{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T16:47:04Z","timestamp":1776358024737,"version":"3.51.2"},"reference-count":59,"publisher":"Springer Science and Business Media LLC","issue":"11-12","license":[{"start":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T00:00:00Z","timestamp":1752624000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T00:00:00Z","timestamp":1752624000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1007\/s12243-025-01107-y","type":"journal-article","created":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T04:38:30Z","timestamp":1752640710000},"page":"975-996","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Security and privacy-preserving for machine learning models: attacks, countermeasures, and future directions"],"prefix":"10.1007","volume":"80","author":[{"given":"Fatema","family":"EL-Husseini","sequence":"first","affiliation":[]},{"given":"Hassan N.","family":"Noura","sequence":"additional","affiliation":[]},{"given":"Flavien","family":"Vernier","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,16]]},"reference":[{"key":"1107_CR1","first-page":"2","volume":"5","author":"NL Rane","year":"2024","unstructured":"Rane NL, Paramesha M, Rane J, Kaya O (2024) Emerging trends and future research opportunities in artificial intelligence, machine learning, and deep learning. Artif Intell Ind Soc 5:2\u201396","journal-title":"Artif Intell Ind Soc"},{"key":"1107_CR2","doi-asserted-by":"crossref","unstructured":"Revathi S, Ansari A, Susmi SJ, Madhavi M, Gunavathie MA, Sudhakar M (2024) Integrating machine learning-IoT technologies integration for building sustainable digital ecosystems. In: Multidisciplinary applications of extended reality for human experience. IGI Global, pp 259\u2013291","DOI":"10.4018\/979-8-3693-2432-5.ch012"},{"issue":"1","key":"1107_CR3","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1146\/annurev-control-060117-105157","volume":"1","author":"W Schwarting","year":"2018","unstructured":"Schwarting W, Alonso-Mora J, Daniela R (2018) Planning and decision-making for autonomous vehicles. Ann Rev Control Robot Auton Syst 1(1):187\u2013210","journal-title":"Ann Rev Control Robot Auton Syst"},{"key":"1107_CR4","unstructured":"Chikri H, Kassou M (2024) Financial revolution: innovation powered by Fintech and artificial intelligence. J Theor Appl Inf Technol 102(9)"},{"key":"1107_CR5","doi-asserted-by":"publisher","first-page":"104089","DOI":"10.1016\/j.scs.2022.104089","volume":"85","author":"A Heidari","year":"2022","unstructured":"Heidari A, Navimipour NJ, Unal M (2022) Applications of ML\/DL in the management of smart cities and societies based on new trends in information technologies: a systematic literature review. Sustain Cities Soc 85:104089","journal-title":"Sustain Cities Soc"},{"key":"1107_CR6","doi-asserted-by":"publisher","first-page":"118101","DOI":"10.1016\/j.eswa.2022.118101","volume":"208","author":"FA Yerlikaya","year":"2022","unstructured":"Yerlikaya FA, Bahtiyar \u015e (2022) Data poisoning attacks against machine learning algorithms. Expert Syst Appl 208:118101","journal-title":"Expert Syst Appl"},{"issue":"1","key":"1107_CR7","doi-asserted-by":"publisher","first-page":"97","DOI":"10.3390\/electronics9010097","volume":"9","author":"R Sagar","year":"2020","unstructured":"Sagar R, Jhaveri R, Borrego C (2020) Applications in security and evasions in machine learning: a survey. Electronics 9(1):97","journal-title":"Electronics"},{"issue":"2","key":"1107_CR8","doi-asserted-by":"publisher","first-page":"23001","DOI":"10.1209\/0295-5075\/acc88c","volume":"142","author":"M Buzzicotti","year":"2023","unstructured":"Buzzicotti M (2023) Data reconstruction for complex flows using AI: recent progress, obstacles, and perspectives. Europhys Lett 142(2):23001","journal-title":"Europhys Lett"},{"key":"1107_CR9","doi-asserted-by":"crossref","unstructured":"Li Q, Wang X, Wang F, Wang C (2022) A label flipping attack on machine learning model and its defense mechanism. In: International conference on algorithms and architectures for parallel processing. Springer, pp 490\u2013506","DOI":"10.1007\/978-3-031-22677-9_26"},{"key":"1107_CR10","doi-asserted-by":"crossref","unstructured":"Khalyasmaa A, Matrenin P (2021) Initial data corruption impact on machine learning models\u2019 performance in energy consumption forecast. In: 2021 Ural-Siberian Smart Energy Conference (USSEC). IEEE, pp 1\u20135","DOI":"10.1109\/USSEC53120.2021.9655724"},{"key":"1107_CR11","doi-asserted-by":"crossref","unstructured":"Sandeep V, Sahoo J, Bhambu P (2024) Defending machine learning in agriculture against data breaches and misuse. In: 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT). IEEE, pp 1\u20136","DOI":"10.1109\/ICCCNT61001.2024.10726152"},{"key":"1107_CR12","unstructured":"Lin J, Dang L, Rahouti M, Xiong K (2021) Ml attack models: adversarial attacks and data poisoning attacks. arXiv:2112.02797"},{"key":"1107_CR13","doi-asserted-by":"crossref","unstructured":"Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. pp 1322\u20131333","DOI":"10.1145\/2810103.2813677"},{"key":"1107_CR14","unstructured":"Gao Y, Doan BG, Zhang Z, Ma S, Zhang J, Fu A, Nepal S, Kim H (2020) Backdoor attacks and countermeasures on deep learning: a comprehensive review. arXiv:2007.10760"},{"key":"1107_CR15","doi-asserted-by":"publisher","first-page":"103295","DOI":"10.1016\/j.micpro.2020.103295","volume":"79","author":"KG Liakos","year":"2020","unstructured":"Liakos KG, Georgakilas GK, Moustakidis S, Sklavos N, Plessas FC (2020) Conventional and machine learning approaches as countermeasures against hardware Trojan attacks. Microprocess Microsyst 79:103295","journal-title":"Microprocess Microsyst"},{"issue":"2","key":"1107_CR16","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/s10207-022-00644-0","volume":"22","author":"M Kuzlu","year":"2023","unstructured":"Kuzlu M, Catak FO, Cali U, Catak E, Guler O (2023) Adversarial security mitigations of mmWave beamforming prediction models using defensive distillation and adversarial retraining. Int J Inf Secur 22(2):319\u2013332","journal-title":"Int J Inf Secur"},{"key":"1107_CR17","unstructured":"Bujor A, Bozadji A, Gurschi G (2024) Replay attacks and countermeasures against them"},{"key":"1107_CR18","doi-asserted-by":"crossref","unstructured":"Mayouche A (2021) Machine learning for MIMO detection and eavesdropping with symbol-level precoding countermeasures","DOI":"10.1109\/OJVT.2021.3092602"},{"issue":"6","key":"1107_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3457904","volume":"54","author":"E Papadogiannaki","year":"2021","unstructured":"Papadogiannaki E, Ioannidis S (2021) A survey on encrypted network traffic analysis applications, techniques, and countermeasures. ACM Comput Surv (CSUR) 54(6):1\u201335","journal-title":"ACM Comput Surv (CSUR)"},{"issue":"2","key":"1107_CR20","doi-asserted-by":"publisher","first-page":"1361","DOI":"10.1109\/COMST.2017.2781126","volume":"20","author":"P Nespoli","year":"2017","unstructured":"Nespoli P, Papamartzivanos D, M\u00e1rmol FG, Kambourakis G (2017) Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks. IEEE Commun Surv Tutorials 20(2):1361\u20131396","journal-title":"IEEE Commun Surv Tutorials"},{"key":"1107_CR21","doi-asserted-by":"publisher","first-page":"74720","DOI":"10.1109\/ACCESS.2020.2987435","volume":"8","author":"M Xue","year":"2020","unstructured":"Xue M, Yuan C, Heyi W, Zhang Y, Liu W (2020) Machine learning security: threats, countermeasures, and evaluations. IEEE Access 8:74720\u201374742","journal-title":"IEEE Access"},{"key":"1107_CR22","doi-asserted-by":"crossref","unstructured":"Liao C, Zhong H, Zhu H, Squicciarini A (2018) Server-based manipulation attacks against machine learning models. In: Proceedings of the eighth ACM conference on data and application security and privacy. pp 24\u201334","DOI":"10.1145\/3176258.3176321"},{"key":"1107_CR23","doi-asserted-by":"crossref","unstructured":"Sharma A, Himanshi B (2024) Preventing spoofing threats in IoT: machine learning approaches for intrusion detection. In: 2024 IEEE 3rd world conference on applied intelligence and computing (AIC). IEEE, pp 1267\u20131271","DOI":"10.1109\/AIC61668.2024.10730888"},{"key":"1107_CR24","doi-asserted-by":"crossref","unstructured":"Li Z, Koniusz P, Zhang L Pagendam DE, Moghadam P (2023) Exploiting field dependencies for learning on categorical data. IEEE Transactions on Pattern Analysis and Machine Intelligence","DOI":"10.1109\/TPAMI.2023.3298028"},{"issue":"2","key":"1107_CR25","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/s13389-019-00212-8","volume":"10","author":"B Hettwer","year":"2020","unstructured":"Hettwer B, Gehrer S, G\u00fcneysu T (2020) Applications of machine learning techniques in side-channel attacks: a survey. J Cryptographic Eng 10(2):135\u2013162","journal-title":"J Cryptographic Eng"},{"key":"1107_CR26","doi-asserted-by":"crossref","unstructured":"Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st annual ACM symposium on theory of computing. ACM, pp 169\u2013178","DOI":"10.1145\/1536414.1536440"},{"issue":"4","key":"1107_CR27","first-page":"239","volume":"33","author":"S Halevi","year":"2020","unstructured":"Halevi S, Shoup V (2020) Bootstrapping for HElib. J Cryptol 33(4):239\u2013275","journal-title":"J Cryptol"},{"key":"1107_CR28","doi-asserted-by":"crossref","unstructured":"Yao AC (1982) Protocols for secure computations. In: 23rd annual symposium on foundations of computer science (SFCS 1982). IEEE, pp 160\u2013164","DOI":"10.1109\/SFCS.1982.38"},{"key":"1107_CR29","doi-asserted-by":"crossref","unstructured":"Ben-David A, Nisan N, Pinkas B (2008) FairplayMP: a system for secure multi-party computation. In: Proceedings of the 15th ACM conference on computer and communications security. pp 257\u2013266","DOI":"10.1145\/1455770.1455804"},{"key":"1107_CR30","doi-asserted-by":"crossref","unstructured":"Bonawitz K, Ivanov V, Kreuter B, Marcedone A, McMahan B, Patel S, Ramage D, Segal A, Seth K (2017) Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, pp 1175\u20131191","DOI":"10.1145\/3133956.3133982"},{"key":"1107_CR31","doi-asserted-by":"crossref","unstructured":"Ben-Sasson E, Chiesa A, Genkin D, Tromer E, Virza M (2013) SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Advances in cryptology\u2013CRYPTO 2013. Springer, pp90\u2013108","DOI":"10.1007\/978-3-642-40084-1_6"},{"key":"1107_CR32","doi-asserted-by":"crossref","unstructured":"De Cristofaro E, Tsudik G (2012) Practical private set intersection protocols with linear computational and bandwidth complexity. In: Proceedings of the 14th international conference on financial cryptography and data security. Springer, pp 143\u2013159","DOI":"10.1007\/978-3-642-14577-3_13"},{"key":"1107_CR33","doi-asserted-by":"crossref","unstructured":"Papernot N, McDaniel P, Wu X, Jha S, Swami A (2016) Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, pp 582\u2013597","DOI":"10.1109\/SP.2016.41"},{"key":"1107_CR34","doi-asserted-by":"crossref","unstructured":"Dwork C (2008) Differential privacy: a survey of results. In: Proceedings of the 5th international conference on theory and applications of models of computation. Springer, pp 1\u201319","DOI":"10.1007\/978-3-540-79228-4_1"},{"key":"1107_CR35","unstructured":"McMahan B, Moore E, Ramage D, Hampson S (2017) Communication-efficient learning of deep networks from decentralized data. In: Proceedings of the 20th international conference on artificial intelligence and statistics. PMLR, pp 1273\u20131282"},{"key":"1107_CR36","doi-asserted-by":"crossref","unstructured":"Xu W, Evans D, Qi Y (2017) Feature squeezing: detecting adversarial examples in deep neural networks. In: Proceedings 2017 network and distributed system security symposium","DOI":"10.14722\/ndss.2018.23198"},{"key":"1107_CR37","doi-asserted-by":"crossref","unstructured":"Lecuyer M, Atlidakis V, Geambasu R, Hsu D, Jana S (2019) Certified robustness to adversarial examples with differential privacy. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE, pp 656\u2013672","DOI":"10.1109\/SP.2019.00044"},{"key":"1107_CR38","doi-asserted-by":"crossref","unstructured":"Abadi M, Chu A, Goodfellow I, McMahan HB, Mironov I, Talwar K, Zhang L (2016) Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. pp 308\u2013318","DOI":"10.1145\/2976749.2978318"},{"key":"1107_CR39","doi-asserted-by":"crossref","unstructured":"Papernot N, McDaniel P, Wu X, Jha S, Swami A (2016) Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, pp 582\u2013597","DOI":"10.1109\/SP.2016.41"},{"key":"1107_CR40","unstructured":"McMahan B, Moore E, Ramage D, Hampson S, y Arcas BA (2017) Communication-efficient learning of deep networks from decentralized data. In: Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS). pp 1273\u20131282"},{"key":"1107_CR41","unstructured":"Kairouz P, McMahan HB, Avent B, Bellet A, Bennis M, Bhagoji AN et al (2019) Advances and open problems in federated learning. arXiv:1912.04977"},{"issue":"4","key":"1107_CR42","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1749603.1749605","volume":"42","author":"BC Fung","year":"2010","unstructured":"Fung BC, Wang K, Chen R, Yu PS (2010) Privacy-preserving data publishing: a survey of recent developments. ACM Comput Surv (CSUR) 42(4):1\u201353","journal-title":"ACM Comput Surv (CSUR)"},{"key":"1107_CR43","doi-asserted-by":"crossref","unstructured":"Dwork C, Roth A (2014) The algorithmic foundations of differential privacy. Found Trends\u00ae Theor Comput Sci 9(3-4):211\u2013407","DOI":"10.1561\/0400000042"},{"key":"1107_CR44","doi-asserted-by":"crossref","unstructured":"Bonawitz K, Ivanov V, Kreuter B, Marcedone A, McMahan HB, Patel S et al (2017) Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (CCS). pp 1175\u20131191","DOI":"10.1145\/3133956.3133982"},{"key":"1107_CR45","doi-asserted-by":"crossref","unstructured":"Bell J, Bonawitz K, Gascon A, Lepoint T, Raykova M (2020) Secure single-server aggregation with (poly)logarithmic overhead. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS). pp 1253\u20131269","DOI":"10.1145\/3372297.3417885"},{"key":"1107_CR46","unstructured":"Dworkin MJ, Barker E, Nechvatal JR, Foti J, Bassham LE, Roback E, Dray Jr JF et al (2001) Advanced encryption standard (AES)"},{"key":"1107_CR47","doi-asserted-by":"crossref","unstructured":"Khalid F, Hanif MA, Rehman S, Shafique M (2018) Security for machine learning-based systems: attacks and challenges during training and inference. In: 2018 international conference on frontiers of information technology (FIT). IEEE, pp327\u2013332","DOI":"10.1109\/FIT.2018.00064"},{"key":"1107_CR48","unstructured":"Ji Z, Lipton ZC, Elkan C (2014) Differential privacy and machine learning: a survey and review. arXiv:1412.7584"},{"key":"1107_CR49","doi-asserted-by":"publisher","first-page":"693","DOI":"10.1016\/j.knosys.2018.09.031","volume":"163","author":"LP Garcia","year":"2019","unstructured":"Garcia LP, Lehmann J, de Carvalho A, Lorena AC (2019) New label noise injection methods for the evaluation of noise filters. Knowl-Based Syst 163:693\u2013704","journal-title":"Knowl-Based Syst"},{"key":"1107_CR50","unstructured":"Mammen PM (2021) Federated learning: opportunities and challenges. arXiv:2101.05428"},{"key":"1107_CR51","doi-asserted-by":"crossref","unstructured":"Nassif AB, Talib MA, Nasir Q, Dakalbab FM (2021) Machine learning for anomaly detection: a systematic review. IEEE Access 9:78658\u201378700","DOI":"10.1109\/ACCESS.2021.3083060"},{"issue":"1","key":"1107_CR52","first-page":"1","volume":"1","author":"P Thunki","year":"2021","unstructured":"Thunki P, Reddy SRB, Raparthi M, Maruthi S, Dodda SB, Ravichandran P (2021) Explainable ai in data science-enhancing model interpretability and transparency. Afr J Artif Intell Sustain Dev 1(1):1\u20138","journal-title":"Afr J Artif Intell Sustain Dev"},{"key":"1107_CR53","doi-asserted-by":"publisher","first-page":"1222","DOI":"10.1109\/JIOT.2024.3472029","volume":"12","author":"S Ullah","year":"2025","unstructured":"Ullah S, Li J, Chen J, Ali I, Khan S, Hussain MT, Ullah F, Leung VC (2025) Homomorphic encryption applications for IoT and light-weighted environments: a review. IEEE Internet of Things J 12:1222\u20131246","journal-title":"IEEE Internet of Things J"},{"key":"1107_CR54","doi-asserted-by":"crossref","unstructured":"Tiwari SS, Dhasmana G, Al-Jawahry HM, Rana A, Bhardwaj G, Srivastava AP (2024) Federated learning strategies for privacy-preserving machine learning models in cloud computing environments. In: 2024 International Conference on Communication, Computer Sciences and Engineering (IC3SE). pp 1457\u2013146","DOI":"10.1109\/IC3SE62002.2024.10593458"},{"key":"1107_CR55","unstructured":"Hynes N, Cheng R, Song D (2018) Efficient deep learning on multi-source private data"},{"key":"1107_CR56","doi-asserted-by":"crossref","unstructured":"Jiang L, Tan R, Lou X, Lin G (2021) On lightweight privacy-preserving collaborative learning for Internet of Things by independent random projections. ACM Tran Internet Things 2(2)","DOI":"10.1145\/3441303"},{"key":"1107_CR57","doi-asserted-by":"crossref","unstructured":"Anees A, Hussain I, Khokhar UM, Ahmed F, Shaukat S (2022) Machine learning and applied cryptography. Security & Communication Networks","DOI":"10.1155\/2022\/9797604"},{"key":"1107_CR58","unstructured":"Pang T, Du C, Dong Y, Zhu J (2018) Towards robust detection of adversarial examples. Advances in neural information processing systems, 31"},{"key":"1107_CR59","unstructured":"Prince NU, Al Mamun MA, Olajide AO, Khan OU, Akeem AB, Sani AI (2024) IEEE standards and deep learning techniques for securing internet of things (IoT) devices against cyber attacks. J Comput Anal Appl 33(7)"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-025-01107-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-025-01107-y","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-025-01107-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T02:43:47Z","timestamp":1768445027000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-025-01107-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,16]]},"references-count":59,"journal-issue":{"issue":"11-12","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["1107"],"URL":"https:\/\/doi.org\/10.1007\/s12243-025-01107-y","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,16]]},"assertion":[{"value":"7 January 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 July 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}