{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T08:45:53Z","timestamp":1743151553715,"version":"3.40.3"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030968953"},{"type":"electronic","value":"9783030968960"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-96896-0_16","type":"book-chapter","created":{"date-parts":[[2022,7,7]],"date-time":"2022-07-07T12:16:52Z","timestamp":1657196212000},"page":"363-390","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Security and Robustness in Federated Learning"],"prefix":"10.1007","author":[{"given":"Ambrish","family":"Rawat","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giulio","family":"Zizzo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad Zaid","family":"Hameed","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luis","family":"Mu\u00f1oz-Gonz\u00e1lez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,2,8]]},"reference":[{"key":"16_CR1","unstructured":"Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V (2020) How to backdoor federated learning. In: Chiappa S, Calandra R (eds) The 23rd international conference on artificial intelligence and statistics, AISTATS 2020, 26\u201328 August 2020, Online [Palermo, Sicily, Italy], Proceedings of machine learning research. PMLR, vol 108, pp 2938\u20132948"},{"issue":"2","key":"16_CR2","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10994-010-5188-5","volume":"81","author":"M Barreno","year":"2010","unstructured":"Barreno M, Nelson B, Joseph AD, Tygar JD (2010) The security of machine learning. Mach Learn 81(2):121\u2013148","journal-title":"Mach Learn"},{"key":"16_CR3","unstructured":"Baruch G, Baruch M, Goldberg Y (2019) A little is enough: Circumventing defenses for distributed learning. In: Wallach H, Larochelle H, Beygelzimer A, d'Alch\u00e9-Buc F, Fox E, Garnett R (eds) Advances in neural information processing systems 32, pp 8635\u20138645. Curran Associates. http:\/\/papers.nips.cc\/paper\/9069-a-little-is-enough-circumventing-defenses-for-distributed-learning.pdf"},{"key":"16_CR4","unstructured":"Bernstein J, Zhao J, Azizzadenesheli K, Anandkumar A (2018) signSGD with majority vote is communication efficient and fault tolerant. Preprint. arXiv:1810.05291"},{"key":"16_CR5","unstructured":"Bhagoji AN, Chakraborty S, Mittal P, Calo S (2019) Analyzing federated learning through an adversarial lens. In: International conference on machine learning. PMLR, pp 634\u2013643"},{"key":"16_CR6","unstructured":"Biggio B, Nelson B, Laskov P (2012) Poisoning attacks against support vector machines. In: Proceedings of the 29th international conference on machine learning, ICML 2012, Edinburgh, Scotland, June 26\u2013July 1, 2012. icml.cc\/Omnipress. http:\/\/icml.cc\/2012\/papers\/880.pdf"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Biggio B, Corona I, Maiorca D, Nelson B, Srndic N, Laskov P, Giacinto G, Roli F (2013) Evasion attacks against machine learning at test time. In: Blockeel H, Kersting K, Nijssen S, Zelezn\u00fd F (eds) Machine learning and knowledge discovery in databases - European conference, ECML PKDD 2013, Prague, September 23\u201327, 2013, Proceedings, Part III, Lecture notes in computer science, vol 8190. Springer, pp 387\u2013402","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"16_CR8","unstructured":"Blanchard P, Guerraoui R, Stainer J et al (2017) Machine learning with adversaries: Byzantine tolerant gradient descent. In: Advances in neural information processing systems, pp 119\u2013129"},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Bonawitz K, Ivanov V, Kreuter B, Marcedone A, McMahan HB, Patel S, Ramage D, Segal A, Seth K (2017) Practical secure aggregation for privacy-preserving machine learning. In: Thuraisingham BM, Evans D, Malkin T, Xu D (eds) Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS 2017, Dallas, TX, October 30\u2013November 03, 2017. ACM, pp 1175\u20131191","DOI":"10.1145\/3133956.3133982"},{"issue":"8","key":"16_CR10","doi-asserted-by":"publisher","first-page":"1271","DOI":"10.1080\/14697688.2019.1571683","volume":"19","author":"H Buehler","year":"2019","unstructured":"Buehler H, Gonon L, Teichmann J, Wood B (2019) Deep hedging. Quant Financ 19(8):1271\u20131291","journal-title":"Quant Financ"},{"key":"16_CR11","unstructured":"Castro RL, Mu\u00f1oz-Gonz\u00e1lez L, Pendlebury F, Rodosek GD, Pierazzi F, Cavallaro L (2021) Universal adversarial perturbations for malware. CoRR abs\/2102.06747. https:\/\/arxiv.org\/abs\/2102.06747"},{"key":"16_CR12","unstructured":"Chen X, Liu C, Li B, Lu K, Song D (2017) Targeted backdoor attacks on deep learning systems using data poisoning. Preprint. arXiv:1712.05526"},{"key":"16_CR13","unstructured":"Chen L, Wang H, Charles Z, Papailiopoulos D (2018) Draco: Byzantine-resilient distributed training via redundant gradients. In: International conference on machine learning. PMLR, pp 903\u2013912"},{"key":"16_CR14","unstructured":"Fang M, Cao X, Jia J, Gong N (2020) Local model poisoning attacks to byzantine-robust federated learning. In: 29th {USENIX} security symposium ({USENIX} Security 20), pp 1605\u20131622"},{"key":"16_CR15","unstructured":"Fung C, Yoon CJ, Beschastnikh I (2018) Mitigating sybils in federated learning poisoning. Preprint. arXiv:1808.04866"},{"key":"16_CR16","unstructured":"Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: International conference on learning representations"},{"key":"16_CR17","doi-asserted-by":"crossref","unstructured":"Hitaj B, Ateniese G, P\u00e9rez-Cruz F (2017) Deep models under the GAN: information leakage from collaborative deep learning. In: Thuraisingham BM, Evans D, Malkin T, Xu D (eds) Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS 2017, Dallas, TX, October 30\u2013November 03, 2017. ACM, pp 603\u2013618","DOI":"10.1145\/3133956.3134012"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Huang L, Joseph AD, Nelson B, Rubinstein BIP, Tygar JD (2011) Adversarial machine learning. In: Chen Y, C\u00e1rdenas AA, Greenstadt R, Rubinstein BIP (eds) Proceedings of the 4th ACM workshop on security and artificial intelligence, AISec 2011, Chicago, IL, October 21, 2011. ACM, pp 43\u201358","DOI":"10.1145\/2046684.2046692"},{"issue":"3","key":"16_CR19","doi-asserted-by":"publisher","first-page":"1686","DOI":"10.1109\/COMST.2020.2986444","volume":"22","author":"F Hussain","year":"2020","unstructured":"Hussain F, Hussain R, Hassan S.A, Hossain E (2020) Machine learning in IoT security: Current solutions and future challenges. IEEE Commun Surv Tutorials 22(3):1686\u20131721","journal-title":"IEEE Commun Surv Tutorials"},{"key":"16_CR20","doi-asserted-by":"publisher","first-page":"1544","DOI":"10.1609\/aaai.v33i01.33011544","volume":"33","author":"L Li","year":"2019","unstructured":"Li L, Xu W, Chen T, Giannakis GB, Ling Q (2019) RSA: Byzantine-robust stochastic aggregation methods for distributed learning from heterogeneous datasets. In: Proceedings of the AAAI conference on artificial intelligence, vol 33, pp 1544\u20131551","journal-title":"Proceedings of the AAAI conference on artificial intelligence, vol"},{"key":"16_CR21","doi-asserted-by":"crossref","unstructured":"Liu Y, Ma S, Aafer Y, Lee W, Zhai J, Wang W, Zhang X (2018) Trojaning attack on neural networks. In: 25th Annual network and distributed system security symposium, NDSS 2018, San Diego, California, February 18\u201321, 2018. The Internet Society","DOI":"10.14722\/ndss.2018.23291"},{"key":"16_CR22","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks. In: International conference on learning representations. https:\/\/openreview.net\/forum?id=rJzIBfZAb"},{"key":"16_CR23","doi-asserted-by":"crossref","unstructured":"Melis L, Song C, Cristofaro ED, Shmatikov V (2019) Exploiting unintended feature leakage in collaborative learning. In: 2019 IEEE symposium on security and privacy, SP 2019, San Francisco, CA, May 19\u201323, 2019. IEEE, pp 691\u2013706","DOI":"10.1109\/SP.2019.00029"},{"key":"16_CR24","unstructured":"Mhamdi EME, Guerraoui R, Rouault S (2018) The hidden vulnerability of distributed learning in Byzantium. Preprint. arXiv:1802.07927"},{"key":"16_CR25","doi-asserted-by":"crossref","unstructured":"Mu\u00f1oz-Gonz\u00e1lez L, Lupu EC (2019) The security of machine learning systems. In: AI in cybersecurity. Springer, pp 47\u201379","DOI":"10.1007\/978-3-319-98842-9_3"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Mu\u00f1oz-Gonz\u00e1lez L, Biggio B, Demontis A, Paudice A, Wongrassamee V, Lupu EC, Roli F (2017) Towards poisoning of deep learning algorithms with back-gradient optimization. In: Thuraisingham BM, Biggio B, Freeman DM, Miller B, Sinha A (eds) Proceedings of the 10th ACM workshop on artificial intelligence and security, AISec@CCS 2017, Dallas, TX, November 3, 2017. ACM, pp 27\u201338","DOI":"10.1145\/3128572.3140451"},{"key":"16_CR27","unstructured":"Mu\u00f1oz-Gonz\u00e1lez L, Co KT, Lupu EC (2019) Byzantine-robust federated machine learning through adaptive model averaging. Preprint. arXiv:1909.05125"},{"key":"16_CR28","doi-asserted-by":"crossref","unstructured":"Nasr M, Shokri R, Houmansadr A (2019) Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In: 2019 IEEE symposium on security and privacy, SP 2019, San Francisco, CA, May 19\u201323, 2019. IEEE, pp 739\u2013753","DOI":"10.1109\/SP.2019.00065"},{"key":"16_CR29","unstructured":"Papernot N, McDaniel PD, Goodfellow IJ (2016) Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. CoRR abs\/1605.07277. http:\/\/arxiv.org\/abs\/1605.07277"},{"key":"16_CR30","unstructured":"Paudice A, Mu\u00f1oz-Gonz\u00e1lez L, Gy\u00f6rgy A, Lupu EC (2018) Detection of adversarial training examples in poisoning attacks through anomaly detection. CoRR abs\/1802.03041. http:\/\/arxiv.org\/abs\/1802.03041"},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Paudice A, Mu\u00f1oz-Gonz\u00e1lez L, Lupu EC (2018) Label sanitization against label flipping poisoning attacks. In: Alzate C, Monreale A, Assem H, Bifet A, Buda TS, Caglayan B, Drury B, Garc\u00eda-Mart\u00edn E, Gavald\u00e0 R, Kramer S, Lavesson N, Madden M, Molloy I, Nicolae M, Sinn M (eds) ECML PKDD 2018 Workshops - Nemesis 2018, UrbReas 2018, SoGood 2018, IWAISe 2018, and Green Data Mining 2018, Dublin, September 10\u201314, 2018, Proceedings, Lecture Notes in Computer Science, vol 11329. Springer, pp 5\u201315","DOI":"10.1007\/978-3-030-13453-2_1"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Pierazzi, F, Pendlebury, F, Cortellazzi, J, Cavallaro, L (2020) Intriguing properties of adversarial ML attacks in the problem space. In: 2020 IEEE symposium on security and privacy, SP 2020, San Francisco, CA, May 18\u201321, 2020. IEEE, pp 1332\u20131349","DOI":"10.1109\/SP40000.2020.00073"},{"key":"16_CR33","unstructured":"Pillutla VK, Kakade SM, Harchaoui Z (2019) Robust aggregation for federated learning. CoRR abs\/1912.13445. http:\/\/arxiv.org\/abs\/1912.13445"},{"key":"16_CR34","unstructured":"Rajput S, Wang H, Charles Z, Papailiopoulos D (2019) Detox: A redundancy-based framework for faster and more robust gradient aggregation. Preprint. arXiv:1907.12205"},{"key":"16_CR35","unstructured":"Shafahi A, Huang WR, Najibi M, Suciu O, Studer C, Dumitras T, Goldstein T (2018) Poison frogs! targeted clean-label poisoning attacks on neural networks. Preprint. arXiv:1804.00792"},{"key":"16_CR36","unstructured":"Shah D, Dube P, Chakraborty S, Verma A (2021) Adversarial training in communication constrained federated learning. Preprint. arXiv:2103.01319"},{"issue":"1","key":"16_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1038\/s41598-018-37186-2","volume":"9","author":"L Shen","year":"2019","unstructured":"Shen L, Margolies LR, Rothstein JH, Fluder E, McBride R, Sieh W (2019) Deep learning to improve breast cancer detection on screening mammography. Sci Rep 9(1):1\u201312","journal-title":"Sci Rep"},{"key":"16_CR38","unstructured":"Sohn Jy, Han DJ, Choi B, Moon J (2019) Election coding for distributed learning: Protecting signSGD against byzantine attacks. Preprint. arXiv:1910.06093"},{"key":"16_CR39","unstructured":"Sun Z, Kairouz P, Suresh AT, McMahan HB (2019) Can you really backdoor federated learning? Preprint. arXiv:1911.07963"},{"key":"16_CR40","unstructured":"Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow IJ, Fergus R (2014) Intriguing properties of neural networks. In: Bengio Y, LeCun Y (eds) 2nd International conference on learning representations, ICLR 2014, Banff, AB, April 14\u201316, 2014, Conference Track Proceedings. http:\/\/arxiv.org\/abs\/1312.6199"},{"key":"16_CR41","doi-asserted-by":"crossref","unstructured":"Tolpegin V, Truex S, Gursoy ME, Liu L (2020) Data poisoning attacks against federated learning systems. In: European symposium on research in computer security. Springer, pp 480\u2013501","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"16_CR42","doi-asserted-by":"crossref","unstructured":"Varma K, Zhou Y, Baracaldo N, Anwar A (2021) Legato: A layerwise gradient aggregation algorithm for mitigating byzantine attacks in federated learning. In: 2021 IEEE 14th international conference on cloud computing (CLOUD)","DOI":"10.1109\/CLOUD53861.2021.00040"},{"key":"16_CR43","unstructured":"Wang H, Sreenivasan K, Rajput S, Vishwakarma H, Agarwal S, Sohn Jy, Lee K, Papailiopoulos D (2020) Attack of the tails: Yes, you really can backdoor federated learning. Preprint. arXiv:2007.05084"},{"key":"16_CR44","unstructured":"Xiao H, Xiao H, Eckert C (2012) Adversarial label flips attack on support vector machines. In: Raedt LD, Bessiere C, Dubois D, Doherty P, Frasconi P, Heintz F, Lucas PJF (eds) ECAI 2012 - 20th European conference on artificial intelligence. Including prestigious applications of artificial intelligence (PAIS-2012) System demonstrations track, Montpellier, August 27\u201331, 2012, Frontiers in artificial intelligence and applications, vol 242. IOS Press, pp 870\u2013875"},{"key":"16_CR45","unstructured":"Xie C, Koyejo O, Gupta I (2018) Generalized byzantine-tolerant SGD. Preprint. arXiv:1802.10116"},{"key":"16_CR46","unstructured":"Xie C, Huang K, Chen PY, Li B (2019) Dba: Distributed backdoor attacks against federated learning. In: International conference on learning representations"},{"key":"16_CR47","unstructured":"Xie C, Koyejo O, Gupta I (2019) Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation. In: Globerson A, Silva R (eds) Proceedings of the thirty-fifth conference on uncertainty in artificial intelligence, UAI 2019, Tel Aviv, Israel, July 22\u201325, 2019. AUAI Press, p 83. http:\/\/auai.org\/uai2019\/proceedings\/papers\/83.pdf"},{"key":"16_CR48","unstructured":"Xie C, Koyejo S, Gupta I (2019) Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance. In: International conference on machine learning. PMLR, pp 6893\u20136901"},{"key":"16_CR49","unstructured":"Yin D, Chen Y, Ramchandran K, Bartlett P (2018) Byzantine-robust distributed learning: Towards optimal statistical rates. Preprint. arXiv:1803.01498"},{"key":"16_CR50","unstructured":"Zizzo G, Rawat A, Sinn M, Buesser B (2020) Fat: Federated adversarial training. Preprint. arXiv:2012.01791"}],"container-title":["Federated Learning"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-96896-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,7]],"date-time":"2022-07-07T12:28:59Z","timestamp":1657196939000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-96896-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030968953","9783030968960"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-96896-0_16","relation":{},"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"8 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}