{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T17:26:33Z","timestamp":1767374793814,"version":"build-2065373602"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,11,25]],"date-time":"2024-11-25T00:00:00Z","timestamp":1732492800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,25]],"date-time":"2024-11-25T00:00:00Z","timestamp":1732492800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1007\/s10207-024-00940-x","type":"journal-article","created":{"date-parts":[[2024,11,25]],"date-time":"2024-11-25T20:05:54Z","timestamp":1732565154000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Deep behavioral analysis of machine learning algorithms against data poisoning"],"prefix":"10.1007","volume":"24","author":[{"given":"Anum","family":"Paracha","sequence":"first","affiliation":[]},{"given":"Junaid","family":"Arshad","sequence":"additional","affiliation":[]},{"given":"Mohamed Ben","family":"Farah","sequence":"additional","affiliation":[]},{"given":"Khalid","family":"Ismail","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,25]]},"reference":[{"issue":"4","key":"940_CR1","doi-asserted-by":"publisher","first-page":"1688","DOI":"10.18517\/ijaseit.11.4.14608","volume":"11","author":"Q Abu Al-Haijaa","year":"2021","unstructured":"Abu Al-Haijaa, Q., Ishtaiwia, A.: Machine learning based model to identify firewall decisions to improve cyber-defense. Int. J. Adv. Sci. Eng. Inf. Technol. 11(4), 1688\u20131695 (2021)","journal-title":"Int. J. Adv. Sci. Eng. Inf. Technol."},{"key":"940_CR2","doi-asserted-by":"crossref","unstructured":"Aghakhani, H., Meng, D., Wang, Y., Kruegel, C., Vigna, G.: Bullseye polytope: A scalable clean-label poisoning attack with improved transferability. In: 2021 IEEE European symposium on security and privacy (EuroS &P), pages 159\u2013178. IEEE, (2021)","DOI":"10.1109\/EuroSP51992.2021.00021"},{"issue":"10","key":"940_CR3","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0275971","volume":"17","author":"E Alshahrani","year":"2022","unstructured":"Alshahrani, E., Alghazzawi, D., Alotaibi, R., Rabie, O.: Adversarial attacks against supervised machine learning based network intrusion detection systems. PLoS ONE 17(10), e0275971 (2022)","journal-title":"PLoS ONE"},{"key":"940_CR4","doi-asserted-by":"crossref","unstructured":"Baracaldo, N., Chen, B., Ludwig, H., Safavi, J.\u00a0A.: Mitigating poisoning attacks on machine learning models: a data provenance based approach. In: Proceedings of the 10th ACM workshop on artificial intelligence and security. pp 103\u2013110 (2017)","DOI":"10.1145\/3128572.3140450"},{"key":"940_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103582","volume":"137","author":"A Brown","year":"2024","unstructured":"Brown, A., Gupta, M., Abdelsalam, M.: Automated machine learning for deep learning based malware detection. Comput. Secur. 137, 103582 (2024)","journal-title":"Comput. Secur."},{"key":"940_CR6","unstructured":"Centurion, D.\u00a0I., Chubarian, K., Fan, B., Sgherzi, F., Radhakrishnan, T.\u00a0S., Sidiropoulos, A., Straight, A.: Geometric algorithms for $$ k $$-nn poisoning. arXiv:2306.12377, (2023)"},{"key":"940_CR7","doi-asserted-by":"publisher","first-page":"1039","DOI":"10.1007\/s13042-016-0629-5","volume":"9","author":"PPK Chan","year":"2018","unstructured":"Chan, P.P.K., He, Z.M., Li, H., Hsu, C.-C.: Data sanitization against adversarial label contamination based on data complexity. Int. J. Mach. Learn. Cybern. 9, 1039\u20131052 (2018)","journal-title":"Int. J. Mach. Learn. Cybern."},{"key":"940_CR8","unstructured":"Chen, K., Lou, X., Xu, G., Li, J., Zhang, T.: Clean-image backdoor: attacking multi-label models with poisoned labels only. In: The eleventh international conference on learning representations (2022)"},{"key":"940_CR9","unstructured":"Chenthan, H.N.: Network Intrusion dataset (CIC-IDS-2017). (2023), https:\/\/www.kaggle.com\/datasets\/chethuhn\/network-intrusion-dataset"},{"key":"940_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3585385","volume":"55","author":"A Cin\u00e0","year":"2023","unstructured":"Cin\u00e0, A., Grosse, K., Demontis, A., Vascon, S., Zellinger, W., Moser, B., Oprea, A., Biggio, B., Pelillo, M., Roli, F.: Wild patterns reloaded: a survey of machine learning security against training data poisoning. ACM Comput. Surv. 55, 1\u201339 (2023)","journal-title":"ACM Comput. Surv."},{"key":"940_CR11","doi-asserted-by":"crossref","unstructured":"Das, A., Tariq, A., Batalini, F., Dhara, B., Banerjee, I.: Exposing vulnerabilities in clinical LLMs through data poisoning attacks: case study in breast cancer. MedRxiv (2024)","DOI":"10.1101\/2024.03.20.24304627"},{"key":"940_CR12","unstructured":"David, Mr Wells, UNSW_NB15. (2018) https:\/\/www.kaggle.com\/datasets\/mrwellsdavid\/unsw-nb15\/data"},{"key":"940_CR13","doi-asserted-by":"crossref","unstructured":"Drews, S., Albarghouthi, A.W.S., D\u2019Antoni, L.: Proving data-poisoning robustness in decision trees. In: Proceedings of the 41st ACM SIGPLAN conference on programming language design and implementation. pp 1083\u20131097 (2020)","DOI":"10.1145\/3385412.3385975"},{"issue":"16","key":"940_CR14","doi-asserted-by":"publisher","first-page":"6434","DOI":"10.3390\/su12166434","volume":"12","author":"C Dunn","year":"2020","unstructured":"Dunn, C., Moustafa, N., Turnbull, B.: Robustness evaluations of sustainable machine learning models against data poisoning attacks in the internet of things. Sustainability 12(16), 6434 (2020)","journal-title":"Sustainability"},{"key":"940_CR15","unstructured":"Geiping, J., Fowl, L., Huang, W.R., Czaja, W., Taylor, G., Moeller, M. and Goldstein, T.: Witches\u2019 brew: Industrial scale data poisoning via gradient matching. arXiv:2009.02276, (2020)"},{"key":"940_CR16","unstructured":"Geiping, J., Fowl, L., Somepalli, G., Goldblum, M., Moeller, M., Goldstein, T.: What doesn\u2019t kill you makes you robust (er): How to adversarially train against data poisoning. arXiv:2102.13624 (2021)"},{"key":"940_CR17","doi-asserted-by":"crossref","unstructured":"Jagielski, M., Severi, G., Pousette\u00a0Harger, N., Oprea, A.: Subpopulation data poisoning attacks. In: Proceedings of the 2021 ACM SIGSAC conference on computer and communications security, pp 3104\u20133122 (2021)","DOI":"10.1145\/3460120.3485368"},{"key":"940_CR18","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1016\/j.neunet.2023.11.019","volume":"170","author":"NM Jebreel","year":"2024","unstructured":"Jebreel, N.M., Domingo-Ferrer, J., Sanchez, D.: LFighter: defending against the label-flipping attack in federated learning. Neural Netw. 170, 111\u2013126 (2024)","journal-title":"Neural Netw."},{"key":"940_CR19","doi-asserted-by":"crossref","unstructured":"Jhong, S.Y., Tseng, P.Y., Siriphockpirom, N., Hsia, C.H., Huang, M.S., Hua, K.L. and Chen, Y.Y.: An automated biometric identification system using cnn-based palm vein recognition. In: 2020 international conference on advanced robotics and intelligent systems (ARIS), pages 1\u20136. IEEE, (2020)","DOI":"10.1109\/ARIS50834.2020.9205778"},{"key":"940_CR20","doi-asserted-by":"crossref","unstructured":"Koh, P.W., Steinhardt, J., Liang, P.: Stronger data poisoning attacks break data sanitization defenses. Mach. Learn. 111, 1\u201347 (2022)","DOI":"10.1007\/s10994-021-06119-y"},{"key":"940_CR21","doi-asserted-by":"crossref","unstructured":"Kshitiz, A., Maanak, G., Mahmoud, A.: Analysis of label-flip poisoning attack on machine learning based malware detector. In: 2022 IEEE International conference on big data (big data), pages 4236\u20134245. IEEE, (2022)","DOI":"10.1109\/BigData55660.2022.10020528"},{"key":"940_CR22","unstructured":"Malik, F.: CTU13-CSV-Dataset. (2022) https:\/\/github.com\/imfaisalmalik\/CTU13-CSV-Dataset"},{"key":"940_CR23","doi-asserted-by":"crossref","unstructured":"Mayerhofer, R., Mayer, R.: Poisoning attacks against feature-based image classification. In: Proceedings of the Twelfth ACM conference on data and application security and privacy, pp 358\u2013360 (2022)","DOI":"10.1145\/3508398.3519363"},{"key":"940_CR24","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3382839","author":"O Mengara","year":"2024","unstructured":"Mengara, O.: A backdoor approach with inverted labels using dirty label-flipping attacks. IEEE Access (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3382839","journal-title":"IEEE Access"},{"key":"940_CR25","unstructured":"Paracha, A., Arshad, J., Ben Farah, M., Ismail, K.: Exploring multi-class data poisoning against adversarially trained skin cancer diagnostics. Submitted to IEEE\/ACM international conference on utility and cloud computing (2024)"},{"key":"940_CR26","unstructured":"Paudice, A., Mu\u00f1oz-Gonz\u00e1lez, L., Gyorgy, A., Lupu, E.\u00a0C: Detection of adversarial training examples in poisoning attacks through anomaly detection. arXiv:1802.03041 (2018)"},{"key":"940_CR27","unstructured":"Qin, T., Gao, X., Zhao, J., Ye, K., Xu, Ch.-Z.: Learning the unlearnable: adversarial augmentations suppress unlearnable example attacks. arXiv:2303.15127 (2023)"},{"key":"940_CR28","first-page":"27374","volume":"35","author":"P Sandoval-Segura","year":"2022","unstructured":"Sandoval-Segura, P., Singla, V., Geiping, J., Goldblum, M., Goldstein, T., Jacobs, D.: Autoregressive perturbations for data poisoning. Adv. Neural. Inf. Process. Syst. 35, 27374\u201327386 (2022)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"940_CR29","unstructured":"Seraj, S.: BotDroid: Android Botnet Detection. (2022), https:\/\/www.kaggle.com\/datasets\/saeedseraj\/botdroid-android-botnet-detection"},{"key":"940_CR30","unstructured":"Severi, G., Meyer, J., Coull, S., Oprea, A.: Explanation-Guided backdoor poisoning attacks against malware classifiers. In: 30th USENIX Security Symposium (USENIX Security 21), pages 1487\u20131504. USENIX Association, (2021)"},{"key":"940_CR31","unstructured":"Shafahi, A., Huang, W.R., Najibi, M., Suciu, O., Studer, C., Dumitras, T., Goldstein, T.: Poison frogs! targeted clean-label poisoning attacks on neural networks. Advances in neural information processing systems, 31, (2018)"},{"key":"940_CR32","first-page":"16209","volume":"34","author":"L Tao","year":"2021","unstructured":"Tao, L., Feng, L., Yi, J., Huang, S.-J., Chen, S.: Better safe than sorry: preventing delusive adversaries with adversarial training. Adv. Neural. Inf. Process. Syst. 34, 16209\u201316225 (2021)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"940_CR33","doi-asserted-by":"crossref","unstructured":"Tolpegin, V., Truex, S., Gursoy, M.E. and Liu, L.: Data poisoning attacks against federated learning systems. In: Computer Security\u2013ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14\u201318, 2020, Proceedings, Part I 25, pages 480\u2013501. Springer, (2020)","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"940_CR34","doi-asserted-by":"crossref","unstructured":"Van, M.H., Du, W., Wu, X. and Lu, A.: Poisoning attacks on fair machine learning. In: International Conference on Database Systems for Advanced Applications, pages 370\u2013386. Springer, (2022)","DOI":"10.1007\/978-3-031-00123-9_30"},{"issue":"6","key":"940_CR35","doi-asserted-by":"publisher","first-page":"7623","DOI":"10.3233\/JIFS-179833","volume":"38","author":"H Wang","year":"2020","unstructured":"Wang, H., Cao, Z., Hong, B.: A network intrusion detection system based on convolutional neural network. J. Intell. Fuzzy Syst. 38(6), 7623\u20137637 (2020)","journal-title":"J. Intell. Fuzzy Syst."},{"key":"940_CR36","doi-asserted-by":"crossref","unstructured":"Xu, Q., Yang, Z., Zhao, Y., Cao, X., Huang, Q.: Rethinking label flipping attack: from sample masking to sample thresholding. IEEE Trans. Pattern Anal. Mach. Intell. (2022)","DOI":"10.1109\/TPAMI.2022.3220849"},{"key":"940_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118101","volume":"208","author":"FA Yerlikaya","year":"2022","unstructured":"Yerlikaya, F.A., Bahtiyar, \u015e: Data poisoning attacks against machine learning algorithms. Expert Syst. Appl. 208, 118101 (2022)","journal-title":"Expert Syst. Appl."},{"key":"940_CR38","doi-asserted-by":"crossref","unstructured":"Zhang, C., Tang, Z., Li, K.: Clean-label poisoning attack with perturbation causing dominant features. Inf. Sci. 644, 118899 (2023)","DOI":"10.1016\/j.ins.2023.03.124"},{"key":"940_CR39","unstructured":"Zhu, C., Huang, W.R., Li, H., Taylor, G., Studer, C. and Goldstein, T.: Transferable clean-label poisoning attacks on deep neural nets, (2019)"},{"key":"940_CR40","doi-asserted-by":"crossref","unstructured":"Zhu, C., Wang, H., Zhuang, Y., Li, J., Cao, Y.et\u00a0al.: A sparsity-limitation-based high-dimensional distribution searching algorithm for adversarial attack. J. Sens. (2022)","DOI":"10.1155\/2022\/4031440"},{"key":"940_CR41","doi-asserted-by":"crossref","unstructured":"Zhu, Y., Wen, H., Wu, J., Zhao, R.: Online data poisoning attack against edge AI paradigm for IoT-enabled smart city. Math. Biosci. Eng. 20, 17726\u201317746 (2023)","DOI":"10.3934\/mbe.2023788"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00940-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00940-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00940-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:15:25Z","timestamp":1739337325000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00940-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,25]]},"references-count":41,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["940"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00940-x","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2024,11,25]]},"assertion":[{"value":"25 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"29"}}