{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T18:09:11Z","timestamp":1778954951198,"version":"3.51.4"},"reference-count":52,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T00:00:00Z","timestamp":1656460800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T00:00:00Z","timestamp":1656460800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072406"],"award-info":[{"award-number":["62072406"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key Lab of Ministry of Public Security","award":["2020DSJSYS001"],"award-info":[{"award-number":["2020DSJSYS001"]}]},{"name":"Key R &D Projects in Zhejiang Province","award":["2021C01117"],"award-info":[{"award-number":["2021C01117"]}]},{"name":"2020 Industrial Internet Innovation Development Project","award":["TC200H01V"],"award-info":[{"award-number":["TC200H01V"]}]},{"name":"Ten Thousand Talents Program in Zhejiang Province","award":["2020R52011"],"award-info":[{"award-number":["2020R52011"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Multimedia Systems"],"published-print":{"date-parts":[[2023,4]]},"DOI":"10.1007\/s00530-022-00965-z","type":"journal-article","created":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T18:04:48Z","timestamp":1656525888000},"page":"553-568","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Evil vs evil: using adversarial examples to against backdoor attack in federated learning"],"prefix":"10.1007","volume":"29","author":[{"given":"Tao","family":"Liu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mingjun","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haibin","family":"Zheng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhaoyan","family":"Ming","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7153-2755","authenticated-orcid":false,"given":"Jinyin","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,6,29]]},"reference":[{"key":"965_CR1","doi-asserted-by":"publisher","first-page":"106854","DOI":"10.1016\/j.cie.2020.106854","volume":"149","author":"L Li","year":"2020","unstructured":"Li, L., Fan, Y., Tse, M., Lin, K.: A review of applications in federated learning. Comput. Ind. Eng. 149, 106854 (2020). https:\/\/doi.org\/10.1016\/j.cie.2020.106854","journal-title":"Comput. Ind. Eng."},{"issue":"3","key":"965_CR2","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2020.2975749","volume":"37","author":"T Li","year":"2020","unstructured":"Li, T., Sahu, A.K., Talwalkar, A., Smith, V.: Federated learning: challenges, methods, and future directions. IEEE Signal Process. Mag. 37(3), 50\u201360 (2020). https:\/\/doi.org\/10.1109\/MSP.2020.2975749","journal-title":"IEEE Signal Process. Mag."},{"issue":"2","key":"965_CR3","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. 10(2), 12\u201311219 (2019). https:\/\/doi.org\/10.1145\/3298981","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"965_CR4","doi-asserted-by":"publisher","first-page":"140699","DOI":"10.1109\/ACCESS.2020.3013541","volume":"8","author":"M Aledhari","year":"2020","unstructured":"Aledhari, M., Razzak, R., Parizi, R.M., Saeed, F.: Federated learning: a survey on enabling technologies, protocols, and applications. IEEE Access 8, 140699\u2013140725 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.3013541","journal-title":"IEEE Access"},{"key":"965_CR5","unstructured":"Li, Q., Wen, Z., Wu, Z., Hu, S., Wang, N., Liu, X., He, B.: A survey on federated learning systems: vision, hype and reality for data privacy and protection. CoRR (2019) arxiv:1907.09693"},{"key":"965_CR6","unstructured":"Choudhury, O., Park, Y., Salonidis, T., Gkoulalas-Divanis, A., Sylla, I.: Predicting adverse drug reactions on distributed health data using federated learning. AMIA Annual symposium., November 16-20, 2019, Washington, DC, USA (2019). https:\/\/knowledge.amia.org\/69862-amia-1.4570936\/t004-1.4574923\/t004-1.4574924\/3200032-1.4575138\/3203560-1.4575135"},{"issue":"1","key":"965_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s41666-020-00082-4","volume":"5","author":"J Xu","year":"2021","unstructured":"Xu, J., Glicksberg, B.S., Su, C., Walker, P.B., Bian, J., Wang, F.: Federated learning for healthcare informatics. J. Heal. Inform. Res. 5(1), 1\u201319 (2021). https:\/\/doi.org\/10.1007\/s41666-020-00082-4","journal-title":"J. Heal. Inform. Res."},{"key":"965_CR8","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1016\/j.future.2020.10.007","volume":"115","author":"V Mothukuri","year":"2021","unstructured":"Mothukuri, V., Parizi, R.M., Pouriyeh, S., Huang, Y., Dehghantanha, A., Srivastava, G.: A survey on security and privacy of federated learning. Future Gener. Comput. Syst. 115, 619\u2013640 (2021). https:\/\/doi.org\/10.1016\/j.future.2020.10.007","journal-title":"Future Gener. Comput. Syst."},{"issue":"4","key":"965_CR9","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1109\/MNET.001.1900506","volume":"34","author":"C Ma","year":"2020","unstructured":"Ma, C., Li, J., Ding, M., Yang, H.H., Shu, F., Quek, T.Q.S., Poor, H.V.: On safeguarding privacy and security in the framework of federated learning. IEEE Netw. 34(4), 242\u2013248 (2020). https:\/\/doi.org\/10.1109\/MNET.001.1900506","journal-title":"IEEE Netw."},{"key":"965_CR10","unstructured":"Wang, H., Sreenivasan, K., Rajput, S., Vishwakarma, H., Agarwal, S., Sohn, J., Lee, K., Papailiopoulos, D.S.: Attack of the tails: Yes, you really can backdoor federated learning. In: Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M., Lin, H. (eds.) Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6-12, 2020, Virtual (2020). https:\/\/proceedings.neurips.cc\/paper\/2020\/hash\/b8ffa41d4e492f0fad2f13e29e1762eb-Abstract.html"},{"key":"965_CR11","unstructured":"Sun, Z., Kairouz, P., Suresh, A.T., McMahan, H.B.: Can you really backdoor federated learning? CoRR (2019) arxiv:1911.07963"},{"key":"965_CR12","unstructured":"Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: Chiappa, S., Calandra, R. (eds.) The 23rd International Conference on Artificial Intelligence and Statistics, AISTATS 2020, 26-28 August 2020, Online [Palermo, Sicily, Italy]. Proceedings of Machine Learning Research, vol. 108, pp. 2938\u20132948 (2020). http:\/\/proceedings.mlr.press\/v108\/bagdasaryan20a.html"},{"key":"965_CR13","doi-asserted-by":"crossref","unstructured":"\u00d6zdayi, M.S., Kantarcioglu, M., Gel, Y.R.: Defending against backdoors in federated learning with robust learning rate. In: Thirty-Fifth AAAI Conference on Artificial Intelligence, AAAI 2021, Thirty-Third Conference on Innovative Applications of Artificial Intelligence, IAAI 2021, The Eleventh Symposium on Educational Advances in Artificial Intelligence, EAAI 2021, Virtual Event, February 2-9, 2021, pp. 9268\u20139276 (2021). https:\/\/ojs.aaai.org\/index.php\/AAAI\/article\/view\/17118","DOI":"10.1609\/aaai.v35i10.17118"},{"key":"965_CR14","unstructured":"Yin, D., Chen, Y., Ramchandran, K., Bartlett, P.L.: Byzantine-robust distributed learning: towards optimal statistical rates. In: Dy, J.G., Krause, A. (eds.) Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15, 2018. Proceedings of Machine Learning Research, vol. 80, pp. 5636\u20135645 (2018). http:\/\/proceedings.mlr.press\/v80\/yin18a.html"},{"key":"965_CR15","unstructured":"Blanchard, P., Mhamdi, E.M.E., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. In: Guyon, I., von Luxburg, U., Bengio, S., Wallach, H.M., Fergus, R., Vishwanathan, S.V.N., Garnett, R. (eds.) Advances in Neural Information Processing Systems 30: Annual Conference on Neural Information Processing Systems 2017, December 4-9, 2017, Long Beach, CA, USA, pp. 119\u2013129 (2017). https:\/\/proceedings.neurips.cc\/paper\/2017\/hash\/f4b9ec30ad9f68f89b29639786cb62ef-Abstract.html"},{"key":"965_CR16","unstructured":"Pillutla, V.K., Kakade, S.M., Harchaoui, Z.: Robust aggregation for federated learning. CoRR (2019) arxiv:1912.13445"},{"key":"965_CR17","unstructured":"Fung, C., Yoon, C.J.M., Beschastnikh, I.: The limitations of federated learning in sybil settings. In: Egele, M., Bilge, L. (eds.) 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, San Sebastian, Spain, October 14-15, 2020, pp. 301\u2013316 (2020). https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/fung"},{"key":"965_CR18","unstructured":"Xie, C., Chen, M., Chen, P., Li, B.: CRFL: certifiably robust federated learning against backdoor attacks. In: Meila, M., Zhang, T. (eds.) Proceedings of the 38th International Conference on Machine Learning, ICML 2021, 18-24 July 2021, Virtual Event. Proceedings of Machine Learning Research, vol. 139, pp. 11372\u201311382 (2021). http:\/\/proceedings.mlr.press\/v139\/xie21a.html"},{"key":"965_CR19","doi-asserted-by":"publisher","unstructured":"Andreina, S., Marson, G.A., M\u00f6llering, H., Karame, G.: Baffle: Backdoor detection via feedback-based federated learning. In: 41st IEEE International Conference on Distributed Computing Systems, ICDCS 2021, Washington DC, USA, July 7-10, 2021, pp. 852\u2013863 (2021). https:\/\/doi.org\/10.1109\/ICDCS51616.2021.00086","DOI":"10.1109\/ICDCS51616.2021.00086"},{"key":"965_CR20","unstructured":"Xie, C., Huang, K., Chen, P., Li, B.: DBA: distributed backdoor attacks against federated learning. In: 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020 (2020). https:\/\/openreview.net\/forum?id=rkgyS0VFvr"},{"key":"965_CR21","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30 - May 3, 2018, Conference Track Proceedings (2018). https:\/\/openreview.net\/forum?id=rJzIBfZAb"},{"key":"965_CR22","unstructured":"Krizhevsky A, Hinton G. Learning multiple layers of features from tiny images. Technical report, University of Toronto, pp. 1\u201360 (2009)."},{"key":"965_CR23","doi-asserted-by":"publisher","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, June 27-30, 2016, pp. 770\u2013778 (2016). https:\/\/doi.org\/10.1109\/CVPR.2016.90","DOI":"10.1109\/CVPR.2016.90"},{"key":"965_CR24","unstructured":"Kone\u010dn\u00fd, J., McMahan, H.B., Yu, F.X., Richt\u00e1rik, P., Suresh, A.T., Bacon, D.: Federated learning: Strategies for improving communication efficiency. CoRR (2016) arxiv:1610.05492"},{"key":"965_CR25","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Singh, A., Zhu, X.J. (eds.) Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, AISTATS 2017, 20-22 April 2017, Fort Lauderdale, FL, USA. Proceedings of Machine Learning Research, vol. 54, pp. 1273\u20131282 (2017). http:\/\/proceedings.mlr.press\/v54\/mcmahan17a.html"},{"key":"965_CR26","doi-asserted-by":"publisher","unstructured":"Lyu, L., Yu, H., Zhao, J., Yang, Q.: Threats to federated learning. In: Yang, Q., Fan, L., Yu, H. (eds.) Federated Learning - Privacy and Incentive. Lecture Notes in Computer Science, vol. 12500, pp. 3\u201316 (2020). https:\/\/doi.org\/10.1007\/978-3-030-63076-8_1","DOI":"10.1007\/978-3-030-63076-8_1"},{"key":"965_CR27","unstructured":"Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.B.: Analyzing federated learning through an adversarial lens. In: Chaudhuri, K., Salakhutdinov, R. (eds.) Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9-15 June 2019, Long Beach, California, USA. Proceedings of Machine Learning Research, vol. 97, pp. 634\u2013643 (2019). http:\/\/proceedings.mlr.press\/v97\/bhagoji19a.html"},{"key":"965_CR28","doi-asserted-by":"publisher","unstructured":"Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: byzantine gradient descent. In: Psounis, K., Akella, A., Wierman, A. (eds.) Abstracts of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2018, Irvine, CA, USA, June 18-22, 2018, p. 96 (2018). https:\/\/doi.org\/10.1145\/3219617.3219655","DOI":"10.1145\/3219617.3219655"},{"key":"965_CR29","unstructured":"Mhamdi, E.M.E., Guerraoui, R., Rouault, S.: The hidden vulnerability of distributed learning in byzantium. In: Dy, J.G., Krause, A. (eds.) Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15, 2018. Proceedings of Machine Learning Research, vol. 80, pp. 3518\u20133527 (2018). http:\/\/proceedings.mlr.press\/v80\/mhamdi18a.html"},{"key":"965_CR30","unstructured":"Fu, S., Xie, C., Li, B., Chen, Q.: Attack-resistant federated learning with residual-based reweighting. CoRR (2019) arxiv:1912.11464"},{"issue":"5","key":"965_CR31","doi-asserted-by":"publisher","first-page":"2029","DOI":"10.1109\/TDSC.2020.2986205","volume":"18","author":"L Zhao","year":"2021","unstructured":"Zhao, L., Hu, S., Wang, Q., Jiang, J., Shen, C., Luo, X., Hu, P.: Shielding collaborative learning: mitigating poisoning attacks through client-side detection. IEEE Trans. Dependable Secur. Comput. 18(5), 2029\u20132041 (2021). https:\/\/doi.org\/10.1109\/TDSC.2020.2986205","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"965_CR32","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"T Gu","year":"2019","unstructured":"Gu, T., Liu, K., Dolan-Gavitt, B., Garg, S.: Badnets: evaluating backdooring attacks on deep neural networks. IEEE Access 7, 47230\u201347244 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2909068","journal-title":"IEEE Access"},{"key":"965_CR33","doi-asserted-by":"crossref","unstructured":"Cao, X., Fang, M., Liu, J., Gong, N.Z.: Fltrust: Byzantine-robust federated learning via trust bootstrapping. In: 28th Annual Network and Distributed System Security Symposium, NDSS 2021, Virtually, February 21-25, 2021 (2021). https:\/\/www.ndss-symposium.org\/ndss-paper\/fltrust-byzantine-robust-federated-learning-via-trust-bootstrapping\/","DOI":"10.14722\/ndss.2021.24434"},{"issue":"7","key":"965_CR34","doi-asserted-by":"publisher","first-page":"1181","DOI":"10.1109\/TNN.2009.2019722","volume":"20","author":"G Tzortzis","year":"2009","unstructured":"Tzortzis, G., Likas, A.: The global kernel $$k$$-means algorithm for clustering in feature space. IEEE Trans. Neural Netw. 20(7), 1181\u20131194 (2009). https:\/\/doi.org\/10.1109\/TNN.2009.2019722","journal-title":"IEEE Trans. Neural Netw."},{"issue":"5814","key":"965_CR35","doi-asserted-by":"publisher","first-page":"972","DOI":"10.1126\/science.1136800","volume":"315","author":"BJ Frey","year":"2007","unstructured":"Frey, B.J., Dueck, D.: Clustering by passing messages between data points. Science 315(5814), 972\u2013976 (2007)","journal-title":"Science"},{"key":"965_CR36","unstructured":"Chang, T., He, Y., Li, P.: Efficient two-step adversarial defense for deep neural networks. CoRR (2018) arxiv:1810.03739"},{"key":"965_CR37","unstructured":"Tram\u00e8r, F., Boneh, D.: Adversarial training and robustness for multiple perturbations. In: Wallach, H.M., Larochelle, H., Beygelzimer, A., d\u2019Alch\u00e9-Buc, F., Fox, E.B., Garnett, R. (eds.) Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019, December 8-14, 2019, Vancouver, BC, Canada, pp. 5858\u20135868 (2019). https:\/\/proceedings.neurips.cc\/paper\/2019\/hash\/5d4ae76f053f8f2516ad12961ef7fe97-Abstract.html"},{"key":"965_CR38","doi-asserted-by":"publisher","unstructured":"Liu, Y., Lee, W., Tao, G., Ma, S., Aafer, Y., Zhang, X.: ABS: scanning neural networks for back-doors by artificial brain stimulation. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019, pp. 1265\u20131282 (2019). https:\/\/doi.org\/10.1145\/3319535.3363216","DOI":"10.1145\/3319535.3363216"},{"key":"965_CR39","unstructured":"Chen, B., Carvalho, W., Baracaldo, N., Ludwig, H., Edwards, B., Lee, T., Molloy, I.M., Srivastava, B.: Detecting backdoor attacks on deep neural networks by activation clustering. In: Espinoza, H., h\u00c9igeartaigh, S.\u00d3., Huang, X., Hern\u00e1ndez-Orallo, J., Castillo-Effen, M. (eds.) Workshop on Artificial Intelligence Safety 2019 Co-located with the Thirty-Third AAAI Conference on Artificial Intelligence 2019 (AAAI-19), Honolulu, Hawaii, January 27, 2019. CEUR Workshop Proceedings, vol. 2301 (2019). http:\/\/ceur-ws.org\/Vol-2301\/paper_18.pdf"},{"issue":"11","key":"965_CR40","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998). https:\/\/doi.org\/10.1109\/5.726791","journal-title":"Proc. IEEE"},{"key":"965_CR41","unstructured":"Xiao, H., Rasul, K., Vollgraf, R.: Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. CoRR (2017) arxiv:1708.07747"},{"key":"965_CR42","unstructured":"Huang, G.B., Mattar, M., Berg, T., Learned-Miller, E.: Labeled faces in the wild: a database forstudying face recognition in unconstrained environments. In: Workshop on Faces in\u2019Real-Life\u2019Images: Detection, Alignment, and Recognition (2008)"},{"key":"965_CR43","unstructured":"Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., Chandra, V.: Federated learning with non-iid data. CoRR (2018) arxiv:1806.00582"},{"key":"965_CR44","unstructured":"Li, X., Huang, K., Yang, W., Wang, S., Zhang, Z.: On the convergence of fedavg on non-iid data. In: 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020 (2020). https:\/\/openreview.net\/forum?id=HJxNAnVtDS"},{"key":"965_CR45","unstructured":"Li, Y., Li, Y., Lv, Y., Jiang, Y., Xia, S.: Hidden backdoor attack against semantic segmentation models. CoRR (2021) arxiv:2103.04038"},{"key":"965_CR46","doi-asserted-by":"publisher","unstructured":"Lin, J., Xu, L., Liu, Y., Zhang, X.: Composite backdoor attack for deep neural network by mixing existing benign features. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) CCS \u201920: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, November 9-13, 2020, pp. 113\u2013131 (2020). https:\/\/doi.org\/10.1145\/3372297.3423362","DOI":"10.1145\/3372297.3423362"},{"key":"965_CR47","unstructured":"Brendel, W., Rauber, J., Bethge, M.: Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30 - May 3, 2018, Conference Track Proceedings (2018). https:\/\/openreview.net\/forum?id=SyZI0GWCZ"},{"key":"965_CR48","unstructured":"Wong, E., Rice, L., Kolter, J.Z.: Fast is better than free: revisiting adversarial training. In: 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26-30, 2020 (2020). https:\/\/openreview.net\/forum?id=BJx040EFvH"},{"key":"965_CR49","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Bengio, Y., LeCun, Y. (eds.) 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings (2015). arxiv:1412.6572"},{"key":"965_CR50","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24-26, 2017, Workshop Track Proceedings (2017). https:\/\/openreview.net\/forum?id=HJGU3Rodl"},{"key":"965_CR51","doi-asserted-by":"publisher","unstructured":"Dong, Y., Liao, F., Pang, T., Su, H., Zhu, J., Hu, X., Li, J.: Boosting adversarial attacks with momentum. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2018, Salt Lake City, UT, USA, June 18-22, 2018, pp. 9185\u20139193. Computer Vision Foundation \/ IEEE Computer Society (2018). https:\/\/doi.org\/10.1109\/CVPR.2018.00957. http:\/\/openaccess.thecvf.com\/content_cvpr_2018\/html\/Dong_Boosting_Adversarial_Attacks_CVPR_2018_paper.html","DOI":"10.1109\/CVPR.2018.00957"},{"key":"965_CR52","unstructured":"Fang, M., Cao, X., Jia, J., Gong, N.Z.: Local model poisoning attacks to byzantine-robust federated learning. In: Capkun, S., Roesner, F. (eds.) 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pp. 1605\u20131622 (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/fang"}],"container-title":["Multimedia Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00530-022-00965-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00530-022-00965-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00530-022-00965-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,27]],"date-time":"2023-02-27T19:05:58Z","timestamp":1677524758000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00530-022-00965-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,6,29]]},"references-count":52,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,4]]}},"alternative-id":["965"],"URL":"https:\/\/doi.org\/10.1007\/s00530-022-00965-z","relation":{},"ISSN":["0942-4962","1432-1882"],"issn-type":[{"value":"0942-4962","type":"print"},{"value":"1432-1882","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,6,29]]},"assertion":[{"value":"9 January 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 June 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 June 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}