{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T08:59:03Z","timestamp":1767085143300,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031709029"},{"type":"electronic","value":"9783031709036"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70903-6_15","type":"book-chapter","created":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:04:30Z","timestamp":1725487470000},"page":"291-312","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["VFLIP: A Backdoor Defense for\u00a0Vertical Federated Learning via\u00a0Identification and\u00a0Purification"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1297-8586","authenticated-orcid":false,"given":"Yungi","family":"Cho","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0895-0986","authenticated-orcid":false,"given":"Woorim","family":"Han","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6076-1376","authenticated-orcid":false,"given":"Miseon","family":"Yu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8414-966X","authenticated-orcid":false,"given":"Younghan","family":"Lee","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5238-3547","authenticated-orcid":false,"given":"Ho","family":"Bae","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6412-2926","authenticated-orcid":false,"given":"Yunheung","family":"Paek","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,5]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308\u2013318 (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"15_CR2","unstructured":"Blanchard, P., El\u00a0Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: byzantine tolerant gradient descent. Adv. neural inform. process. syst. 30 (2017)"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Chua, T.S., Tang, J., Hong, R., Li, H., Luo, Z., Zheng, Y.: Nus-wide: a real-world web image database from national university of Singapore. In: Proceedings of the ACM International Conference on Image and Video Retrieval, pp.\u00a01\u20139 (2009)","DOI":"10.1145\/1646396.1646452"},{"key":"15_CR4","unstructured":"Darlow, L.N., Crowley, E.J., Antoniou, A., Storkey, A.J.: CINIC-10 is not imagenet or CIFAR-10 (2018)"},{"key":"15_CR5","unstructured":"Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to Byzantine-Robust federated learning. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1605\u20131622 (2020)"},{"key":"15_CR6","unstructured":"Fu, C., et al.: Label inference attacks against vertical federated learning. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1397\u20131414 (2022)"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Gao, K., Bai, Y., Gu, J., Yang, Y., Xia, S.T.: Backdoor defense via adaptively splitting poisoned dataset. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4005\u20134014 (2023)","DOI":"10.1109\/CVPR52729.2023.00390"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Gharibshah, Z., Zhu, X.: Local contrastive feature learning for tabular data. In: Proceedings of the 31st ACM International Conference on Information and Knowledge Management, pp. 3963\u20133967 (2022)","DOI":"10.1145\/3511808.3557630"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"15_CR10","unstructured":"Howard, A.G., et al.: Efficient convolutional neural networks for mobile vision applications. arXiv preprint arXiv:1704.04861 (2017)"},{"issue":"2","key":"15_CR11","doi-asserted-by":"publisher","first-page":"108","DOI":"10.3390\/info11020108","volume":"11","author":"J Howard","year":"2020","unstructured":"Howard, J., Gugger, S.: Fastai: a layered API for deep learning. Information 11(2), 108 (2020)","journal-title":"Information"},{"key":"15_CR12","first-page":"12080","volume":"33","author":"WR Huang","year":"2020","unstructured":"Huang, W.R., Geiping, J., Fowl, L., Taylor, G., Goldstein, T.: Metapoison: practical general-purpose clean-label data poisoning. Adv. Neural. Inf. Process. Syst. 33, 12080\u201312091 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"15_CR13","first-page":"994","volume":"34","author":"X Jin","year":"2021","unstructured":"Jin, X., Chen, P.Y., Hsu, C.Y., Yu, C.M., Chen, T.: Cafe: catastrophic data leakage in vertical federated learning. Adv. Neural. Inf. Process. Syst. 34, 994\u20131006 (2021)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"15_CR14","unstructured":"Krizhevsky, A.: Learning multiple layers of features from tiny images. Tech. rep. (2009)"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Lai, J., Wang, T., Chen, C., Li, Y., Zheng, Z.: VfedAd: a defense method based on the information mechanism behind the vertical federated data poisoning attack. In: Proceedings of the 32nd ACM International Conference on Information and Knowledge Management, pp. 1148\u20131157 (2023)","DOI":"10.1145\/3583780.3615106"},{"key":"15_CR16","first-page":"14900","volume":"34","author":"Y Li","year":"2021","unstructured":"Li, Y., Lyu, X., Koren, N., Lyu, L., Li, B., Ma, X.: Anti-backdoor learning: training clean models on poisoned data. Adv. Neural. Inf. Process. Syst. 34, 14900\u201314912 (2021)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"15_CR17","unstructured":"Li, Y., Zhai, T., Jiang, Y., Li, Z., Xia, S.T.: Backdoor attack in the physical world. arXiv preprint arXiv:2104.02361 (2021)"},{"key":"15_CR18","first-page":"26645","volume":"35","author":"J Liu","year":"2022","unstructured":"Liu, J., Xie, C., Koyejo, S., Li, B.: CoPur: certifiably robust collaborative inference via feature purification. Adv. Neural. Inf. Process. Syst. 35, 26645\u201326657 (2022)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"15_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-030-00470-5_13","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"K Liu","year":"2018","unstructured":"Liu, K., Dolan-Gavitt, B., Garg, S.: Fine-pruning: defending against backdooring attacks on deep neural networks. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 273\u2013294. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_13"},{"key":"15_CR20","unstructured":"Liu, Y., et al.: Vertical federated learning: concepts, advances and challenges (2023)"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Lyu, L., Yu, H., Yang, Q.: Threats to federated learning: a survey. arXiv preprint arXiv:2003.02133 (2020)","DOI":"10.1007\/978-3-030-63076-8_1"},{"key":"15_CR22","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/j.dss.2014.03.001","volume":"62","author":"S Moro","year":"2014","unstructured":"Moro, S., Cortez, P., Rita, P.: A data-driven approach to predict the success of bank telemarketing. Decis. Support Syst. 62, 22\u201331 (2014). https:\/\/doi.org\/10.1016\/j.dss.2014.03.001","journal-title":"Decis. Support Syst."},{"key":"15_CR23","unstructured":"Nguyen, T.D., et\u00a0al.: $$\\{$$FLAME$$\\}$$: Taming backdoors in federated learning. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1415\u20131432 (2022)"},{"key":"15_CR24","unstructured":"Shafahi, A., et al.: Poison frogs! targeted clean-label poisoning attacks on neural networks. Adv. Neural Inf. Process. Syst. 31 (2018)"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: NDSS (2021)","DOI":"10.14722\/ndss.2021.24498"},{"key":"15_CR26","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)"},{"key":"15_CR27","doi-asserted-by":"crossref","unstructured":"Vincent, P., Larochelle, H., Bengio, Y., Manzagol, P.A.: Extracting and composing robust features with denoising autoencoders. In: Proceedings of the 25th International Conference On Machine Learning, pp. 1096\u20131103 (2008)","DOI":"10.1145\/1390156.1390294"},{"key":"15_CR28","unstructured":"Wei, K., et al.: Vertical federated learning: challenges, methodologies and experiments. arXiv preprint arXiv:2202.04309 (2022)"},{"key":"15_CR29","first-page":"16913","volume":"34","author":"D Wu","year":"2021","unstructured":"Wu, D., Wang, Y.: Adversarial neuron pruning purifies backdoored deep models. Adv. Neural. Inf. Process. Syst. 34, 16913\u201316925 (2021)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"15_CR30","doi-asserted-by":"publisher","unstructured":"Xuan, Y., Chen, X., Zhao, Z., Tang, B., Dong, Y.: Practical and general backdoor attacks against vertical federated learning. In: Koutra, D., Plant, C., Gomez\u00a0Rodriguez, M., Baralis, E., Bonchi, F. (eds.) Machine Learning and Knowledge Discovery in Databases: Research Track (2023). https:\/\/doi.org\/10.1007\/978-3-031-43415-0_24","DOI":"10.1007\/978-3-031-43415-0_24"},{"issue":"2","key":"15_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 10(2), 1\u201319 (2019)","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70903-6_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:07:32Z","timestamp":1725487652000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70903-6_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031709029","9783031709036"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70903-6_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"5 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}