{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T11:28:49Z","timestamp":1762514929158,"version":"build-2065373602"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T00:00:00Z","timestamp":1753228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T00:00:00Z","timestamp":1753228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100006407","name":"Natural Science Foundation of Henan Province","doi-asserted-by":"publisher","award":["No. 242300420700"],"award-info":[{"award-number":["No. 242300420700"]}],"id":[{"id":"10.13039\/501100006407","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Foundation of Advanced Computing and Intelligent Engineering Laboratory","award":["No. 2023-LYJJ-01-023"],"award-info":[{"award-number":["No. 2023-LYJJ-01-023"]}]},{"DOI":"10.13039\/501100012325","name":"National Social Science Fund","doi-asserted-by":"crossref","award":["2022-SKJJ-B-057"],"award-info":[{"award-number":["2022-SKJJ-B-057"]}],"id":[{"id":"10.13039\/501100012325","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Research  on Training  Issues  on Confidential Assurance under  Actual Combat  Conditions","award":["2023-SKJJ-B-074"],"award-info":[{"award-number":["2023-SKJJ-B-074"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Mach. Learn. &amp; Cyber."],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1007\/s13042-025-02750-6","type":"journal-article","created":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T09:16:00Z","timestamp":1753262160000},"page":"9221-9237","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A distributed bijection-backdoor-based adversarial examples defense method in federated learning"],"prefix":"10.1007","volume":"16","author":[{"given":"Yongfei","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuanbo","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chen","family":"Fang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yifeng","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qingli","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yongjin","family":"Hu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,7,23]]},"reference":[{"unstructured":"McMahan B, Moore E, Ramage D, Hampson S, Arcas BA (2017)Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273\u20131282","key":"2750_CR1"},{"key":"2750_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.comcom.2022.01.002","volume":"186","author":"C Fang","year":"2022","unstructured":"Fang C, Guo Y, Ma J, Xie H, Wang Y (2022) A privacy-preserving and verifiable federated learning method based on blockchain. Comput Commun 186:1\u201311. https:\/\/doi.org\/10.1016\/j.comcom.2022.01.002","journal-title":"Comput Commun"},{"key":"2750_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2023.111088","volume":"150","author":"H Zhu","year":"2024","unstructured":"Zhu H, Ren Y, Liu C, Sui X, Zhang L (2024) Frequency-based methods for improving the imperceptibility and transferability of adversarial examples. Appl Soft Comput 150:111088","journal-title":"Appl Soft Comput"},{"doi-asserted-by":"crossref","unstructured":"Zhang Q, Hu S, Sun J, Chen QA, Mao ZM (2022) On adversarial robustness of trajectory prediction for autonomous vehicles. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15159\u201315168","key":"2750_CR4","DOI":"10.1109\/CVPR52688.2022.01473"},{"key":"2750_CR5","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1016\/j.ins.2022.11.007","volume":"619","author":"S Lu","year":"2023","unstructured":"Lu S, Wang M, Wang D, Wei X, Xiao S, Wang Z, Han N, Wang L (2023) Black-box attacks against log anomaly detection with adversarial examples. Inf Sci 619:249\u2013262","journal-title":"Inf Sci"},{"issue":"1","key":"2750_CR6","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1109\/TAI.2023.3253083","volume":"5","author":"H Zhou","year":"2023","unstructured":"Zhou H, Wang Y, Tan Y-A, Wu S, Zhao Y, Zhang Q, Li Y (2023) Crafting transferable adversarial examples against face recognition via gradient eroding. IEEE Trans Artif Intell 5(1):412\u2013419","journal-title":"IEEE Trans Artif Intell"},{"unstructured":"Zizzo G, Rawat A, Sinn M, Buesser B (2020) Fat: Federated adversarial training. In: Annual Conference on Neural Information Processing Systems","key":"2750_CR7"},{"doi-asserted-by":"crossref","unstructured":"Zhu H, Zhang S, Chen K (2023) Ai-guardian: Defeating adversarial attacks using backdoors. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 701\u2013718. IEEE","key":"2750_CR8","DOI":"10.1109\/SP46215.2023.10179473"},{"key":"2750_CR9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102199","volume":"103","author":"C Fang","year":"2021","unstructured":"Fang C, Guo Y, Hu Y, Ma B, Feng L, Yin A (2021) Privacy-preserving and communication-efficient federated learning in internet of things. Comput Secur 103:102199","journal-title":"Comput Secur"},{"key":"2750_CR10","first-page":"429","volume":"2","author":"T Li","year":"2020","unstructured":"Li T, Sahu AK, Zaheer M, Sanjabi M, Talwalkar A, Smith V (2020) Federated optimization in heterogeneous networks. Proc Mach Learn Syst 2:429\u2013450","journal-title":"Proc Mach Learn Syst"},{"unstructured":"Reddi SJ, Charles Z, Zaheer M, Garrett Z, Rush K, Kone\u010dn\u1ef3 J, Kumar S, McMahan HB (2020) Adaptive federated optimization. In: International Conference on Learning Representations","key":"2750_CR11"},{"unstructured":"Karimireddy SP, Kale S, Mohri M, Reddi S, Stich S, Suresh AT (2020) Scaffold: Stochastic controlled averaging for federated learning. In: International Conference on Machine Learning, pp. 5132\u20135143. PMLR","key":"2750_CR12"},{"unstructured":"Sun Y, Shen L, Huang T, Ding L, Tao D (2022) Fedspeed: Larger local interval, less communication round, and higher generalization accuracy. In: The Eleventh International Conference on Learning Representations","key":"2750_CR13"},{"doi-asserted-by":"crossref","unstructured":"Hu W, Tan Y (2022) Generating adversarial malware examples for black-box attacks based on gan. In: International Conference on Data Mining and Big Data, pp. 409\u2013423. Springer","key":"2750_CR14","DOI":"10.1007\/978-981-19-8991-9_29"},{"issue":"13","key":"2750_CR15","doi-asserted-by":"publisher","first-page":"10327","DOI":"10.1109\/JIOT.2020.3048038","volume":"8","author":"H Qiu","year":"2020","unstructured":"Qiu H, Dong T, Zhang T, Lu J, Memmi G, Qiu M (2020) Adversarial attacks against network intrusion detection in iot systems. IEEE Internet Things J 8(13):10327\u201310335","journal-title":"IEEE Internet Things J"},{"key":"2750_CR16","doi-asserted-by":"publisher","first-page":"1948","DOI":"10.1109\/TIFS.2023.3345639","volume":"19","author":"M Chen","year":"2023","unstructured":"Chen M, Lu L, Yu J, Ba Z, Lin F, Ren K (2023) Advreverb: Rethinking the stealthiness of audio adversarial examples to human perception. IEEE Trans Inf Forensics Secur 19:1948\u20131962","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2750_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103270","volume":"130","author":"P Gupta","year":"2023","unstructured":"Gupta P, Yadav K, Gupta BB, Alazab M, Gadekallu TR (2023) A novel data poisoning attack in federated learning based on inverted loss function. Comput Secur 130:103270. https:\/\/doi.org\/10.1016\/j.cose.2023.103270","journal-title":"Comput Secur"},{"doi-asserted-by":"publisher","unstructured":"Sun S, Sugrim S, Stavrou A, Wang H (2024) Partner in crime: Boosting targeted poisoning attacks against federated learning. CoRR abs\/2407.09958 https:\/\/doi.org\/10.48550\/ARXIV.2407.09958arxiv:2407.09958","key":"2750_CR18","DOI":"10.48550\/ARXIV.2407.09958"},{"unstructured":"Zhuang H, Yu M, Wang H, Hua Y, Li J, Yuan X (2024) Backdoor federated learning by poisoning backdoor-critical layers. In: The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=AJBGSVSTT2","key":"2750_CR19"},{"key":"2750_CR20","doi-asserted-by":"publisher","first-page":"478","DOI":"10.1109\/TIFS.2024.3516555","volume":"20","author":"KN Kumar","year":"2025","unstructured":"Kumar KN, Mohan CK, Cenkeramaddi LR (2025) Federated learning minimal model replacement attack using optimal transport: An attacker perspective. IEEE Trans Inf Forensics Secur 20:478\u2013487. https:\/\/doi.org\/10.1109\/TIFS.2024.3516555","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2750_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103535","volume":"136","author":"X He","year":"2024","unstructured":"He X, Xu Y, Zhang S, Xu W, Yan J (2024) Enhance membership inference attacks in federated learning. Comput Secur 136:103535. https:\/\/doi.org\/10.1016\/j.cose.2023.103535","journal-title":"Comput Secur"},{"doi-asserted-by":"publisher","unstructured":"Liu X, Cai S, Li L, Zhang R, Guo S (2023) MGIA: mutual gradient inversion attack in multi-modal federated learning (student abstract). In: Williams, B., Chen, Y., Neville, J. (eds.) Thirty-Seventh AAAI Conference on Artificial Intelligence, AAAI 2023, Thirty-Fifth Conference on Innovative Applications of Artificial Intelligence, IAAI 2023, Thirteenth Symposium on Educational Advances in Artificial Intelligence, EAAI 2023, Washington, DC, USA, February 7-14, pp. 16270\u201316271. AAAI Press. https:\/\/doi.org\/10.1609\/aaai.v37i13.26995","key":"2750_CR22","DOI":"10.1609\/aaai.v37i13.26995"},{"issue":"20","key":"2750_CR23","doi-asserted-by":"publisher","first-page":"33773","DOI":"10.1109\/JIOT.2024.3431555","volume":"11","author":"R Lu","year":"2024","unstructured":"Lu R, Zhang W, He H, Li Q, Zhong X, Yang H, Wang D, Shi L, Guo Y, Wang Z (2024) Two-stage client selection for federated learning against free-riding attack: A multiarmed bandits and auction-based approach. IEEE Internet Things J 11(20):33773\u201333787. https:\/\/doi.org\/10.1109\/JIOT.2024.3431555","journal-title":"IEEE Internet Things J"},{"issue":"3","key":"2750_CR24","doi-asserted-by":"publisher","first-page":"2608","DOI":"10.1109\/TII.2022.3172310","volume":"19","author":"X Xiao","year":"2023","unstructured":"Xiao X, Tang Z, Li C, Xiao B, Li K (2023) Sca: Sybil-based collusion attacks of iiot data poisoning in federated learning. IEEE Trans Industr Inf 19(3):2608\u20132618. https:\/\/doi.org\/10.1109\/TII.2022.3172310","journal-title":"IEEE Trans Industr Inf"},{"doi-asserted-by":"publisher","unstructured":"Jiang Y, Li Y, Zhou Y, Zheng X (2021) Sybil attacks and defense on differential privacy based federated learning. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 355\u2013362. https:\/\/doi.org\/10.1109\/TrustCom53373.2021.00062","key":"2750_CR25","DOI":"10.1109\/TrustCom53373.2021.00062"},{"unstructured":"Duanyi Y, Li S, Ye X, Liu J (2023) Constructing adversarial examples for vertical federated learning: Optimal client corruption through multi-armed bandit. In: The Twelfth International Conference on Learning Representations","key":"2750_CR26"},{"doi-asserted-by":"crossref","unstructured":"Pang Q, Yuan Y, Wang S, Zheng W (2023) Adi: Adversarial dominating inputs in vertical federated learning systems. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1875\u20131892. IEEE Computer Society","key":"2750_CR27","DOI":"10.1109\/SP46215.2023.10179446"},{"unstructured":"Yao D, Li S, Xue Y, Liu J (2024) Constructing adversarial examples for vertical federated learning: Optimal client corruption through multi-armed bandit. In: The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=m52uU0dVbH","key":"2750_CR28"},{"doi-asserted-by":"crossref","unstructured":"Xu W, Evans D, Qi Y (2018) Feature squeezing: Detecting adversarial examples in deep neural networks. In: Proceedings 2018 Network and Distributed System Security Symposium. Internet Society","key":"2750_CR29","DOI":"10.14722\/ndss.2018.23198"},{"unstructured":"Tram\u00e8r F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P (2018) Ensemble adversarial training: Attacks and defenses. In: International Conference on Learning Representations","key":"2750_CR30"},{"doi-asserted-by":"crossref","unstructured":"Naseer M, Khan S, Hayat M, Khan FS, Porikli F (2020) A self-supervised approach for adversarial robustness. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 262\u2013271","key":"2750_CR31","DOI":"10.1109\/CVPR42600.2020.00034"},{"unstructured":"Dziugaite GK, Ghahramani Z, Roy DM (2016) A study of the effect of jpg compression on adversarial images. arXiv preprint arXiv:1608.00853","key":"2750_CR32"},{"unstructured":"Fung C, Yoon CJM, Beschastnikh I (2020) The limitations of federated learning in sybil settings. In: Egele, M., Bilge, L. (eds.) 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, San Sebastian, Spain, October 14-15, pp. 301\u2013316. USENIX Association. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/fung","key":"2750_CR33"},{"doi-asserted-by":"crossref","unstructured":"Rieger P, Nguyen TD, Miettinen M, Sadeghi A (2022) Deepsight: Mitigating backdoor attacks in federated learning through deep model inspection. In: 29th Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, April 24-28. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/auto-draft-205\/","key":"2750_CR34","DOI":"10.14722\/ndss.2022.23156"},{"doi-asserted-by":"crossref","unstructured":"Zhao C, Wen Y, Li S, Liu F, Meng D (2021) Federatedreverse: A detection and defense method against backdoor attacks in federated learning. In: Borghys, D., Bas, P., Verdoliva, L., Pevn\u00fd, T., Li, B., Newman, J. (eds.) IH &MMSec \u201921: ACM Workshop on Information Hiding and Multimedia Security, Virtual Event, Belgium, June, 22-25, pp. 51\u201362. ACM. https:\/\/doi.org\/10.1145\/3437880.3460403","key":"2750_CR35","DOI":"10.1145\/3437880.3460403"},{"key":"2750_CR36","doi-asserted-by":"publisher","first-page":"1142","DOI":"10.1109\/TSP.2022.3153135","volume":"70","author":"K Pillutla","year":"2022","unstructured":"Pillutla K, Kakade SM, Harchaoui Z (2022) Robust aggregation for federated learning. IEEE Trans Signal Process 70:1142\u20131154. https:\/\/doi.org\/10.1109\/TSP.2022.3153135","journal-title":"IEEE Trans Signal Process"},{"key":"2750_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2022.110178","volume":"260","author":"NM Jebreel","year":"2023","unstructured":"Jebreel NM, Domingo-Ferrer J (2023) Fl-defender: Combating targeted attacks in federated learning. Knowl-Based Syst 260:110178. https:\/\/doi.org\/10.1016\/j.knosys.2022.110178","journal-title":"Knowl-Based Syst"},{"unstructured":"Chen T, Kornblith S, Norouzi M, Hinton G (2020) A simple framework for contrastive learning of visual representations. In: International Conference on Machine Learning, pp. 1597\u20131607. PMLR","key":"2750_CR38"},{"key":"2750_CR39","first-page":"18661","volume":"33","author":"P Khosla","year":"2020","unstructured":"Khosla P, Teterwak P, Wang C, Sarna A, Tian Y, Isola P, Maschinot A, Liu C, Krishnan D (2020) Supervised contrastive learning. Adv Neural Inf Process Syst 33:18661\u201318673","journal-title":"Adv Neural Inf Process Syst"},{"issue":"6","key":"2750_CR40","doi-asserted-by":"publisher","first-page":"2938","DOI":"10.1109\/TCSS.2022.3230987","volume":"10","author":"X Zeng","year":"2023","unstructured":"Zeng X, Zhou T, Bao Z, Zhao H, Chen L, Wang X, Wang F (2023) Feature-contrastive graph federated learning: Responsible AI in graph information analysis. IEEE Trans Comput Soc Syst 10(6):2938\u20132948. https:\/\/doi.org\/10.1109\/TCSS.2022.3230987","journal-title":"IEEE Trans Comput Soc Syst"},{"issue":"6","key":"2750_CR41","doi-asserted-by":"publisher","first-page":"8064","DOI":"10.1109\/TCSS.2024.3405556","volume":"11","author":"H Zhao","year":"2024","unstructured":"Zhao H, Liu Q, Sun H, Xu L, Zhang W, Zhao Y, Wang F (2024) Community awareness personalized federated learning for defect detection. IEEE Trans Comput Soc Syst 11(6):8064\u20138077. https:\/\/doi.org\/10.1109\/TCSS.2024.3405556","journal-title":"IEEE Trans Comput Soc Syst"},{"issue":"11","key":"2750_CR42","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278\u20132324","journal-title":"Proc IEEE"},{"unstructured":"Krizhevsky A, Hinton G et al (2009) Learning multiple layers of features from tiny images","key":"2750_CR43"},{"unstructured":"Hsu TH, Qi H, Brown M (2019) Measuring the effects of non-identical data distribution for federated visual classification. CoRR abs\/1909.06335 arxiv:1909.06335","key":"2750_CR44"},{"unstructured":"Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","key":"2750_CR45"},{"unstructured":"Kurakin A, Goodfellow IJ, Bengio S (2016) Adversarial machine learning at scale. In: International Conference on Learning Representations","key":"2750_CR46"},{"unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks. In: International Conference on Learning Representations","key":"2750_CR47"},{"doi-asserted-by":"crossref","unstructured":"Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 Ieee Symposium on Security and Privacy (sp), pp. 39\u201357. Ieee","key":"2750_CR48","DOI":"10.1109\/SP.2017.49"}],"container-title":["International Journal of Machine Learning and Cybernetics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-025-02750-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13042-025-02750-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-025-02750-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T11:24:01Z","timestamp":1762514641000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13042-025-02750-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,23]]},"references-count":48,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["2750"],"URL":"https:\/\/doi.org\/10.1007\/s13042-025-02750-6","relation":{},"ISSN":["1868-8071","1868-808X"],"issn-type":[{"type":"print","value":"1868-8071"},{"type":"electronic","value":"1868-808X"}],"subject":[],"published":{"date-parts":[[2025,7,23]]},"assertion":[{"value":"20 October 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 July 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}