{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T18:16:52Z","timestamp":1775326612427,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030884178","type":"print"},{"value":"9783030884185","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-88418-5_22","type":"book-chapter","created":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T21:04:30Z","timestamp":1632949470000},"page":"455-475","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":140,"title":["CONTRA: Defending Against Poisoning Attacks in Federated Learning"],"prefix":"10.1007","author":[{"given":"Sana","family":"Awan","sequence":"first","affiliation":[]},{"given":"Bo","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Fengjun","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,9,30]]},"reference":[{"key":"22_CR1","unstructured":"Arnold, S., Yesilbas, D.: Demystifying the effects of non-independence in federated learning. arXiv preprint arXiv:2103.11226 (2021)"},{"key":"22_CR2","unstructured":"Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938\u20132948. PMLR (2020)"},{"key":"22_CR3","doi-asserted-by":"crossref","unstructured":"Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: ACM Symposium on Information Computer and Communication security (2006)","DOI":"10.1145\/1128817.1128824"},{"issue":"2","key":"22_CR4","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10994-010-5188-5","volume":"81","author":"M Barreno","year":"2010","unstructured":"Barreno, M., Nelson, B., Joseph, A.D., Tygar, J.D.: The security of machine learning. Mach. Learn. 81(2), 121\u2013148 (2010). https:\/\/doi.org\/10.1007\/s10994-010-5188-5","journal-title":"Mach. Learn."},{"key":"22_CR5","first-page":"8635","volume":"32","author":"G Baruch","year":"2019","unstructured":"Baruch, G., Baruch, M., Goldberg, Y.: A little is enough: circumventing defenses for distributed learning. Adv. Neural Inf. Process. Syst. 32, 8635\u20138645 (2019)","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"22_CR6","unstructured":"Beaufays, F., Rao, K., Mathews, R., Ramaswamy, S.: Federated learning for emoji prediction in a mobile keyboard (2019). https:\/\/arxiv.org\/abs\/1906.04329"},{"key":"22_CR7","unstructured":"Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.: Model poisoning attacks in federated learning. In: Workshop on Security in Machine Learning (SecML) (2018)"},{"key":"22_CR8","unstructured":"Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.: Analyzing federated learning through an adversarial lens. In: the 36th International Conference on Machine Learning (2019)"},{"key":"22_CR9","unstructured":"Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of the 29th International Conference on International Conference on Machine Learning, pp. 1467\u20131474 (2012)"},{"key":"22_CR10","unstructured":"Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. In: the 31st International Conference on Neural Information Processing Systems, pp. 118\u2013128 (2017)"},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Cao, X., Fang, M., Liu, J., Gong, N.Z.: FLTrust: byzantine-robust federated learning via trust bootstrapping (2020)","DOI":"10.14722\/ndss.2021.24434"},{"key":"22_CR12","first-page":"44:1","volume":"1","author":"Y Chen","year":"2017","unstructured":"Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: byzantine gradient descent. POMACS 1, 44:1-44:25 (2017)","journal-title":"POMACS"},{"key":"22_CR13","unstructured":"Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to byzantine-robust federated learning. In: 29th USENIX Security Symposium (2020)"},{"key":"22_CR14","unstructured":"Fung, C., Yoon, C.J.M., Beschastnikh, I.: The limitations of federated learning in sybil settings. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pp. 301\u2013316 (2020)"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Ganju, K., Wang, Q., Yang, W., Gunter, C.A., Borisov, N.: Property inference attacks on fully connected neural networks using permutation invariant representations. In: ACM Conference on Computer and Communication Security, pp. 619\u2013633 (2018)","DOI":"10.1145\/3243734.3243834"},{"key":"22_CR16","unstructured":"George, N.: Lending club loan data (version 3) (2019). https:\/\/www.kaggle.com\/wordsforthewise\/lending-club"},{"key":"22_CR17","unstructured":"Gu, T., Dolan-Gavitt, B., Garg, S.: Badnets: identifying vulnerabilities in the machine learning model supply chain (2019)"},{"key":"22_CR18","unstructured":"Hsu, T.M.H., Qi, H., Brown, M.: Measuring the effects of non-identical data distribution for federated visual classification. arXiv preprint arXiv:1909.06335 (2019)"},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., Li, B.: Manipulating machine learning: poisoning attacks and countermeasures for regression learning. In: the 39th IEEE Symposium on Security and Privacy (2018)","DOI":"10.1109\/SP.2018.00057"},{"issue":"6","key":"22_CR20","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1038\/s42256-020-0186-1","volume":"2","author":"GA Kaissis","year":"2020","unstructured":"Kaissis, G.A., Makowski, M.R., R\u00fcckert, D., Braren, R.F.: Secure, privacy-preserving and federated machine learning in medical imaging. Nat. Mach. Intell. 2(6), 305\u2013311 (2020)","journal-title":"Nat. Mach. Intell."},{"key":"22_CR21","unstructured":"Kone\u010dn\u1ef3, J., McMahan, H.B., Yu, F.X., Richt\u00e1rik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016)"},{"key":"22_CR22","unstructured":"Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)"},{"issue":"11","key":"22_CR23","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y Lecun","year":"1998","unstructured":"Lecun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998)","journal-title":"Proc. IEEE"},{"key":"22_CR24","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273\u20131282. PMLR (2017)"},{"key":"22_CR25","unstructured":"McMahan, B., Ramage, D.: Federated learning: collaborative machine learning without centralized training data (2017). https:\/\/ai.googleblog.com\/2017\/04\/federated-learning-collaborative.html"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Mu\u00f1oz-Gonz\u00e1lez, L., et al.: Towards poisoning of deep learning algorithms with back-gradient optimization. In: the 10th ACM Workshop on Artificial Intelligence and Security, pp. 27\u201338 (2017)","DOI":"10.1145\/3128572.3140451"},{"key":"22_CR27","unstructured":"Mu\u00f1oz-Gonz\u00e1lez, L. Co, K.T., Lupu, E.C.: Byzantine-robust federated machine learning through adaptive model averaging. arXiv preprint arXiv:1909.05125 (2019)"},{"key":"22_CR28","unstructured":"Nguyen, T.D., et al.: FLGUARD: secure and private federated learning. arXiv preprint arXiv:2101.02281 (2021)"},{"key":"22_CR29","unstructured":"Shafahi, A., et al.: Poison frogs! targeted clean-label poisoning attacks on neural networks. In: 32nd International Conference on Neural Information Processing Systems, pp. 6106\u20136116 (2018)"},{"key":"22_CR30","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: Network and Distributed Systems Security (NDSS) Symposium 2021 (2021)","DOI":"10.14722\/ndss.2021.24498"},{"key":"22_CR31","unstructured":"Shen, S., Tople, S., Saxena, P.: Auror: defending against poisoning attacks in collaborative deep learning systems. In: In Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, 5\u20139 December 2016, pp. 508\u2013519 (2016)"},{"key":"22_CR32","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 3\u201318 (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"22_CR33","unstructured":"Steinhardt, J., Koh, P.W., Liang, P.: Certified defenses for data poisoning attacks. In: Proceedings of the 31st International Conference on Neural Information Processing Systems, NIPS\u201917, pp. 3520\u20133532 (2017)"},{"key":"22_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1007\/978-3-030-58951-6_24","volume-title":"Computer Security \u2013 ESORICS 2020","author":"V Tolpegin","year":"2020","unstructured":"Tolpegin, V., Truex, S., Gursoy, M.E., Liu, L.: Data poisoning attacks against federated learning systems. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 480\u2013501. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58951-6_24"},{"key":"22_CR35","unstructured":"Wu, C., Yang, X., Zhu, S., Mitra, P.: Mitigating backdoor attacks in federated learning. arXiv preprint arXiv:2011.01767 (2020)"},{"key":"22_CR36","unstructured":"Xie, C., Huang, K., Chen, P.Y., Li, B.: Dba: distributed backdoor attacks against federated learning. In: International Conference on Learning Representations (2020)"},{"key":"22_CR37","unstructured":"Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: towards optimal statistical rates. In: 35th International Conference on Machine Learning (2018)"},{"key":"22_CR38","unstructured":"Yurochkin, M., Agarwal, M., Ghosh, S., Greenewald, K., Hoang, N., Khazaeni, Y.: Bayesian nonparametric federated learning of neural networks. In: International Conference on Machine Learning, pp. 7252\u20137261. PMLR (2019)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-88418-5_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T21:26:23Z","timestamp":1632950783000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-88418-5_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030884178","9783030884185"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-88418-5_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"30 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Darmstadt","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2021.athene-center.de\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"351","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.07","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6.06","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}