{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:47:39Z","timestamp":1742914059692,"version":"3.40.3"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030656096"},{"type":"electronic","value":"9783030656102"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65610-2_4","type":"book-chapter","created":{"date-parts":[[2020,12,5]],"date-time":"2020-12-05T09:03:39Z","timestamp":1607159019000},"page":"69-80","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Defence Against Input-Agnostic Backdoor Attacks on Deep Neural Networks"],"prefix":"10.1007","author":[{"given":"Yansong","family":"Gao","sequence":"first","affiliation":[]},{"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,6]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Abuadbba, S., et al.: Can we use split learning on 1D CNN models for privacy preserving training? In: The 15th ACM ASIA Conference on Computer and Communications Security (AsiaCCS) (2020)","DOI":"10.1145\/3320269.3384740"},{"key":"4_CR2","unstructured":"Bagdasaryan, E., Shmatikov, V.: Blind backdoors in deep learning models. arXiv preprint arXiv:2005.03823 (2020)"},{"key":"4_CR3","unstructured":"Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics (AISTATS), pp. 2938\u20132948 (2020). https:\/\/github.com\/ebagdasa\/backdoor_federated_learning"},{"key":"4_CR4","unstructured":"Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.: Analyzing federated learning through an adversarial lens. In: International Conference on Machine Learning (ICML), pp. 634\u2013643 (2019)"},{"key":"4_CR5","unstructured":"Bonawitz, K., et al.: Towards federated learning at scale: system design. arXiv preprint arXiv:1902.01046 (2019)"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Chen, H., Fu, C., Zhao, J., Koushanfar, F.: DeepInspect: a black-box Trojan detection and mitigation framework for deep neural networks. In: International Joint Conference on Artificial Intelligence, pp. 4658\u20134664 (2019)","DOI":"10.24963\/ijcai.2019\/647"},{"key":"4_CR7","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Codreanu, V., Podareanu, D., Saletore, V.: Scale out for large minibatch SGD: residual network training on Imagenet-1k with improved accuracy and reduced time to train. arXiv preprint arXiv:1711.04291 (2017)","DOI":"10.1109\/MLHPC.2018.8638634"},{"key":"4_CR9","doi-asserted-by":"crossref","unstructured":"Costales, R., Mao, C., Norwitz, R., Kim, B., Yang, J.: Live Trojan attacks on deep neural networks. arXiv preprint arXiv:2004.11370 (2020). https:\/\/github.com\/robbycostales\/live-trojans","DOI":"10.1109\/CVPRW50498.2020.00406"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 248\u2013255. IEEE (2009)","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"4_CR11","unstructured":"Freesound: Freesound dataset. https:\/\/annotator.freesound.org\/. Accessed 14 July 2020"},{"key":"4_CR12","unstructured":"Gao, Y., et al.: Backdoor attacks and countermeasures on deep learning: a comprehensive review. arXiv preprint arXiv:2007.10760 (2020)"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Gao, Y., et al.: End-to-end evaluation of federated learning and split learning for Internet of Things. In: The 39th International Symposium on Reliable Distributed Systems (SRDS) (2020)","DOI":"10.1109\/SRDS51746.2020.00017"},{"key":"4_CR14","unstructured":"Gao, Y., et al.: Design and evaluation of a multi-domain Trojan detection method on deep neural networks. arXiv preprint arXiv:1911.10312 (2019)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Gao, Y., Xu, C., Wang, D., Chen, S., Ranasinghe, D.C., Nepal, S.: STRIP: a defence against Trojan attacks on deep neural networks. In: Proceedings of the Annual Computer Security Applications Conference (ACSA), pp. 113\u2013125 (2019). https:\/\/github.com\/garrisongys\/STRIP","DOI":"10.1145\/3359789.3359790"},{"key":"4_CR16","unstructured":"Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: CryptoNets: applying neural networks to encrypted data with high throughput and accuracy. In: International Conference on Machine Learning, pp. 201\u2013210 (2016)"},{"key":"4_CR17","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"key":"4_CR18","unstructured":"Gu, T., Dolan-Gavitt, B., Garg, S.: BadNets: identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)"},{"key":"4_CR19","unstructured":"Hard, A., et al.: Federated learning for mobile keyboard prediction. arXiv preprint arXiv:1811.03604 (2018)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Jagielski, M., Severi, G., Harger, N.P., Oprea, A.: Subpopulation data poisoning attacks. arXiv preprint arXiv:2006.14026 (2020)","DOI":"10.1145\/3460120.3485368"},{"key":"4_CR22","unstructured":"Ji, Y., Liu, Z., Hu, X., Wang, P., Zhang, Y.: Programmable neural network Trojan for pre-trained feature extractor. arXiv preprint arXiv:1901.07766 (2019)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Ji, Y., Zhang, X., Ji, S., Luo, X., Wang, T.: Model-reuse attacks on deep learning systems. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 349\u2013363. ACM (2018)","DOI":"10.1145\/3243734.3243757"},{"key":"4_CR24","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images. Technical report. Citeseer (2009)"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Kurita, K., Michel, P., Neubig, G.: Weight poisoning attacks on pre-trained models. arXiv preprint arXiv:2004.06660 (2020). https:\/\/github.com\/neulab\/RIPPLe","DOI":"10.18653\/v1\/2020.acl-main.249"},{"issue":"7553","key":"4_CR26","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)","journal-title":"Nature"},{"issue":"11","key":"4_CR27","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998)","journal-title":"Proc. IEEE"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Y., Lee, W.C., Tao, G., Ma, S., Aafer, Y., Zhang, X.: ABS: scanning neural networks for back-doors by artificial brain stimulation. In: The ACM Conference on Computer and Communications Security (CCS) (2019)","DOI":"10.1145\/3319535.3363216"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Trojaning attack on neural networks. In: Network and Distributed System Security Symposium (NDSS) (2018)","DOI":"10.14722\/ndss.2018.23291"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Liu, Y., Xie, Y., Srivastava, A.: Neural Trojans. In: 2017 IEEE International Conference on Computer Design (ICCD), pp. 45\u201348. IEEE (2017)","DOI":"10.1109\/ICCD.2017.16"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 19\u201338. IEEE (2017)","DOI":"10.1109\/SP.2017.12"},{"key":"4_CR32","unstructured":"Mozilla: Common voice dataset. https:\/\/voice.mozilla.org\/cnh\/datasets. Accessed 14 July 2020"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Nguyen, T.D., Rieger, P., Miettinen, M., Sadeghi, A.R.: Poisoning attacks on federated learning-based IoT intrusion detection system. In: NDSS Workshop on Decentralized IoT Systems and Security (2020)","DOI":"10.14722\/diss.2020.23003"},{"key":"4_CR34","doi-asserted-by":"crossref","unstructured":"Quiring, E., Rieck, K.: Backdooring and poisoning neural networks with image-scaling attacks. arXiv preprint arXiv:2003.08633 (2020). https:\/\/scaling-attacks.net\/","DOI":"10.1109\/SPW50608.2020.00024"},{"issue":"8","key":"4_CR35","first-page":"9","volume":"1","author":"A Radford","year":"2019","unstructured":"Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I.: Language models are unsupervised multitask learners. OpenAI Blog 1(8), 9 (2019)","journal-title":"OpenAI Blog"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Ribeiro, M., Grolinger, K., Capretz, M.A.: MLaaS: machine learning as a service. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pp. 896\u2013902. IEEE (2015)","DOI":"10.1109\/ICMLA.2015.152"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Schuster, R., Schuster, T., Meri, Y., Shmatikov, V.: Humpty dumpty: controlling word meanings via corpus poisoning. In: IEEE Symposium on Security and Privacy (SP) (2020)","DOI":"10.1109\/SP40000.2020.00115"},{"key":"4_CR38","unstructured":"Shafahi, A., et al.: Poison frogs! Targeted clean-label poisoning attacks on neural networks. In: Advances in Neural Information Processing Systems (NIPS), pp. 6103\u20136113 (2018). https:\/\/github.com\/ashafahi\/inceptionv3-transferLearn-poison"},{"key":"4_CR39","unstructured":"Sun, Z., Kairouz, P., Suresh, A.T., McMahan, H.B.: Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019)"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Tan, T.J.L., Shokri, R.: Bypassing backdoor detection algorithms in deep learning. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2020)","DOI":"10.1109\/EuroSP48549.2020.00019"},{"key":"4_CR41","doi-asserted-by":"crossref","unstructured":"Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258\u2013263. IEEE (2016)","DOI":"10.1109\/WINCOM.2016.7777224"},{"key":"4_CR42","unstructured":"Veldanda, A.K., et al.: NNoculation: broad spectrum and targeted treatment of backdoored DNNs. arXiv preprint arXiv:2002.08313 (2020). https:\/\/github.com\/akshajkumarv\/NNoculation"},{"key":"4_CR43","unstructured":"Vepakomma, P., Gupta, O., Swedish, T., Raskar, R.: Split learning for health: distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564 (2018)"},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Wang, B., et al.: Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy (SP) (2019). https:\/\/github.com\/bolunwang\/backdoor","DOI":"10.1109\/SP.2019.00031"},{"key":"4_CR45","doi-asserted-by":"crossref","unstructured":"Wang, Q., et al.: Adversary resistant deep neural networks with an application to malware detection. In: Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD), pp. 1145\u20131153. ACM (2017)","DOI":"10.1145\/3097983.3098158"},{"key":"4_CR46","unstructured":"Xiao, Q., Chen, Y., Shen, C., Chen, Y., Li, K.: Seeing is not believing: camouflage attacks on image scaling algorithms. In: $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 19), pp. 443\u2013460 (2019). https:\/\/github.com\/yfchen1994\/scaling_camouflage"},{"key":"4_CR47","doi-asserted-by":"crossref","unstructured":"Xu, R., Joshi, J.B., Li, C.: CryptoNN: training neural networks over encrypted data. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 1199\u20131209. IEEE (2019)","DOI":"10.1109\/ICDCS.2019.00121"},{"key":"4_CR48","doi-asserted-by":"crossref","unstructured":"Yao, Y., Li, H., Zheng, H., Zhao, B.Y.: Latent backdoor attacks on deep neural networks. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 2041\u20132055 (2019)","DOI":"10.1145\/3319535.3354209"},{"key":"4_CR49","doi-asserted-by":"publisher","first-page":"10782","DOI":"10.1109\/JIOT.2020.2987958","volume":"7","author":"C Zhou","year":"2020","unstructured":"Zhou, C., Fu, A., Yu, S., Yang, W., Wang, H., Zhang, Y.: Privacy-preserving federated learning in fog computing. IEEE Internet Things J. 7, 10782\u201310793 (2020)","journal-title":"IEEE Internet Things J."},{"key":"4_CR50","unstructured":"Zhu, C., et al.: Transferable clean-label poisoning attacks on deep neural nets. In: International Conference on Learning Representations (ICLR) (2019). https:\/\/github.com\/zhuchen03\/ConvexPolytopePosioning"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65610-2_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T18:46:10Z","timestamp":1710269170000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-65610-2_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030656096","9783030656102"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65610-2_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"6 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Jammu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isrdc.iitb.ac.in\/iciss2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"In addition, 3 work-in-progress papers were published.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}