frame structure, understanding the protocol's RE systems can leverage both CAN and OBD-II diagnostic utilization for signal transmission remains challenging. This data to create a comprehensive dataset for reverse engineering is because Original Equipment Manufacturers (OEMs) encode purposes, eliminating the need for additional measurement the signals within the CAN frames' data fields (data payloads) equipment like IMUs. in proprietary ways that vary among OEMs, vehicle models, The primary objective of a CAN RE system is to identify the and years [6]. CAN messages frames is the first step to extracting the essential information are structured into frames, and the CAN frames of different to develop autonomous applications or explore automotive CAN IDs have different lengths of the data payload.

Seventeenth-century Amsterdam is known for three things: Rembrandt, the Bubonic Plague and Tulip Mania. It was 1637, the height of the Dutch Golden Age. Tulip bulbs were scarce and demand for them soared. They were also a symbol of status. Acres of land were swapped for seeds that would yield no more than a few flowers.