{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T04:52:48Z","timestamp":1781326368825,"version":"3.54.1"},"reference-count":161,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2024,7,11]],"date-time":"2024-07-11T00:00:00Z","timestamp":1720656000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,7,11]],"date-time":"2024-07-11T00:00:00Z","timestamp":1720656000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61876079"],"award-info":[{"award-number":["61876079"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["42275156"],"award-info":[{"award-number":["42275156"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Funding of Special Development Project of Tianchang Intelligent Equipment and Instrument Research Institute","award":["tzy202221"],"award-info":[{"award-number":["tzy202221"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Artif Intell Rev"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Federated learning has received a great deal of research attention recently,with privacy protection becoming a key factor in the development of artificial intelligence. Federated learning is a special kind of distributed learning framework, which allows multiple users to participate in model training while ensuring that their privacy is not compromised; however, this paradigm is still vulnerable to security and privacy threats from various attackers. This paper focuses on the security and privacy threats related to federated learning. First, we analyse the current research and development status of federated learning through use of the CiteSpace literature search tool. Next, we describe the basic concepts and threat models, and then analyse the security and privacy vulnerabilities within current federated learning architectures. Finally, the directions of development in this area are further discussed in the context of current advanced defence solutions, for which we provide a summary and comparison.<\/jats:p>","DOI":"10.1007\/s10462-024-10846-8","type":"journal-article","created":{"date-parts":[[2024,7,11]],"date-time":"2024-07-11T16:02:17Z","timestamp":1720713737000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":106,"title":["An overview of implementing security and privacy in federated learning"],"prefix":"10.1007","volume":"57","author":[{"given":"Kai","family":"Hu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sheng","family":"Gong","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Qi","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chaowen","family":"Seng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Min","family":"Xia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shanshan","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,7,11]]},"reference":[{"issue":"5","key":"10846_CR1","first-page":"1333","volume":"13","author":"Y Aono","year":"2017","unstructured":"Aono Y, Hayashi T, Wang L et al (2017) Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans Inf For Secur 13(5):1333\u20131345","journal-title":"IEEE Trans Inf For Secur"},{"key":"10846_CR2","unstructured":"Bagdasaryan E, Veit A, Hua Y, et\u00a0al (2020) How to backdoor federated learning. In: International conference on artificial intelligence and statistics, PMLR, pp 2938\u20132948"},{"key":"10846_CR3","doi-asserted-by":"crossref","unstructured":"Barreno M, Nelson B, Sears R, et\u00a0al (2006) Can machine learning be secure? In: Proceedings of the 2006 ACM symposium on information, computer and communications security, pp 16\u201325","DOI":"10.1145\/1128817.1128824"},{"key":"10846_CR4","doi-asserted-by":"crossref","unstructured":"Beimel A (2011) Secret-sharing schemes: a survey. In: International conference on coding and cryptology, Springer, pp 11\u201346","DOI":"10.1007\/978-3-642-20901-7_2"},{"key":"10846_CR5","doi-asserted-by":"crossref","unstructured":"Bellare M, Hoang VT, Rogaway P (2012) Foundations of garbled circuits. In: Proceedings of the 2012 ACM conference on computer and communications security, pp 784\u2013796","DOI":"10.1145\/2382196.2382279"},{"issue":"1","key":"10846_CR6","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1109\/MSEC.2020.3037619","volume":"19","author":"E Bertino","year":"2021","unstructured":"Bertino E (2021) Attacks on artificial intelligence [last word]. IEEE Secur Privacy 19(1):103\u2013104","journal-title":"IEEE Secur Privacy"},{"key":"10846_CR7","unstructured":"Bhagoji AN, Chakraborty S, Mittal P, et\u00a0al (2019) Analyzing federated learning through an adversarial lens. In: International conference on machine learning, PMLR, pp 634\u2013643"},{"key":"10846_CR8","unstructured":"Bhowmick A, Duchi J, Freudiger J, et\u00a0al (2018) Protection against reconstruction and its applications in private federated learning. arXiv preprint arXiv:1812.00984"},{"key":"10846_CR9","unstructured":"Biggio B, Nelson B, Laskov P (2012) Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389"},{"key":"10846_CR10","unstructured":"Blanchard P, El\u00a0Mhamdi EM, Guerraoui R, et\u00a0al (2017) Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in Neural Information Processing Systems 30"},{"issue":"104","key":"10846_CR11","first-page":"468","volume":"106","author":"A Blanco-Justicia","year":"2021","unstructured":"Blanco-Justicia A, Domingo-Ferrer J, Mart\u00ednez S et al (2021) Achieving security and privacy in federated learning systems: survey, research challenges and future directions. Eng Appl Artif Intell 106(104):468","journal-title":"Eng Appl Artif Intell"},{"key":"10846_CR12","doi-asserted-by":"publisher","first-page":"855","DOI":"10.1007\/978-3-030-65117-6_31","volume-title":"The Palgrave handbook of technological finance","author":"F Boissay","year":"2021","unstructured":"Boissay F, Ehlers T, Gambacorta L et al (2021) Big techs in finance: on the new nexus between data privacy and competition. The Palgrave handbook of technological finance. Springer, pp 855\u2013875"},{"key":"10846_CR13","unstructured":"Bonawitz K, Eichner H, Grieskamp W, et\u00a0al (2020) Tensorflow federated: machine learning on decentralized data"},{"key":"10846_CR14","doi-asserted-by":"crossref","unstructured":"Bonawitz K, Ivanov V, Kreuter B, et\u00a0al (2017) Practical secure aggregation for privacy-preserving machine learning. In: proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp 1175\u20131191","DOI":"10.1145\/3133956.3133982"},{"key":"10846_CR15","doi-asserted-by":"crossref","unstructured":"Bonawitz K, Salehi F, Kone\u010dn\u1ef3 J, et\u00a0al (2019) Federated learning with autotuned communication-efficient secure aggregation. In: 2019 53rd Asilomar conference on signals, systems, and computers, IEEE, pp 1222\u20131226","DOI":"10.1109\/IEEECONF44664.2019.9049066"},{"key":"10846_CR17","unstructured":"Caldas S, Kone\u010dny J, McMahan HB, et\u00a0al (2018) Expanding the reach of federated learning by reducing client resource requirements. arXiv preprint arXiv:1812.07210"},{"key":"10846_CR18","doi-asserted-by":"crossref","unstructured":"Cao D, Chang S, Lin Z, et\u00a0al (2019) Understanding distributed poisoning attack in federated learning. In: 2019 IEEE 25th international conference on parallel and distributed systems (ICPADS), IEEE, pp 233\u2013239","DOI":"10.1109\/ICPADS47876.2019.00042"},{"key":"10846_CR19","doi-asserted-by":"crossref","unstructured":"Cao X, Gong NZ (2022) Mpaf: Model poisoning attacks to federated learning based on fake clients. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition, pp 3396\u20133404","DOI":"10.1109\/CVPRW56347.2022.00383"},{"key":"10846_CR20","doi-asserted-by":"crossref","unstructured":"Chai Z, Ali A, Zawad S, et\u00a0al (2020) Tifl: A tier-based federated learning system. In: Proceedings of the 29th international symposium on high-performance parallel and distributed computing, pp 125\u2013136","DOI":"10.1145\/3369583.3392686"},{"key":"10846_CR21","doi-asserted-by":"crossref","unstructured":"Chase M, Ghosh E, Mahloujifar S (2021) Property inference from poisoning. arXiv preprint arXiv:2101.11073","DOI":"10.1109\/SP46214.2022.9833623"},{"issue":"3","key":"10846_CR22","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1002\/asi.20317","volume":"57","author":"C Chen","year":"2006","unstructured":"Chen C (2006) Citespace II: detecting and visualizing emerging trends and transient patterns in scientific literature. J Am Soc Inf Sci Technol 57(3):359\u2013377","journal-title":"J Am Soc Inf Sci Technol"},{"key":"10846_CR23","unstructured":"Chen C (2018) Cascading citation expansion. arXiv preprint arXiv:1806.00089"},{"issue":"7","key":"10846_CR24","doi-asserted-by":"publisher","first-page":"1386","DOI":"10.1002\/asi.21309","volume":"61","author":"C Chen","year":"2010","unstructured":"Chen C, Ibekwe-SanJuan F, Hou J (2010) The structure and dynamics of cocitation clusters: a multiple-perspective cocitation analysis. J Am Soc Inf Sci Technol 61(7):1386\u20131409","journal-title":"J Am Soc Inf Sci Technol"},{"key":"10846_CR25","unstructured":"Chen CL, Golubchik L, Paolieri M (2020a) Backdoor attacks on federated meta-learning. arXiv preprint arXiv:2006.07026"},{"key":"10846_CR26","doi-asserted-by":"crossref","unstructured":"Chen J, Zhang J, Zhao Y, et\u00a0al (2020b) Beyond model-level membership privacy leakage: an adversarial approach in federated learning. In: 2020 29th international conference on computer communications and networks (ICCCN), IEEE, pp 1\u20139","DOI":"10.1109\/ICCCN49398.2020.9209744"},{"issue":"11","key":"10846_CR27","doi-asserted-by":"publisher","first-page":"1087","DOI":"10.14778\/3402707.3402744","volume":"4","author":"R Chen","year":"2011","unstructured":"Chen R, Mohammed N, Fung BC et al (2011) Publishing set-valued data via differential privacy. Proc VLDB Endow 4(11):1087\u20131098","journal-title":"Proc VLDB Endow"},{"issue":"04","key":"10846_CR28","first-page":"565","volume":"08","author":"Y Chen","year":"2018","unstructured":"Chen Y, Gao X (2018) The latest progress of deep learning. Comput Sci Appl 08(04):565\u2013571","journal-title":"Comput Sci Appl"},{"issue":"2","key":"10846_CR29","first-page":"1","volume":"1","author":"Y Chen","year":"2017","unstructured":"Chen Y, Su L, Xu J (2017) Distributed statistical machine learning in adversarial settings: byzantine gradient descent. Proc ACM Meas Anal Comput Syst 1(2):1\u201325","journal-title":"Proc ACM Meas Anal Comput Syst"},{"issue":"10","key":"10846_CR30","doi-asserted-by":"publisher","first-page":"4229","DOI":"10.1109\/TNNLS.2019.2953131","volume":"31","author":"Y Chen","year":"2019","unstructured":"Chen Y, Sun X, Jin Y (2019) Communication-efficient federated deep learning with layerwise asynchronous model update and temporally weighted aggregation. IEEE Trans Neural Netw Learn Syst 31(10):4229\u20134238","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"issue":"2","key":"10846_CR31","doi-asserted-by":"publisher","first-page":"684","DOI":"10.3390\/s22020684","volume":"22","author":"Z Chen","year":"2022","unstructured":"Chen Z, Cui H, Wu E et al (2022) Dynamic asynchronous anti poisoning federated deep learning with blockchain-based reputation-aware solutions. Sensors 22(2):684","journal-title":"Sensors"},{"issue":"5","key":"10846_CR32","first-page":"675","volume":"52","author":"Z Chenbin","year":"2020","unstructured":"Chenbin Z (2020) Review of federated learning security and privacy protection. J Nanjing Univ Aeronaut Astronaut Nanjing Hangkong Hangtian Daxue Xuebao 52(5):675\u2013684","journal-title":"J Nanjing Univ Aeronaut Astronaut Nanjing Hangkong Hangtian Daxue Xuebao"},{"issue":"6","key":"10846_CR33","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1109\/MIS.2021.3082561","volume":"36","author":"K Cheng","year":"2021","unstructured":"Cheng K, Fan T, Jin Y et al (2021) Secureboost: a lossless federated learning framework. IEEE Intell Syst 36(6):87\u201398","journal-title":"IEEE Intell Syst"},{"issue":"7","key":"10846_CR34","first-page":"310","volume":"49","author":"L Chenmingxin","year":"2020","unstructured":"Chenmingxin L (2020) Review of federated learning attack and defense research. Comput Sci 49(7):310\u2013323","journal-title":"Comput Sci"},{"key":"10846_CR35","unstructured":"Danezis G, Domingo-Ferrer J, Hansen M, et\u00a0al (2015) Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726"},{"key":"10846_CR36","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1016\/j.ins.2016.05.050","volume":"367","author":"J Domingo-Ferrer","year":"2016","unstructured":"Domingo-Ferrer J, Farras O, Mart\u00ednez S et al (2016) Self-enforcing protocols via co-utile reputation management. Inf Sci 367:159\u2013175","journal-title":"Inf Sci"},{"key":"10846_CR37","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1016\/j.engappai.2016.12.023","volume":"59","author":"J Domingo-Ferrer","year":"2017","unstructured":"Domingo-Ferrer J, Mart\u00ednez S, S\u00e1nchez D et al (2017) Co-utility: self-enforcing protocols for the mutual benefit of participants. Eng Appl Artif Intell 59:148\u2013158","journal-title":"Eng Appl Artif Intell"},{"issue":"5","key":"10846_CR38","doi-asserted-by":"publisher","first-page":"3988","DOI":"10.1109\/JIOT.2021.3102155","volume":"9","author":"J Domingo-Ferrer","year":"2021","unstructured":"Domingo-Ferrer J, Blanco-Justicia A, Manj\u00f3n J et al (2021) Secure and privacy-preserving federated learning via co-utility. IEEE Internet Things J 9(5):3988\u20134000","journal-title":"IEEE Internet Things J"},{"key":"10846_CR39","doi-asserted-by":"crossref","unstructured":"Dube P, Suk T, Wang C (2019) Ai gauge: Runtime estimation for deep learning in the cloud. In: 2019 31st international symposium on computer architecture and high performance computing (SBAC-PAD), IEEE, pp 160\u2013167","DOI":"10.1109\/SBAC-PAD.2019.00035"},{"key":"10846_CR40","unstructured":"Dwork C (2006) Automata, languages and programming. In: 33rd international colloquium, ICALP"},{"issue":"3\u2014-4","key":"10846_CR41","first-page":"211","volume":"9","author":"C Dwork","year":"2014","unstructured":"Dwork C, Roth A et al (2014) The algorithmic foundations of differential privacy. Found Trends Theor Comput Sci 9(3\u2014-4):211\u2013407","journal-title":"Found Trends Theor Comput Sci"},{"issue":"18","key":"10846_CR42","doi-asserted-by":"publisher","first-page":"7722","DOI":"10.3390\/s23187722","volume":"23","author":"A Famili","year":"2023","unstructured":"Famili A, Lao Y (2023) Deep neural network quantization framework for effective defense against membership inference attacks. Sensors 23(18):7722","journal-title":"Sensors"},{"key":"10846_CR43","unstructured":"Fang M, Cao X, Jia J, et\u00a0al (2020) Local model poisoning attacks to $$\\{$$Byzantine-Robust$$\\}$$ federated learning. In: 29th USENIX security symposium (USENIX Security 20), pp 1605\u20131622"},{"key":"10846_CR44","first-page":"7068","volume":"34","author":"S Fort","year":"2021","unstructured":"Fort S, Ren J, Lakshminarayanan B (2021) Exploring the limits of out-of-distribution detection. Adv Neural Inf Process Syst 34:7068\u20137081","journal-title":"Adv Neural Inf Process Syst"},{"key":"10846_CR45","unstructured":"Fraboni Y, Vidal R, Lorenzi M (2021) Free-rider attacks on model aggregation in federated learning. In: International conference on artificial intelligence and statistics, PMLR, pp 1846\u20131854"},{"key":"10846_CR46","unstructured":"Fu C, Zhang X, Ji S, et\u00a0al (2022) Label inference attacks against vertical federated learning. In: 31st USENIX security symposium (USENIX Security 22), pp 1397\u20131414"},{"key":"10846_CR47","unstructured":"Fung C, Yoon CJ, Beschastnikh I (2018) Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866"},{"key":"10846_CR48","first-page":"16937","volume":"33","author":"J Geiping","year":"2020","unstructured":"Geiping J, Bauermeister H, Dr\u00f6ge H et al (2020) Inverting gradients-how easy is it to break privacy in federated learning? Adv Neural Inf Process Syst 33:16937\u201316947","journal-title":"Adv Neural Inf Process Syst"},{"issue":"7","key":"10846_CR49","doi-asserted-by":"publisher","first-page":"1176","DOI":"10.1109\/JSTSP.2015.2425831","volume":"9","author":"Q Geng","year":"2015","unstructured":"Geng Q, Kairouz P, Oh S et al (2015) The staircase mechanism in differential privacy. IEEE J Select Topics Signal Process 9(7):1176\u20131184","journal-title":"IEEE J Select Topics Signal Process"},{"key":"10846_CR50","unstructured":"Geyer RC, Klein T, Nabi M (2017) Differentially private federated learning: a client level perspective. arXiv preprint arXiv:1712.07557"},{"key":"10846_CR51","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511721656","volume-title":"Foundations of cryptography","author":"O Goldreich","year":"2004","unstructured":"Goldreich O (2004) Foundations of cryptography, vol 2. Cambridge University Press, Cambridge"},{"issue":"1","key":"10846_CR52","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BF00195207","volume":"7","author":"O Goldreich","year":"1994","unstructured":"Goldreich O, Oren Y (1994) Definitions and properties of zero-knowledge proof systems. J Cryptol 7(1):1\u201332","journal-title":"J Cryptol"},{"issue":"1","key":"10846_CR53","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MNET.011.2000783","volume":"36","author":"X Gong","year":"2022","unstructured":"Gong X, Chen Y, Huang H et al (2022) Coordinated backdoor attacks against federated learning with model-dependent triggers. IEEE Netw 36(1):84\u201390","journal-title":"IEEE Netw"},{"key":"10846_CR54","first-page":"2672","volume-title":"Advances in neural information processing systems","author":"I Goodfellow","year":"2014","unstructured":"Goodfellow I, Pouget-Abadie J, Mirza M et al (2014) Advances in neural information processing systems, vol 27. Curran Associates, Inc, pp 2672\u20132680"},{"key":"10846_CR55","unstructured":"Gu T, Dolan-Gavitt B, Garg S (2017) Badnets: identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733"},{"key":"10846_CR56","unstructured":"Gupta U, Stripelis D, Lam PK, et\u00a0al (2021) Membership inference attacks on deep regression models for neuroimaging. In: Medical imaging with deep learning, PMLR, pp 228\u2013251"},{"key":"10846_CR57","volume-title":"Federated learning","author":"F Hartmann","year":"2018","unstructured":"Hartmann F, Rojas R (2018) Federated learning. Freie Universit\u00e4t, Berlin"},{"key":"10846_CR58","doi-asserted-by":"crossref","unstructured":"Hei\u00a0Li K, Porto Buarque\u00a0de Gusm\u00e3o P, Beutel DJ, et\u00a0al (2022) Secure aggregation for federated learning in flower. arXiv e-prints pp arXiv\u20132205","DOI":"10.1145\/3488659.3493776"},{"key":"10846_CR59","doi-asserted-by":"crossref","unstructured":"Hitaj B, Ateniese G, Perez-Cruz F (2017) Deep models under the gan: information leakage from collaborative deep learning. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp 603\u2013618","DOI":"10.1145\/3133956.3134012"},{"issue":"5","key":"10846_CR60","doi-asserted-by":"publisher","first-page":"3562","DOI":"10.1109\/TII.2021.3112100","volume":"18","author":"B Hou","year":"2021","unstructured":"Hou B, Gao J, Guo X et al (2021) Mitigating the backdoor attack by federated filters for industrial IOT applications. IEEE Trans Ind Inform 18(5):3562\u20133571","journal-title":"IEEE Trans Ind Inform"},{"key":"10846_CR61","doi-asserted-by":"publisher","first-page":"8261663","DOI":"10.1155\/2021\/8261663","volume":"2021","author":"K Hu","year":"2021","unstructured":"Hu K, Li Y, Xia M et al (2021) (2021) Federated learning: a distributed shared machine learning method. Complexity 2021:8261663","journal-title":"Complexity"},{"key":"10846_CR62","doi-asserted-by":"crossref","unstructured":"Huang L, Joseph AD, Nelson B, et\u00a0al (2011) Adversarial machine learning. In: Proceedings of the 4th ACM workshop on Security and artificial intelligence, pp 43\u201358","DOI":"10.1145\/2046684.2046692"},{"key":"10846_CR63","doi-asserted-by":"publisher","first-page":"1002","DOI":"10.1109\/TIFS.2019.2931068","volume":"15","author":"Z Huang","year":"2019","unstructured":"Huang Z, Hu R, Guo Y et al (2019) DP-ADMM: ADMM-based distributed learning with differential privacy. IEEE Trans Inf For Secur 15:1002\u20131012","journal-title":"IEEE Trans Inf For Secur"},{"key":"10846_CR64","doi-asserted-by":"crossref","unstructured":"Ilias C, Georgios S (2019) Machine learning for all: a more robust federated learning framework. In: Proceedings of the 5th international conference on information systems security and privacy, pp 544\u2013551","DOI":"10.5220\/0007571705440551"},{"issue":"110","key":"10846_CR65","first-page":"178","volume":"260","author":"NM Jebreel","year":"2023","unstructured":"Jebreel NM, Domingo-Ferrer J (2023) Fl-defender: combating targeted attacks in federated learning. Knowl Based Syst 260(110):178","journal-title":"Knowl Based Syst"},{"key":"10846_CR66","unstructured":"Jebreel NM, Domingo-Ferrer J, Blanco-Justicia A, et\u00a0al (2022) Enhanced security and privacy via fragmented federated learning. IEEE transactions on neural networks and learning systems"},{"key":"10846_CR67","first-page":"994","volume":"34","author":"X Jin","year":"2021","unstructured":"Jin X, Chen PY, Hsu CY et al (2021) Cafe: catastrophic data leakage in vertical federated learning. Adv Neural Inf Process Syst 34:994\u20131006","journal-title":"Adv Neural Inf Process Syst"},{"issue":"1\u2014-2","key":"10846_CR68","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1561\/2200000083","volume":"14","author":"P Kairouz","year":"2021","unstructured":"Kairouz P, McMahan HB, Avent B et al (2021) Advances and open problems in federated learning. Found Trends Mach Learn 14(1\u2014-2):1\u2013210","journal-title":"Found Trends Mach Learn"},{"key":"10846_CR69","doi-asserted-by":"crossref","unstructured":"Kang J, Xiong Z, Niyato D, et\u00a0al (2019) Incentive design for efficient federated learning in mobile networks: A contract theory approach. In: 2019 IEEE VTS Asia pacific wireless communications symposium (APWCS), IEEE, pp 1\u20135","DOI":"10.1109\/VTS-APWCS.2019.8851649"},{"issue":"1","key":"10846_CR70","doi-asserted-by":"publisher","first-page":"1","DOI":"10.29012\/jpc.v6i1.634","volume":"6","author":"SP Kasiviswanathan","year":"2014","unstructured":"Kasiviswanathan SP, Smith A (2014) On the \u2018semantics\u2019 of differential privacy: a Bayesian formulation. J Privacy Confident 6(1):1","journal-title":"J Privacy Confident"},{"key":"10846_CR71","unstructured":"Kone\u010dn\u1ef3 J, McMahan HB, Ramage D, et\u00a0al (2016) Federated optimization: distributed machine learning for on-device intelligence. arXiv preprint arXiv:1610.02527"},{"key":"10846_CR72","volume-title":"Learning multiple layers of features from tiny images","author":"A Krizhevsky","year":"2009","unstructured":"Krizhevsky A, Hinton G et al (2009) Learning multiple layers of features from tiny images. University of Toronto"},{"key":"10846_CR73","doi-asserted-by":"crossref","unstructured":"Lamport L, Shostak R, Pease M (2019) The byzantine generals problem. In: Concurrency: the works of leslie lamport, pp 203\u2013226","DOI":"10.1145\/3335772.3335936"},{"issue":"11","key":"10846_CR74","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun Y, Bottou L, Bengio Y et al (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278\u20132324","journal-title":"Proc IEEE"},{"key":"10846_CR75","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102378","volume":"109","author":"H Lee","year":"2021","unstructured":"Lee H, Kim J, Ahn S et al (2021) Digestive neural networks: a novel defense strategy against inference attacks in federated learning. Comput Secur 109:102378","journal-title":"Comput Secur"},{"key":"10846_CR76","doi-asserted-by":"crossref","unstructured":"Leroy D, Coucke A, Lavril T et al (2019) Federated learning for keyword spotting. In: ICASSP 2019\u20132019 IEEE international conference on acoustics. IEEE, speech and signal processing (ICASSP), pp 6341\u20136345","DOI":"10.1109\/ICASSP.2019.8683546"},{"issue":"8","key":"10846_CR77","doi-asserted-by":"publisher","first-page":"6814","DOI":"10.1109\/TVT.2018.2822762","volume":"67","author":"L Li","year":"2018","unstructured":"Li L, Ota K, Dong M (2018) Humanlike driving: empirical decision-making system for autonomous vehicles. IEEE Trans Vehicular Technol 67(8):6814\u20136823","journal-title":"IEEE Trans Vehicular Technol"},{"key":"10846_CR78","unstructured":"Li O, Sun J, Yang X, et\u00a0al (2021a) Label leakage and protection in two-party split learning. arXiv preprint arXiv:2102.08504"},{"key":"10846_CR79","doi-asserted-by":"crossref","unstructured":"Li X, Qu Z, Tang B, et\u00a0al (2021b) Stragglers are not disaster: a hybrid federated learning algorithm with delayed gradients. arXiv preprint arXiv:2102.06329","DOI":"10.1109\/ICMLA55696.2022.00121"},{"key":"10846_CR80","unstructured":"Li Z, Huang Z, Chen C, et\u00a0al (2019) Quantification of the leakage in federated learning. arXiv preprint arXiv:1910.05467"},{"key":"10846_CR81","doi-asserted-by":"crossref","unstructured":"Liu L, Zhang J, Song S, et\u00a0al (2020) Client-edge-cloud hierarchical federated learning. In: ICC 2020-2020 IEEE international conference on communications (ICC), IEEE, pp 1\u20136","DOI":"10.1109\/ICC40277.2020.9148862"},{"key":"10846_CR82","doi-asserted-by":"crossref","unstructured":"Liu T, Li M, Zheng H, et\u00a0al (2022) Evil vs evil: using adversarial examples to against backdoor attack in federated learning. Multimedia systems pp 1\u201316","DOI":"10.1007\/s00530-022-00965-z"},{"key":"10846_CR83","unstructured":"Loo N, Hasani R, Lechner M, et\u00a0al (2023) Dataset distillation fixes dataset reconstruction attacks. arXiv preprint arXiv:2302.01428"},{"issue":"2","key":"10846_CR84","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1016\/j.zemedi.2018.11.002","volume":"29","author":"AS Lundervold","year":"2019","unstructured":"Lundervold AS, Lundervold A (2019) An overview of deep learning in medical imaging focusing on MRI. Zeitschrift f\u00fcr Medizinische Physik 29(2):102\u2013127","journal-title":"Zeitschrift f\u00fcr Medizinische Physik"},{"key":"10846_CR85","doi-asserted-by":"crossref","unstructured":"Luo X, Wu Y, Xiao X, et\u00a0al (2021) Feature inference attack on model predictions in vertical federated learning. In: 2021 IEEE 37th international conference on data engineering (ICDE), IEEE, pp 181\u2013192","DOI":"10.1109\/ICDE51399.2021.00023"},{"key":"10846_CR86","unstructured":"Luping W, Wei W, Bo L (2019) Cmfl: Mitigating communication overhead for federated learning. In: 2019 IEEE 39th international conference on distributed computing systems (ICDCS), IEEE, pp 954\u2013964"},{"key":"10846_CR87","doi-asserted-by":"crossref","unstructured":"Lyu L, Yu H, Yang Q (2020) Threats to federated learning: a survey. arXiv preprint arXiv:2003.02133","DOI":"10.1007\/978-3-030-63076-8_1"},{"key":"10846_CR88","doi-asserted-by":"publisher","first-page":"5880","DOI":"10.1002\/int.22818","volume":"37","author":"J Ma","year":"2022","unstructured":"Ma J, Naas SA, Sigg S et al (2022) Privacy-preserving federated learning based on multi-key homomorphic encryption. Int J Intell Syst 37:5880\u2013901","journal-title":"Int J Intell Syst"},{"key":"10846_CR89","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/TIFS.2022.3169918","volume":"17","author":"Z Ma","year":"2022","unstructured":"Ma Z, Ma J, Miao Y et al (2022) Shieldfl: mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Trans Inf For Secur 17:1639\u20131654","journal-title":"IEEE Trans Inf For Secur"},{"issue":"5","key":"10846_CR90","doi-asserted-by":"publisher","first-page":"e13072","DOI":"10.1111\/exsy.13072","volume":"40","author":"P Manoharan","year":"2023","unstructured":"Manoharan P, Walia R, Iwendi C et al (2023) SVM-based generative adverserial networks for federated learning and edge computing attack model and outpoising. Expert Syst 40(5):e13072","journal-title":"Expert Syst"},{"key":"10846_CR91","doi-asserted-by":"crossref","unstructured":"Mao Y, Zhu X, Zheng W, et\u00a0al (2019) A novel user membership leakage attack in collaborative deep learning. In: 2019 11th international conference on wireless communications and signal processing (WCSP), IEEE, pp 1\u20136","DOI":"10.1109\/WCSP.2019.8927871"},{"key":"10846_CR92","doi-asserted-by":"crossref","unstructured":"Matsumoto T, Miura T, Yanai N (2023) Membership inference attacks against diffusion models. arXiv preprint arXiv:2302.03262","DOI":"10.1109\/SPW59333.2023.00013"},{"key":"10846_CR93","unstructured":"McMahan B, Moore E, Ramage D, et\u00a0al (2017a) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics, PMLR, pp 1273\u20131282"},{"key":"10846_CR94","unstructured":"McMahan HB, Ramage D, Talwar K, et\u00a0al (2017b) Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963"},{"key":"10846_CR95","doi-asserted-by":"crossref","unstructured":"Melis L, Song C, De\u00a0Cristofaro E, et\u00a0al (2019) Exploiting unintended feature leakage in collaborative learning. In: 2019 IEEE symposium on security and privacy (SP), IEEE, pp 691\u2013706","DOI":"10.1109\/SP.2019.00029"},{"key":"10846_CR96","doi-asserted-by":"crossref","unstructured":"Mironov I (2017) R\u00e9nyi differential privacy. In: 2017 IEEE 30th computer security foundations symposium (CSF), IEEE, pp 263\u2013275","DOI":"10.1109\/CSF.2017.11"},{"key":"10846_CR97","unstructured":"Mo F, Borovykh A, Malekzadeh M, et\u00a0al (2020) Layer-wise characterization of latent information leakage in federated learning. arXiv preprint arXiv:2010.08762"},{"key":"10846_CR98","doi-asserted-by":"crossref","unstructured":"Mohammed N, Chen R, Fung BC, et\u00a0al (2011) Differentially private data release for data mining. In: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining, pp 493\u2013501","DOI":"10.1145\/2020408.2020487"},{"key":"10846_CR99","unstructured":"Mohri M, Sivek G, Suresh AT (2019) Agnostic federated learning. In: International conference on machine learning, PMLR, pp 4615\u20134625"},{"key":"10846_CR100","doi-asserted-by":"crossref","unstructured":"Nasr M, Shokri R, Houmansadr A (2019) Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In: 2019 IEEE symposium on security and privacy (SP), IEEE, pp 739\u2013753","DOI":"10.1109\/SP.2019.00065"},{"key":"10846_CR101","doi-asserted-by":"crossref","unstructured":"Nilsson A, Smith S, Ulm G, et\u00a0al (2018) A performance evaluation of federated learning algorithms. In: Proceedings of the second workshop on distributed infrastructures for deep learning, pp 1\u20138","DOI":"10.1145\/3286490.3286559"},{"key":"10846_CR102","doi-asserted-by":"crossref","unstructured":"Nishio T, Yonetani R (2019) Client selection for federated learning with heterogeneous resources in mobile edge. In: ICC 2019-2019 IEEE international conference on communications (ICC), IEEE, pp 1\u20137","DOI":"10.1109\/ICC.2019.8761315"},{"key":"10846_CR103","doi-asserted-by":"crossref","unstructured":"Ozdayi MS, Kantarcioglu M, Gel YR (2021) Defending against backdoors in federated learning with robust learning rate. In: Proceedings of the AAAI conference on artificial intelligence, pp 9268\u20139276","DOI":"10.1609\/aaai.v35i10.17118"},{"key":"10846_CR104","unstructured":"Panda A, Mahloujifar S, Bhagoji AN, et\u00a0al (2022) Sparsefed: Mitigating model poisoning attacks in federated learning with sparsification. In: International conference on artificial intelligence and statistics, PMLR, pp 7587\u20137624"},{"key":"10846_CR105","unstructured":"Pichler G, Romanelli M, Vega LR, et\u00a0al (2022) Perfectly accurate membership inference by a dishonest central server in federated learning. arXiv preprint arXiv:2203.16463"},{"issue":"5","key":"10846_CR106","doi-asserted-by":"publisher","first-page":"3569","DOI":"10.1007\/s10462-021-10098-w","volume":"55","author":"A Qammar","year":"2022","unstructured":"Qammar A, Ding J, Ning H (2022) Federated learning attack surface: taxonomy, cyber defences, challenges, and future directions. Artif Intell Rev 55(5):3569\u20133606","journal-title":"Artif Intell Rev"},{"key":"10846_CR107","unstructured":"Radford A, Metz L, Chintala S (2015) Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434"},{"issue":"107","key":"10846_CR108","first-page":"763","volume":"236","author":"A Raza","year":"2022","unstructured":"Raza A, Tran KP, Koehl L et al (2022) Designing ECG monitoring healthcare system with federated transfer learning and explainable AI. Knowl Based Syst 236(107):763","journal-title":"Knowl Based Syst"},{"issue":"4","key":"10846_CR109","first-page":"1","volume":"13","author":"H Ren","year":"2022","unstructured":"Ren H, Deng J, Xie X (2022) GRNN: generative regression neural network-a data leakage attack for federated learning. ACM Trans Intell Syst Technol (TIST) 13(4):1\u201324","journal-title":"ACM Trans Intell Syst Technol (TIST)"},{"key":"10846_CR110","doi-asserted-by":"crossref","unstructured":"Ribero M, Vikalo H (2020) Communication-efficient federated learning via optimal client sampling. arXiv preprint arXiv:2007.15197","DOI":"10.52591\/lxai2020071310"},{"key":"10846_CR111","doi-asserted-by":"crossref","unstructured":"Rieger P, Nguyen TD, Miettinen M, et\u00a0al (2022) Deepsight: Mitigating backdoor attacks in federated learning through deep model inspection. arXiv preprint arXiv:2201.00763","DOI":"10.14722\/ndss.2022.23156"},{"issue":"108","key":"10846_CR112","first-page":"588","volume":"245","author":"N Rodr\u00edguez-Barroso","year":"2022","unstructured":"Rodr\u00edguez-Barroso N, Mart\u00ednez-C\u00e1mara E, Luz\u00f3n MV et al (2022) Backdoor attacks-resilient aggregation based on robust filtering of outliers in federated learning for image classification. Knowl Based Syst 245(108):588","journal-title":"Knowl Based Syst"},{"key":"10846_CR113","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.future.2022.03.003","volume":"133","author":"N Rodr\u00edguez-Barroso","year":"2022","unstructured":"Rodr\u00edguez-Barroso N, Mart\u00ednez-C\u00e1mara E, Luz\u00f3n MV et al (2022) Dynamic defense against byzantine poisoning attacks in federated learning. Future Gen Comput Syst 133:1\u20139","journal-title":"Future Gen Comput Syst"},{"key":"10846_CR114","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1016\/j.inffus.2022.09.011","volume":"90","author":"N Rodr\u00edguez-Barroso","year":"2023","unstructured":"Rodr\u00edguez-Barroso N, Jim\u00e9nez-L\u00f3pez D, Luz\u00f3n MV et al (2023) Survey on federated learning threats: concepts, taxonomy on attacks and defences, experimental study and challenges. Inf Fus 90:148\u2013173","journal-title":"Inf Fus"},{"key":"10846_CR115","unstructured":"Salimans T, Goodfellow I, Zaremba W, et\u00a0al (2016) Improved techniques for training gans. Advances in neural information processing systems, 29"},{"key":"10846_CR116","doi-asserted-by":"crossref","unstructured":"Sattler F, Wiedemann S, M\u00fcller KR, et\u00a0al (2019) Sparse binary compression: Towards distributed deep learning with minimal communication. In: 2019 international joint conference on neural networks (IJCNN), IEEE, pp 1\u20138","DOI":"10.1109\/IJCNN.2019.8852172"},{"key":"10846_CR117","unstructured":"Shafahi A, Huang WR, Najibi M, et\u00a0al (2018) Poison frogs! targeted clean-label poisoning attacks on neural networks. Advances in neural information processing systems 31"},{"issue":"4","key":"10846_CR118","doi-asserted-by":"publisher","first-page":"2265","DOI":"10.1109\/JIOT.2020.3028110","volume":"8","author":"M Shen","year":"2020","unstructured":"Shen M, Wang H, Zhang B et al (2020) Exploiting unintended property leakage in blockchain-assisted federated learning for intelligent edge computing. IEEE Intern Things J 8(4):2265\u20132275","journal-title":"IEEE Intern Things J"},{"issue":"2","key":"10846_CR119","doi-asserted-by":"publisher","first-page":"596","DOI":"10.1109\/JSAC.2021.3118347","volume":"40","author":"S Shi","year":"2021","unstructured":"Shi S, Hu C, Wang D et al (2021) Federated anomaly analytics for local model poisoning attack. IEEE J Select Areas Commun 40(2):596\u2013610","journal-title":"IEEE J Select Areas Commun"},{"key":"10846_CR120","doi-asserted-by":"crossref","unstructured":"Shokri R, Stronati M, Song C, et\u00a0al (2017) Membership inference attacks against machine learning models. In: 2017 IEEE symposium on security and privacy (SP), IEEE, pp 3\u201318","DOI":"10.1109\/SP.2017.41"},{"issue":"2","key":"10846_CR121","doi-asserted-by":"publisher","first-page":"260","DOI":"10.3390\/electronics12020260","volume":"12","author":"HS Sikandar","year":"2023","unstructured":"Sikandar HS, Waheed H, Tahir S et al (2023) A detailed survey on federated learning attacks and defenses. Electronics 12(2):260","journal-title":"Electronics"},{"key":"10846_CR122","doi-asserted-by":"publisher","first-page":"11365","DOI":"10.1109\/JIOT.2021.3128646","volume":"9","author":"G Sun","year":"2021","unstructured":"Sun G, Cong Y, Dong J et al (2021) Data poisoning attacks on federated machine learning. IEEE Intern Things J 9:11365\u201375","journal-title":"IEEE Intern Things J"},{"key":"10846_CR123","first-page":"12613","volume":"34","author":"J Sun","year":"2021","unstructured":"Sun J, Li A, DiValentin L et al (2021) FL-WBC: enhancing robustness against model poisoning attacks in federated learning from a client perspective. Adv Neural Inf Process Syst 34:12613\u201312624","journal-title":"Adv Neural Inf Process Syst"},{"key":"10846_CR124","unstructured":"Suri A, Kanani P, Marathe VJ, et\u00a0al (2022) Subject membership inference attacks in federated learning. arXiv preprint arXiv:2206.03317"},{"issue":"11","key":"10846_CR125","doi-asserted-by":"publisher","first-page":"7021","DOI":"10.3934\/era.2023356","volume":"31","author":"Q Tan","year":"2023","unstructured":"Tan Q, Che X, Wu S et al (2023) Privacy amplification for wireless federated learning with r\u00e9nyi differential privacy and subsampling. Electr Res Arch 31(11):7021\u20137039","journal-title":"Electr Res Arch"},{"key":"10846_CR126","doi-asserted-by":"crossref","unstructured":"Tolpegin V, Truex S, Gursoy ME, et\u00a0al (2020) Data poisoning attacks against federated learning systems. In: European symposium on research in computer security, Springer, pp 480\u2013501","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"10846_CR127","doi-asserted-by":"crossref","unstructured":"Triastcyn A, Faltings B (2019) Federated learning with bayesian differential privacy. In: 2019 IEEE international conference on big data (Big Data), IEEE, pp 2587\u20132596","DOI":"10.1109\/BigData47090.2019.9005465"},{"key":"10846_CR128","doi-asserted-by":"crossref","unstructured":"Truex S, Liu L, Gursoy ME, et\u00a0al (2019) Demystifying membership inference attacks in machine learning as a service. IEEE Trans Serv Comput 14:2073-89","DOI":"10.1109\/TSC.2019.2897554"},{"key":"10846_CR16","unstructured":"van Breugel B, Sun H, Qian Z, et\u00a0al (2023) Membership inference attacks against synthetic data through overfitting detection. arXiv preprint arXiv:2302.12580"},{"key":"10846_CR129","doi-asserted-by":"crossref","unstructured":"Wan W, Hu S, Li M, et\u00a0al (2023) A four-pronged defense against byzantine attacks in federated learning. In: Proceedings of the 31st ACM international conference on multimedia, pp 7394\u20137402","DOI":"10.1145\/3581783.3612474"},{"key":"10846_CR130","doi-asserted-by":"crossref","unstructured":"Wang B, Yao Y, Shan S, et\u00a0al (2019a) Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE symposium on security and privacy (SP), IEEE, pp 707\u2013723","DOI":"10.1109\/SP.2019.00031"},{"issue":"2","key":"10846_CR131","first-page":"1","volume":"22","author":"D Wang","year":"2021","unstructured":"Wang D, Wen S, Jolfaei A et al (2021) On the neural backdoor of federated generative models in edge computing. ACM Trans Intern Technol (TOIT) 22(2):1\u201321","journal-title":"ACM Trans Intern Technol (TOIT)"},{"key":"10846_CR132","doi-asserted-by":"crossref","unstructured":"Wang H, Kaplan Z, Niu D, et\u00a0al (2020a) Optimizing federated learning on non-iid data with reinforcement learning. In: IEEE INFOCOM 2020-IEEE conference on computer communications, IEEE, pp 1698\u20131707","DOI":"10.1109\/INFOCOM41043.2020.9155494"},{"key":"10846_CR133","unstructured":"Wang L, Xu S, Wang X, et\u00a0al (2019b) Eavesdrop the composition proportion of training labels in federated learning. arXiv preprint arXiv:1910.06044"},{"key":"10846_CR134","doi-asserted-by":"crossref","unstructured":"Wang Z, Song M, Zhang Z, et\u00a0al (2019c) Beyond inferring class representatives: User-level privacy leakage from federated learning. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications, IEEE, pp 2512\u20132520","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"10846_CR135","unstructured":"Wang Z, Yang Y, Liu Y, et\u00a0al (2020b) Cloud-based federated boosting for mobile crowdsensing. arXiv preprint arXiv:2005.05304"},{"key":"10846_CR136","doi-asserted-by":"crossref","unstructured":"Wei W, Liu L, Loper M, et\u00a0al (2020) A framework for evaluating client privacy leakages in federated learning. In: European symposium on research in computer security, Springer, pp 545\u2013566","DOI":"10.1007\/978-3-030-58951-6_27"},{"key":"10846_CR137","unstructured":"Weng H, Zhang J, Xue F, et\u00a0al (2020) Privacy leakage of real-world vertical federated learning. arXiv preprint arXiv:2011.09290"},{"issue":"1\u2014-2","key":"10846_CR138","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1561\/0400000060","volume":"10","author":"DP Woodruff","year":"2014","unstructured":"Woodruff DP et al (2014) Sketching as a tool for numerical linear algebra. Foundations Trends Theor Comput Sci 10(1\u2014-2):1\u2013157","journal-title":"Foundations Trends Theor Comput Sci"},{"key":"10846_CR139","doi-asserted-by":"publisher","first-page":"2668","DOI":"10.1007\/s10773-021-04867-0","volume":"60","author":"S Wu","year":"2021","unstructured":"Wu S, Yu M, Ahmed MAM et al (2021) FL-MAC-RDP: Federated learning over multiple access channels with Renyi differential privacy. Int J Theor Phys 60:2668\u20132682","journal-title":"Int J Theor Phys"},{"key":"10846_CR140","doi-asserted-by":"publisher","first-page":"10708","DOI":"10.1109\/ACCESS.2023.3238823","volume":"11","author":"G Xia","year":"2023","unstructured":"Xia G, Chen J, Yu C et al (2023) Poisoning attacks in federated learning: a survey. IEEE Access 11:10708\u201310722","journal-title":"IEEE Access"},{"key":"10846_CR141","doi-asserted-by":"publisher","first-page":"911","DOI":"10.1109\/TIFS.2019.2929409","volume":"15","author":"G Xu","year":"2019","unstructured":"Xu G, Li H, Liu S et al (2019) Verifynet: secure and verifiable federated learning. IEEE Trans Inf For Secur 15:911\u2013926","journal-title":"IEEE Trans Inf For Secur"},{"key":"10846_CR142","doi-asserted-by":"crossref","unstructured":"Xu M, Li X (2020) Subject property inference attack in collaborative learning. In: 2020 12th international conference on intelligent human-machine systems and cybernetics (IHMSC), IEEE, pp 227\u2013231","DOI":"10.1109\/IHMSC49165.2020.00057"},{"key":"10846_CR143","doi-asserted-by":"crossref","unstructured":"Xu X, Wu J, Yang M, et\u00a0al (2020) Information leakage by model weights on federated learning. In: Proceedings of the 2020 workshop on privacy-preserving machine learning in practice, pp 31\u201336","DOI":"10.1145\/3411501.3419423"},{"issue":"2","key":"10846_CR144","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang Q, Liu Y, Chen T et al (2019) Federated machine learning: concept and applications. ACM Trans Intell Syst Technol (TIST) 10(2):1\u201319","journal-title":"ACM Trans Intell Syst Technol (TIST)"},{"key":"10846_CR145","first-page":"732","volume":"2022","author":"X Yang","year":"2022","unstructured":"Yang X, Feng Y, Fang W et al (2022) An accuracy-lossless perturbation method for defending privacy attacks in federated learning. Proc ACM Web Conf 2022:732\u2013742","journal-title":"Proc ACM Web Conf"},{"key":"10846_CR146","unstructured":"Yin D, Chen Y, Kannan R, et\u00a0al (2018) Byzantine-robust distributed learning: Towards optimal statistical rates. In: International conference on machine learning, PMLR, pp 5650\u20135659"},{"key":"10846_CR147","doi-asserted-by":"crossref","unstructured":"Yoshida N, Nishio T, Morikura M, et\u00a0al (2020) Hybrid-fl for wireless networks: Cooperative learning mechanism using non-iid data. In: ICC 2020-2020 IEEE international conference on communications (ICC), IEEE, pp 1\u20137","DOI":"10.1109\/ICC40277.2020.9149323"},{"issue":"4","key":"10846_CR148","doi-asserted-by":"publisher","first-page":"2555","DOI":"10.1109\/JIOT.2021.3089713","volume":"9","author":"X Yuan","year":"2021","unstructured":"Yuan X, Ma X, Zhang L et al (2021) Beyond class-level privacy leakage: Breaking record-level privacy in federated learning. IEEE Intern Things J 9(4):2555\u20132565","journal-title":"IEEE Intern Things J"},{"key":"10846_CR149","doi-asserted-by":"crossref","unstructured":"Zhai K, Ren Q, Wang J, et\u00a0al (2021) Byzantine-robust federated learning via credibility assessment on non-iid data. arXiv preprint arXiv:2109.02396","DOI":"10.3934\/mbe.2022078"},{"key":"10846_CR150","doi-asserted-by":"crossref","unstructured":"Zhang J, Chen J, Wu D, et\u00a0al (2019) Poisoning attack in federated learning using generative adversarial nets. In: 2019 18th IEEE international conference on trust, security and privacy in computing and communications\/13th IEEE international conference on big data science and engineering (TrustCom\/BigDataSE), IEEE, pp 374\u2013380","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00057"},{"issue":"5","key":"10846_CR151","doi-asserted-by":"publisher","first-page":"3310","DOI":"10.1109\/JIOT.2020.3023126","volume":"8","author":"J Zhang","year":"2020","unstructured":"Zhang J, Chen B, Cheng X et al (2020) Poisongan: generative poisoning attacks against federated learning in edge computing systems. IEEE Intern Things J 8(5):3310\u20133322","journal-title":"IEEE Intern Things J"},{"key":"10846_CR152","doi-asserted-by":"crossref","unstructured":"Zhang J, Zhang J, Chen J, et\u00a0al (2020b) Gan enhanced membership inference: a passive local attack in federated learning. In: ICC 2020\u20132020 IEEE international conference on communications (ICC), IEEE, pp 1\u20136","DOI":"10.1109\/ICC40277.2020.9148790"},{"key":"10846_CR153","unstructured":"Zhang M, Wang S (2021) Matrix sketching for secure collaborative machine learning. In: International conference on machine learning, PMLR, pp 12,589\u201312,599"},{"key":"10846_CR154","unstructured":"Zhang W, Tople S, Ohrimenko O (2021) Leakage of dataset properties in {Multi-Party}\u00a0machine learning. In: 30th USENIX security symposium (USENIX Security 21), pp 2687\u20132704"},{"key":"10846_CR155","doi-asserted-by":"publisher","first-page":"5586","DOI":"10.1109\/TKDE.2021.3070203","volume":"34","author":"Y Zhang","year":"2021","unstructured":"Zhang Y, Yang Q (2021) A survey on multi-task learning. IEEE Trans Knowl Data Eng 34:5586\u2013609","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"10846_CR156","doi-asserted-by":"crossref","unstructured":"Zhang Z, Cao X, Jia J, et\u00a0al (2022) Fldetector: Defending federated learning against model poisoning attacks via detecting malicious clients. In: Proceedings of the 28th ACM SIGKDD conference on knowledge discovery and data mining, pp 2545\u20132555","DOI":"10.1145\/3534678.3539231"},{"key":"10846_CR157","doi-asserted-by":"crossref","unstructured":"Zhao Y, Chen J, Zhang J, et\u00a0al (2021) User-level membership inference for federated learning in wireless network environment. Wireless communications and mobile computing 2021","DOI":"10.1155\/2021\/5534270"},{"key":"10846_CR158","doi-asserted-by":"crossref","unstructured":"Zhu JY, Park T, Isola P, et\u00a0al (2017a) Unpaired image-to-image translation using cycle-consistent adversarial networks. In: Proceedings of the IEEE international conference on computer vision, pp 2223\u20132232","DOI":"10.1109\/ICCV.2017.244"},{"key":"10846_CR159","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/978-3-319-62004-6_2","volume-title":"Differential privacy and applications","author":"T Zhu","year":"2017","unstructured":"Zhu T, Li G, Zhou W et al (2017) Preliminary of differential privacy. Differential privacy and applications. Springer, Cham, pp 7\u201316"},{"key":"10846_CR160","unstructured":"Zhuo HH, Feng W, Xu Q, et\u00a0al (2019) Federated reinforcement learning"},{"key":"10846_CR161","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-030-70604-3_5","volume-title":"PySyft: a library for easy federated learning","author":"A Ziller","year":"2021","unstructured":"Ziller A, Trask A, Lopardo A et al (2021) PySyft: a library for easy federated learning. Springer International Publishing, Cham, pp 111\u2013139. https:\/\/doi.org\/10.1007\/978-3-030-70604-3_5"}],"container-title":["Artificial Intelligence Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-024-10846-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10462-024-10846-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10462-024-10846-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,17]],"date-time":"2024-08-17T05:12:59Z","timestamp":1723871579000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10462-024-10846-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,11]]},"references-count":161,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2024,8]]}},"alternative-id":["10846"],"URL":"https:\/\/doi.org\/10.1007\/s10462-024-10846-8","relation":{},"ISSN":["1573-7462"],"issn-type":[{"value":"1573-7462","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,11]]},"assertion":[{"value":"24 June 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 July 2024","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors report that there are no potential Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"204"}}