{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T08:31:23Z","timestamp":1776587483360,"version":"3.51.2"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"24","license":[{"start":{"date-parts":[[2025,6,29]],"date-time":"2025-06-29T00:00:00Z","timestamp":1751155200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,6,29]],"date-time":"2025-06-29T00:00:00Z","timestamp":1751155200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100004622","name":"KWF Kankerbestrijding","doi-asserted-by":"publisher","award":["17924"],"award-info":[{"award-number":["17924"]}],"id":[{"id":"10.13039\/501100004622","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput & Applic"],"published-print":{"date-parts":[[2025,8]]},"DOI":"10.1007\/s00521-025-11420-1","type":"journal-article","created":{"date-parts":[[2025,6,29]],"date-time":"2025-06-29T18:01:12Z","timestamp":1751220072000},"page":"19687-19705","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Weight-space noise for privacy-robustness trade-offs in federated learning"],"prefix":"10.1007","volume":"37","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6003-0119","authenticated-orcid":false,"given":"Erfan","family":"Darzi","sequence":"first","affiliation":[]},{"given":"Nanna M.","family":"Sijtsema","sequence":"additional","affiliation":[]},{"given":"Peter","family":"van Ooijen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,29]]},"reference":[{"key":"11420_CR1","doi-asserted-by":"crossref","unstructured":"Zhang J, Chen Y, Li H (2022) Privacy leakage of adversarial training models in federated learning systems. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition, pp 108\u2013114","DOI":"10.1109\/CVPRW56347.2022.00021"},{"key":"11420_CR2","unstructured":"Mejia FA, Gamble P, Hampel-Arias Z, Lomnitz M, Lopatina N, Tindall L, Barrios MA (2019) Robust or private? adversarial training makes models more vulnerable to privacy attacks, arXiv preprint arXiv:1906.06449"},{"key":"11420_CR3","doi-asserted-by":"crossref","unstructured":"Song L, Shokri R, Mittal P (2019) Privacy risks of securing machine learning models against adversarial examples. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pp 241\u2013257","DOI":"10.1145\/3319535.3354211"},{"key":"11420_CR4","doi-asserted-by":"crossref","unstructured":"Bouacida N, Mohapatra P (2021) Vulnerabilities in federated learning. IEEE Access 9:63\u00a0229\u201363\u00a0249","DOI":"10.1109\/ACCESS.2021.3075203"},{"key":"11420_CR5","doi-asserted-by":"crossref","unstructured":"Liu B, Yan B, Zhou Y, Yang Y, Zhang Y (2020) Experiments of federated learning for covid-19 chest x-ray images. arXiv preprint arXiv:2007.05592","DOI":"10.1007\/978-3-030-78618-2_4"},{"issue":"2","key":"11420_CR6","doi-asserted-by":"publisher","first-page":"743","DOI":"10.3390\/s23020743","volume":"23","author":"H Malik","year":"2023","unstructured":"Malik H, Naeem A, Naqvi RA, Loh W-K (2023) Dmfl_net: a federated learning-based framework for the classification of Covid-19 from multiple chest diseases using x-rays. Sensors 23(2):743","journal-title":"Sensors"},{"issue":"3","key":"11420_CR7","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1038\/s41591-020-0791-x","volume":"26","author":"X Han","year":"2020","unstructured":"Han X, Hu Y, Foschini L, Chinitz L, Jankelson L, Ranganath R (2020) Deep learning models for electrocardiograms are susceptible to adversarial attack. Nat Med 26(3):360\u2013363","journal-title":"Nat Med"},{"issue":"2","key":"11420_CR8","first-page":"1","volume":"22","author":"D Rodriguez","year":"2022","unstructured":"Rodriguez D, Nayak T, Chen Y, Krishnan R, Huang Y (2022) On the role of deep learning model complexity in adversarial robustness for medical images. BMC Med Inform Decis Mak 22(2):1\u201315","journal-title":"BMC Med Inform Decis Mak"},{"key":"11420_CR9","doi-asserted-by":"publisher","DOI":"10.1016\/j.media.2021.102141","volume":"73","author":"G Bortsova","year":"2021","unstructured":"Bortsova G, Gonz\u00e1lez-Gonzalo C, Wetstein SC, Dubost F, Katramados I, Hogeweg L, Liefers B, van Ginneken B, Pluim JP, Veta M et al (2021) Adversarial attack vulnerability of medical image analysis systems: unexplored factors. Med Image Anal 73:102141","journal-title":"Med Image Anal"},{"key":"11420_CR10","first-page":"694","volume":"4","author":"J So","year":"2022","unstructured":"So J, He C, Yang C-S, Li S, Yu Q, Ali RE, Guler B, Avestimehr S (2022) Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning. Proc Mach Learn Syst 4:694\u2013720","journal-title":"Proc Mach Learn Syst"},{"key":"11420_CR11","unstructured":"Chen WN, Ozgur A, Kairouz P (2022) The poisson binomial mechanism for unbiased federated learning with secure aggregation. In: International conference on machine learning. PMLR, pp 3490\u20133506"},{"issue":"9","key":"11420_CR12","doi-asserted-by":"publisher","first-page":"5880","DOI":"10.1002\/int.22818","volume":"37","author":"J Ma","year":"2022","unstructured":"Ma J, Naas S-A, Sigg S, Lyu X (2022) Privacy-preserving federated learning based on multi-key homomorphic encryption. Int J Intell Syst 37(9):5880\u20135901","journal-title":"Int J Intell Syst"},{"key":"11420_CR13","doi-asserted-by":"crossref","unstructured":"Zhang L, Xu J, Vijayakumar P, Sharma PK, Ghosh U (2022) Homomorphic encryption-based privacy-preserving federated learning in IoT-enabled healthcare system. IEEE Trans Netw Sci Eng","DOI":"10.1109\/TNSE.2022.3185327"},{"issue":"1","key":"11420_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1038\/s41598-020-69250-1","volume":"10","author":"MJ Sheller","year":"2020","unstructured":"Sheller MJ, Edwards B, Reina GA, Martin J, Pati S, Kotrotsou A, Milchenko M, Xu W, Marcus D, Colen RR et al (2020) Federated learning in medicine: facilitating multi-institutional collaborations without sharing patient data. Sci Rep 10(1):1\u201312","journal-title":"Sci Rep"},{"key":"11420_CR15","doi-asserted-by":"crossref","unstructured":"Vithana V, Ulukus S (2022) Model segmentation for storage efficient private federated learning with top $$ r $$ sparsification. arXiv preprint arXiv:2212.11947","DOI":"10.1109\/ICC45855.2022.9839200"},{"issue":"1","key":"11420_CR16","doi-asserted-by":"publisher","first-page":"1953","DOI":"10.1038\/s41598-022-05539-7","volume":"12","author":"M Adnan","year":"2022","unstructured":"Adnan M, Kalra S, Cresswell JC, Taylor GW, Tizhoosh HR (2022) Federated learning and differential privacy for medical image analysis. Sci Rep 12(1):1953","journal-title":"Sci Rep"},{"key":"11420_CR17","unstructured":"Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V (2020) How to backdoor federated learning. In: International conference on artificial intelligence and statistics. PMLR, 2020, pp 2938\u20132948"},{"key":"11420_CR18","doi-asserted-by":"publisher","first-page":"3454","DOI":"10.1109\/TIFS.2020.2988575","volume":"15","author":"K Wei","year":"2020","unstructured":"Wei K, Li J, Ding M, Ma C, Yang HH, Farokhi F, Jin S, Quek TQ, Poor HV (2020) Federated learning with differential privacy: algorithms and performance analysis. IEEE Trans Inf Forensics Secur 15:3454\u20133469","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"11420_CR19","doi-asserted-by":"crossref","unstructured":"Kurakin A, Goodfellow IJ, Bengio S (2018) Adversarial examples in the physical world. In: Artificial intelligence safety and security. Chapman and Hall\/CRC, 2018, pp 99\u2013112","DOI":"10.1201\/9781351251389-8"},{"key":"11420_CR20","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2017) Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083"},{"issue":"1","key":"11420_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-021-00105-6","volume":"5","author":"P Liu","year":"2022","unstructured":"Liu P, Xu X, Wang W (2022) Threats, attacks and defenses to federated learning: issues, taxonomy and perspectives. Cybersecurity 5(1):1\u201319","journal-title":"Cybersecurity"},{"key":"11420_CR22","unstructured":"Cohen J, Rosenfeld E, Kolter Z (2019) Certified adversarial robustness via randomized smoothing. In: international conference on machine learning. PMLR, pp 1310\u20131320"},{"key":"11420_CR23","doi-asserted-by":"crossref","unstructured":"Abadi M, Chu A, Goodfellow I, McMahan HB, Mironov I, Talwar K, Zhang L (2016) Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (CCS), pp 308\u2013318","DOI":"10.1145\/2976749.2978318"},{"key":"11420_CR24","unstructured":"Bhuvaji S, Kadam A, Bhumkar P, Dedge S, Kanchan S (2020) Brain tumor classification (mri). [Online]. Available: https:\/\/www.kaggle.com\/dsv\/1183165"},{"key":"11420_CR25","doi-asserted-by":"crossref","unstructured":"Veeling BS, Linmans J, Winkens J, Cohen T, Welling M (2018) Rotation equivariant CNNs for digital pathology. In: Medical image computing and computer assisted intervention-MICCAI, 21st international conference, Granada, Spain, September pp 16\u201320, 2018, Proceedings, Part II 11. Springer. pp 210\u2013218","DOI":"10.1007\/978-3-030-00934-2_24"},{"key":"11420_CR26","unstructured":"Tram\u00e8r F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P (2017) Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204"}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-025-11420-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00521-025-11420-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-025-11420-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T23:56:48Z","timestamp":1757203008000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00521-025-11420-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,29]]},"references-count":26,"journal-issue":{"issue":"24","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["11420"],"URL":"https:\/\/doi.org\/10.1007\/s00521-025-11420-1","relation":{},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,29]]},"assertion":[{"value":"12 July 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 May 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 June 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declaration"}},{"value":"The authors declare no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}