{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:15:31Z","timestamp":1763968531879,"version":"3.40.3"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031375859"},{"type":"electronic","value":"9783031375866"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-37586-6_16","type":"book-chapter","created":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T23:02:16Z","timestamp":1689116536000},"page":"263-281","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Classification Auto-Encoder Based Detector Against Diverse Data Poisoning Attacks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0494-2551","authenticated-orcid":false,"given":"Fereshteh","family":"Razmi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7354-0428","authenticated-orcid":false,"given":"Li","family":"Xiong","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,12]]},"reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308\u2013318 (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"16_CR2","unstructured":"An, J., Cho, S.: Variational autoencoder based anomaly detection using reconstruction probability. Special Lecture on IE 2(1) (2015)"},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Aytekin, C., Ni, X., Cricri, F., Aksu, E.: Clustering and unsupervised anomaly detection with l 2 normalized deep auto-encoder representations. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20136. IEEE (2018)","DOI":"10.1109\/IJCNN.2018.8489068"},{"key":"16_CR4","unstructured":"Baldi, P.: Autoencoders, unsupervised learning, and deep architectures. In: Proceedings of ICML Workshop on Unsupervised and Transfer Learning, pp. 37\u201349 (2012)"},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"Baracaldo, N., Chen, B., Ludwig, H., Safavi, J.A.: Mitigating poisoning attacks on machine learning models: a data provenance based approach. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 103\u2013110 (2017)","DOI":"10.1145\/3128572.3140450"},{"issue":"4","key":"16_CR6","doi-asserted-by":"publisher","first-page":"984","DOI":"10.1109\/TKDE.2013.57","volume":"26","author":"B Biggio","year":"2013","unstructured":"Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 26(4), 984\u2013996 (2013)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"16_CR7","unstructured":"Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 (2012)"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Borgnia, E., et al.: Strong data augmentation sanitizes poisoning and backdoor attacks without an accuracy tradeoff. In: ICASSP 2021\u20132021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 3855\u20133859. IEEE (2021)","DOI":"10.1109\/ICASSP39728.2021.9414862"},{"key":"16_CR9","unstructured":"Carnerero-Cano, J., Mu\u00f1oz-Gonz\u00e1lez, L., Spencer, P., Lupu, E.C.: Regularisation can mitigate poisoning attacks: a novel analysis based on multiobjective bilevel optimisation. arXiv preprint arXiv:2003.00040 (2020)"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Chan, A., Tay, Y., Ong, Y.S., Zhang, A.: Poison attacks against text datasets with conditional adversarially regularized autoencoder. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: Findings, pp. 4175\u20134189 (2020)","DOI":"10.18653\/v1\/2020.findings-emnlp.373"},{"key":"16_CR11","doi-asserted-by":"publisher","first-page":"3412","DOI":"10.1109\/TIFS.2021.3080522","volume":"16","author":"J Chen","year":"2021","unstructured":"Chen, J., Zhang, X., Zhang, R., Wang, C., Liu, L.: De-Pois: an attack-agnostic defense against data poisoning attacks. IEEE Trans. Inf. Forensics Security 16, 3412\u20133425 (2021)","journal-title":"IEEE Trans. Inf. Forensics Security"},{"issue":"2","key":"16_CR12","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1177\/0165551512437638","volume":"38","author":"E Estell\u00e9s-Arolas","year":"2012","unstructured":"Estell\u00e9s-Arolas, E., Gonz\u00e1lez-Ladr\u00f3n-de Guevara, F.: Towards an integrated crowdsourcing definition. J. Inf. Sci. 38(2), 189\u2013200 (2012)","journal-title":"J. Inf. Sci."},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Fang, M., Sun, M., Li, Q., Gong, N.Z., Tian, J., Liu, J.: Data poisoning attacks and defenses to crowdsourcing systems. In: Proceedings of the Web Conference 2021, pp. 969\u2013980 (2021)","DOI":"10.1145\/3442381.3450066"},{"key":"16_CR14","first-page":"11994","volume":"32","author":"J Feng","year":"2019","unstructured":"Feng, J., Cai, Q.Z., Zhou, Z.H.: Learning to confuse: generating training time adversarial data with auto-encoder. Adv. Neural. Inf. Process. Syst. 32, 11994\u201312004 (2019)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"issue":"11","key":"16_CR15","doi-asserted-by":"publisher","first-page":"2351","DOI":"10.1109\/LGRS.2015.2478256","volume":"12","author":"J Geng","year":"2015","unstructured":"Geng, J., Fan, J., Wang, H., Ma, X., Li, B., Chen, F.: High-resolution SAR image classification via deep convolutional autoencoders. IEEE Geosci. Remote Sens. Lett. 12(11), 2351\u20132355 (2015)","journal-title":"IEEE Geosci. Remote Sens. Lett."},{"key":"16_CR16","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"T Gu","year":"2019","unstructured":"Gu, T., Liu, K., Dolan-Gavitt, B., Garg, S.: Badnets: evaluating backdooring attacks on deep neural networks. IEEE Access 7, 47230\u201347244 (2019)","journal-title":"IEEE Access"},{"key":"16_CR17","unstructured":"Hong, S., Chandrasekaran, V., Kaya, Y., Dumitra\u015f, T., Papernot, N.: On the effectiveness of mitigating data poisoning attacks with gradient shaping. arXiv preprint arXiv:2002.11497 (2020)"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., Li, B.: Manipulating machine learning: poisoning attacks and countermeasures for regression learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 19\u201335. IEEE (2018)","DOI":"10.1109\/SP.2018.00057"},{"key":"16_CR19","unstructured":"Koh, P.W., Liang, P.: Understanding black-box predictions via influence functions. In: Proceedings of the 34th International Conference on Machine Learning, vol. 70, pp. 1885\u20131894. JMLR. org (2017)"},{"key":"16_CR20","doi-asserted-by":"crossref","unstructured":"Koh, P.W., Steinhardt, J., Liang, P.: Stronger data poisoning attacks break data sanitization defenses. Mach. Learn., 1\u201347 (2022)","DOI":"10.1007\/s10994-021-06119-y"},{"key":"16_CR21","unstructured":"Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)"},{"key":"16_CR22","unstructured":"Laishram, R., Phoha, V.V.: Curie: a method for protecting SVM classifier from poisoning attack. arXiv preprint arXiv:1606.01584 (2016)"},{"key":"16_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/3-540-46805-6_19","volume-title":"Shape, Contour and Grouping in Computer Vision","author":"Y LeCun","year":"1999","unstructured":"LeCun, Y., Haffner, P., Bottou, L., Bengio, Y.: Object recognition with gradient-based learning. In: Shape, Contour and Grouping in Computer Vision. LNCS, vol. 1681, pp. 319\u2013345. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-46805-6_19"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Madani, P., Vlajic, N.: Robustness of deep autoencoder in intrusion detection under adversarial contamination. In: Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, pp. 1\u20138 (2018)","DOI":"10.1145\/3190619.3190637"},{"key":"16_CR25","unstructured":"Melis, M., Demontis, A., Pintor, M., Sotgiu, A., Biggio, B.: SECML: a python library for secure and explainable machine learning (2019). arXiv preprint arXiv:1912.10013"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Meng, D., Chen, H.: Magnet: a two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 135\u2013147 (2017)","DOI":"10.1145\/3133956.3134057"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Mu\u00f1oz-Gonz\u00e1lez, L., et al.: Towards poisoning of deep learning algorithms with back-gradient optimization. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 27\u201338 (2017)","DOI":"10.1145\/3128572.3140451"},{"key":"16_CR28","first-page":"1","volume":"8","author":"B Nelson","year":"2008","unstructured":"Nelson, B., et al.: Exploiting machine learning to subvert your spam filter. LEET 8, 1\u20139 (2008)","journal-title":"LEET"},{"key":"16_CR29","unstructured":"Paudice, A., Mu\u00f1oz-Gonz\u00e1lez, L., Gyorgy, A., Lupu, E.C.: Detection of adversarial training examples in poisoning attacks through anomaly detection. arXiv preprint arXiv:1802.03041 (2018)"},{"key":"16_CR30","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-030-13453-2_1","volume-title":"ECML PKDD 2018 Workshops","author":"A Paudice","year":"2019","unstructured":"Paudice, A., Mu\u00f1oz-Gonz\u00e1lez, L., Lupu, E.C.: Label sanitization against label flipping poisoning attacks. In: Alzate, C., et al. (eds.) ECML PKDD 2018. LNCS (LNAI), vol. 11329, pp. 5\u201315. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-13453-2_1"},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Sakurada, M., Yairi, T.: Anomaly detection using autoencoders with nonlinear dimensionality reduction. In: Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis, pp. 4\u201311 (2014)","DOI":"10.1145\/2689746.2689747"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: NDSS (2021)","DOI":"10.14722\/ndss.2021.24498"},{"key":"16_CR33","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A., Kairouz, P., Ramage, D.: Back to the drawing board: a critical evaluation of poisoning attacks on production federated learning. In: IEEE Symposium on Security and Privacy (2022)","DOI":"10.1109\/SP46214.2022.9833647"},{"key":"16_CR34","unstructured":"Shen, S., Tople, S., Saxena, P.: Auror: defending against poisoning attacks in collaborative deep learning systems. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 508\u2013519 (2016)"},{"key":"16_CR35","unstructured":"Steinhardt, J., Koh, P.W.W., Liang, P.S.: Certified defenses for data poisoning attacks. In: Advances in Neural Information Processing Systems, pp. 3517\u20133529 (2017)"},{"key":"16_CR36","unstructured":"Sun, J., Li, A., DiValentin, L., Hassanzadeh, A., Chen, Y., Li, H.: FL-WBC: enhancing robustness against model poisoning attacks in federated learning from a client perspective. In: Advances in Neural Information Processing Systems, vol. 34 (2021)"},{"key":"16_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/978-3-030-49669-2_18","volume-title":"Data and Applications Security and Privacy XXXIV","author":"F Tahmasebian","year":"2020","unstructured":"Tahmasebian, F., Xiong, L., Sotoodeh, M., Sunderam, V.: Crowdsourcing under data poisoning attacks: a comparative study. In: Singhal, A., Vaidya, J. (eds.) DBSec 2020. LNCS, vol. 12122, pp. 310\u2013332. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-49669-2_18"},{"key":"16_CR38","unstructured":"Vincent, P., Larochelle, H., Lajoie, I., Bengio, Y., Manzagol, P.A.: Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J. Mach. Learn. Res. 11(Dec), 3371\u20133408 (2010)"},{"issue":"7","key":"16_CR39","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3538707","volume":"55","author":"Z Wang","year":"2022","unstructured":"Wang, Z., Ma, J., Wang, X., Hu, J., Qin, Z., Ren, K.: Threats to training: a survey of poisoning attacks and defenses on machine learning systems. ACM Comput. Surv. 55(7), 1\u201336 (2022)","journal-title":"ACM Comput. Surv."},{"key":"16_CR40","unstructured":"Xiao, H., Rasul, K., Vollgraf, R.: Fashion-MNIST: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)"},{"key":"16_CR41","unstructured":"Xiao, H., Xiao, H., Eckert, C.: Adversarial label flips attack on support vector machines. In: ECAI, pp. 870\u2013875 (2012)"},{"key":"16_CR42","unstructured":"Xiao, H., Biggio, B., Brown, G., Fumera, G., Eckert, C., Roli, F.: Is feature selection secure against training data poisoning? In: International Conference on Machine Learning, pp. 1689\u20131698 (2015)"},{"key":"16_CR43","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.neucom.2014.08.081","volume":"160","author":"H Xiao","year":"2015","unstructured":"Xiao, H., Biggio, B., Nelson, B., Xiao, H., Eckert, C., Roli, F.: Support vector machines under adversarial label contamination. Neurocomputing 160, 53\u201362 (2015)","journal-title":"Neurocomputing"},{"key":"16_CR44","doi-asserted-by":"crossref","unstructured":"Xing, C., Ma, L., Yang, X.: Stacked denoise autoencoder based feature extraction and classification for hyperspectral images. J. Sens. 2016 (2016)","DOI":"10.1155\/2016\/3632943"},{"key":"16_CR45","unstructured":"Yang, C., Wu, Q., Li, H., Chen, Y.: Generative poisoning attack method against neural networks. arXiv preprint arXiv:1703.01340 (2017)"},{"key":"16_CR46","doi-asserted-by":"crossref","unstructured":"Zhao, M., An, B., Gao, W., Zhang, T.: Efficient label contamination attacks against black-box learning models. In: IJCAI, pp. 3945\u20133951 (2017)","DOI":"10.24963\/ijcai.2017\/551"},{"key":"16_CR47","doi-asserted-by":"crossref","unstructured":"Zhou, C., Paffenroth, R.C.: Anomaly detection with robust deep autoencoders. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 665\u2013674 (2017)","DOI":"10.1145\/3097983.3098052"},{"key":"16_CR48","series-title":"Advances in Information Security","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-62004-6","volume-title":"Differential Privacy and Applications","author":"T Zhu","year":"2017","unstructured":"Zhu, T., Li, G., Zhou, W., Yu, P.S.: Differential Privacy and Applications. AIS, vol. 69. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-62004-6"},{"key":"16_CR49","unstructured":"Zong, B., et al.: Deep autoencoding gaussian mixture model for unsupervised anomaly detection (2018)"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXVII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-37586-6_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T23:04:15Z","timestamp":1689116655000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-37586-6_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031375859","9783031375866"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-37586-6_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"12 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sophia-Antipolis","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dbsec2023.unimol.it\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"56","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}