. Stuxnnet,

B. Biggio and F. Roli, Wild patterns: Ten years after the rise of adversarial machine learning, Pattern Recognition, vol.84, pp.317-331, 2018.

M. Blum, Program checking, Foundations of Software Technology and Theoretical Computer Science, pp.1-9, 1991.

Q. Cao, L. Shen, W. Xie, O. M. Parkhi, and A. Zisserman, Vggface2: A dataset for recognising faces across pose and age, FG, 2018.

G. Coker, J. Guttman, P. Loscocco, A. Herzog, J. Millen et al., Principles of remote attestation, International Journal of Information Security, vol.10, issue.2, pp.63-81, 2011.

C. S. Collberg and C. Thomborson, Watermarking, tamper-proofing, and obfuscation -tools for software protection, IEEE Transactions on Software Engineering, vol.28, issue.8, pp.735-746, 2002.

I. J. Goodfellow, J. Shlens, and C. Szegedy, Explaining and harnessing adversarial examples, ICLR, 2015.

K. He, X. Zhang, S. Ren, and J. Sun, Deep residual learning for image recognition, 2015.

D. Hitaj and L. V. Mancini, Have you stolen my model? evasion attacks against deep neural network watermarking techniques, 2018.

A. G. Howard, M. Zhu, B. Chen, D. Kalenichenko, W. Wang et al., Mobilenets: Efficient convolutional neural networks for mobile vision applications, 2017.

G. Huang, Z. Liu, L. V. Maaten, and K. Q. Weinberger, Densely connected convolutional networks, CVPR, 2017.

T. Hwu, J. Isbell, N. Oros, and J. Krichmar, A self-driving robot using deep convolutional neural networks on neuromorphic hardware, 2017.

A. Kurakin, I. J. Goodfellow, and S. Bengio, Adversarial examples in the physical world, 2017.

N. D. Lane, S. Bhattacharya, P. Georgiev, C. Forlivesi, L. Jiao et al., Deepx: A software accelerator for low-power deep learning inference on mobile devices, IPSN, 2016.

E. L. Merrer, P. Perez, and G. Trédan, Adversarial frontier stitching for remote neural network watermarking, 2017.
URL : https://hal.archives-ouvertes.fr/hal-02043818

C. Song, T. Ristenpart, and V. Shmatikov, Machine learning models that remember too much, CCS, 2017.

C. Lee and D. A. Landgrebe, Decision boundary feature extraction for neural networks, IEEE Transactions on Neural Networks, vol.8, issue.1, pp.75-83, 1997.

Y. Liu, S. Ma, Y. Aafer, W. Lee, J. Zhai et al., Trojaning attack on neural networks. In NDSS, 2018.

D. Meng and H. Chen, Magnet: A two-pronged defense against adversarial examples, CCS, 2017.

Y. Nagai, Y. Uchida, S. Sakazawa, and S. Satoh, Digital watermarking for deep neural networks. IJMIR, vol.7, pp.3-16, 2018.

N. Papernot, P. Mcdaniel, I. Goodfellow, S. Jha, Z. B. Celik et al., Practical black-box attacks against machine learning, ASIA CCS, 2017.

N. Papernot, P. Mcdaniel, X. Wu, S. Jha, and A. Swami, Distillation as a defense to adversarial perturbations against deep neural networks, In S&P, 2016.

N. Papernot, P. D. Mcdaniel, A. Sinha, and M. P. Wellman, Towards the science of security and privacy in machine learning, CoRR, 2016.

O. M. Parkhi, A. Vedaldi, and A. Zisserman, Deep face recognition, BMVC, 2015.

K. Pei, Y. Cao, J. Yang, and S. Jana, Deepxplore: Automated whitebox testing of deep learning systems, SOSP, 2017.

J. Roux, E. Alata, G. Auriol, V. Nicomette, and M. Kaniche, Toward an intrusion detection approach for iot based on radio communications profiling, EDCC, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01561710

R. Shokri, M. Stronati, C. Song, and V. Shmatikov, Membership inference attacks against machine learning models, S&P, 2017.

K. Simonyan and A. Zisserman, Very deep convolutional networks for large-scale image recognition, 2014.

C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan et al., Intriguing properties of neural networks, In ICLR, 2013.

F. Tramer, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, Stealing machine learning models via prediction apis, USENIX Security, 2016.

N. Walkinshaw, K. Bogdanov, M. Holcombe, and S. Salahuddin, Reverse engineering state machines by interactive grammar inference, 14th Working Conference on Reverse Engineering, pp.209-218, 2007.

B. Wu, F. N. Iandola, P. H. Jin, and K. Keutzer, Squeezedet: Unified, small, low power fully convolutional neural networks for real-time object detection for autonomous driving, IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2017.

W. Xu, D. Evans, and Y. Qi, Feature squeezing: Detecting adversarial examples in deep neural networks, NDSS, 2018.