{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:04:41Z","timestamp":1776888281718,"version":"3.51.2"},"reference-count":126,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,1,29]],"date-time":"2025-01-29T00:00:00Z","timestamp":1738108800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,1,29]],"date-time":"2025-01-29T00:00:00Z","timestamp":1738108800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Complex Intell. Syst."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1007\/s40747-024-01664-0","type":"journal-article","created":{"date-parts":[[2025,1,29]],"date-time":"2025-01-29T09:49:01Z","timestamp":1738144141000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":34,"title":["A survey of security threats in federated learning"],"prefix":"10.1007","volume":"11","author":[{"given":"Yunhao","family":"Feng","sequence":"first","affiliation":[]},{"given":"Yanming","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Yinjian","family":"Hou","sequence":"additional","affiliation":[]},{"given":"Yulun","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Mingrui","family":"Lao","sequence":"additional","affiliation":[]},{"given":"Tianyuan","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Gang","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,29]]},"reference":[{"key":"1664_CR1","doi-asserted-by":"crossref","unstructured":"Kirillov A, Mintun E, Ravi N, Mao H, Rolland C, Gustafson L, Xiao T, Whitehead S, Berg AC, Lo W-Y et al (2023) Segment anything. arXiv:2304.02643","DOI":"10.1109\/ICCV51070.2023.00371"},{"key":"1664_CR2","doi-asserted-by":"crossref","unstructured":"Voigt P, Bussche A (2017) The eu general data protection regulation. A practical guide, vol 10, no 3152676, 1st edn. Springer International Publishing, Cham, pp 10\u20135555","DOI":"10.1007\/978-3-319-57959-7"},{"key":"1664_CR3","unstructured":"McMahan B, Moore E, Ramage D, Hampson S, Arcas BA (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics"},{"key":"1664_CR4","first-page":"1","volume":"13","author":"Q Yang","year":"2020","unstructured":"Yang Q, Liu Y, Cheng Y, Kang Y, Chen T, Yu H (2020) Federated learning: synthesis lectures on artificial intelligence and machine learning. Fed Learn 13:1\u2013207","journal-title":"Fed Learn"},{"key":"1664_CR5","doi-asserted-by":"crossref","unstructured":"Doshi K, Yilmaz Y (2022) Federated learning-based driver activity recognition for edge devices. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition","DOI":"10.1109\/CVPRW56347.2022.00377"},{"key":"1664_CR6","doi-asserted-by":"crossref","unstructured":"Becking D, Kirchhoffer H, Tech G, Haase P, M\u00fcller K, Schwarz H, Samek W (2022) Adaptive differential filters for fast and communication-efficient federated learning. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition","DOI":"10.1109\/CVPRW56347.2022.00380"},{"key":"1664_CR7","doi-asserted-by":"crossref","unstructured":"Liu Y, Kang Y, Zou T, Pu Y, He Y, Ye X, Ouyang Y, Zhang Y-Q, Yang Q (2024) Vertical federated learning: concepts, advances, and challenges. IEEE Trans Knowl Data Eng 36","DOI":"10.1109\/TKDE.2024.3352628"},{"key":"1664_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2024.128019","volume":"597","author":"B Liu","year":"2024","unstructured":"Liu B, Lv N, Guo Y, Li Y (2024) Recent advances on federated learning: a systematic survey. Neurocomputing 597:128019","journal-title":"Neurocomputing"},{"key":"1664_CR9","doi-asserted-by":"crossref","unstructured":"Ye R, Wang W, Chai J, Li D, Li Z, Xu Y, Du Y, Wang Y, Chen S (2024) Openfedllm: training large language models on decentralized private data via federated learning. In: Proceedings of the 30th ACM SIGKDD conference on knowledge discovery and data mining","DOI":"10.1145\/3637528.3671582"},{"issue":"5","key":"1664_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3637868","volume":"56","author":"M Gecer","year":"2024","unstructured":"Gecer M, Garbinato B (2024) Federated learning for mobility applications. ACM Comput Surv 56(5):1\u201328","journal-title":"ACM Comput Surv"},{"key":"1664_CR11","doi-asserted-by":"crossref","unstructured":"Yazdinejad A, Dehghantanha A, Karimipour H, Srivastava G, Parizi RM (2024) A robust privacy-preserving federated learning model against model poisoning attacks. IEEE Trans Inf Forensics Secur 19","DOI":"10.1109\/TIFS.2024.3420126"},{"key":"1664_CR12","doi-asserted-by":"crossref","unstructured":"Zhang H, Jia J, Chen J, Lin L, Wu D (2024) A3fl: adversarially adaptive backdoor attacks to federated learning. In: Advances in neural information processing systems, vol 36","DOI":"10.1007\/978-981-99-8070-3_1"},{"key":"1664_CR13","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1016\/j.inffus.2022.09.011","volume":"90","author":"N Rodr\u00edguez-Barroso","year":"2023","unstructured":"Rodr\u00edguez-Barroso N, Jim\u00e9nez-L\u00f3pez D, Luz\u00f3n MV, Herrera F, Mart\u00ednez-C\u00e1mara E (2023) Survey on federated learning threats: concepts, taxonomy on attacks and defences, experimental study and challenges. Inf Fusion 90:148\u2013173","journal-title":"Inf Fusion"},{"key":"1664_CR14","unstructured":"Tariq A, Serhani MA, Sallabi F, Qayyum T, Barka ES, Shuaib KA (2023) Trustworthy federated learning: a survey. arXiv:2305.11537"},{"key":"1664_CR15","doi-asserted-by":"crossref","unstructured":"Zhang Y, Zeng D, Luo J, Xu Z, King I (2023) A survey of trustworthy federated learning with perspectives on security, robustness, and privacy. arXiv:2302.10637","DOI":"10.1145\/3543873.3587681"},{"key":"1664_CR16","doi-asserted-by":"crossref","unstructured":"Pan Z, Ying Z, Wang Y, Zhang C, Li C, Zhu L (2024) One-shot backdoor removal for federated learning. IEEE Internet Things J 176","DOI":"10.1109\/JIOT.2024.3438150"},{"key":"1664_CR17","doi-asserted-by":"crossref","unstructured":"Yang Y, Li Q, Jia J, Hong Y, Wang B (2024) Distributed backdoor attacks on federated graph learning and certified defenses. arXiv:2407.08935","DOI":"10.1145\/3658644.3690187"},{"key":"1664_CR18","doi-asserted-by":"crossref","unstructured":"Zeng Y, Park W, Mao ZM, Jia R (2021) Rethinking the backdoor attacks\u2019 triggers: a frequency perspective. In: Proceedings of the IEEE\/CVF international conference on computer vision","DOI":"10.1109\/ICCV48922.2021.01616"},{"key":"1664_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2024.111660","volume":"293","author":"Y Wang","year":"2024","unstructured":"Wang Y, Zhai D-H, Xia Y (2024) Rope: defending against backdoor attacks in federated learning systems. Knowl-Based Syst 293:111660","journal-title":"Knowl-Based Syst"},{"key":"1664_CR20","doi-asserted-by":"crossref","unstructured":"Doan BG, Abbasnejad E, Ranasinghe DC (2020) Februus: input purification defense against trojan attacks on deep neural network systems. In: Annual computer security applications conference","DOI":"10.1145\/3427228.3427264"},{"key":"1664_CR21","unstructured":"Li S, Cheng Y, Wang W, Liu Y, Chen T (2020) Learning to detect malicious clients for robust federated learning. arXiv:2002.00211"},{"key":"1664_CR22","doi-asserted-by":"crossref","unstructured":"Naseri M, Han Y, De\u00a0Cristofaro E (2024) Badvfl: backdoor attacks in vertical federated learning. In: IEEE symposium on security and privacy","DOI":"10.1109\/SP54263.2024.00008"},{"key":"1664_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.107166","volume":"127","author":"TD Nguyen","year":"2024","unstructured":"Nguyen TD, Nguyen T, Le Nguyen P, Pham HH, Doan KD, Wong K-S (2024) Backdoor attacks and defenses in federated learning: survey, challenges and future research directions. Eng Appl Artif Intell 127:107166","journal-title":"Eng Appl Artif Intell"},{"issue":"6","key":"1664_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3678181","volume":"15","author":"Y Zhang","year":"2024","unstructured":"Zhang Y, Zeng D, Luo J, Fu X, Chen G, Xu Z, King I (2024) A survey of trustworthy federated learning: issues, solutions, and challenges. ACM Trans Intell Syst Technol 15(6):1\u201347","journal-title":"ACM Trans Intell Syst Technol"},{"key":"1664_CR25","unstructured":"Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V (2020) How to backdoor federated learning. In: International conference on artificial intelligence and statistics"},{"key":"1664_CR26","unstructured":"Zhang Z, Panda A, Song L, Yang Y, Mahoney M, Mittal P, Kannan R, Gonzalez J (2022) Neurotoxin: durable backdoors in federated learning. In: International conference on machine learning"},{"issue":"3","key":"1664_CR27","doi-asserted-by":"publisher","first-page":"73","DOI":"10.3390\/fi13030073","volume":"13","author":"X Zhou","year":"2021","unstructured":"Zhou X, Xu M, Wu Y, Zheng N (2021) Deep model poisoning attack on federated learning. Future Internet 13(3):73","journal-title":"Future Internet"},{"key":"1664_CR28","doi-asserted-by":"crossref","unstructured":"Sun Y, Ochiai H, Sakuma J (2022) Semi-targeted model poisoning attack on federated learning via backward error analysis. In: 2022 international joint conference on neural networks, pp 1\u20138","DOI":"10.1109\/IJCNN55064.2022.9891990"},{"key":"1664_CR29","unstructured":"Wang H, Sreenivasan K, Rajput S, Vishwakarma H, Agarwal S, Sohn J-y, Lee K, Papailiopoulos D (2020) Attack of the tails: yes, you really can backdoor federated learning"},{"issue":"2","key":"1664_CR30","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/MWC.017.2100714","volume":"30","author":"X Gong","year":"2022","unstructured":"Gong X, Chen Y, Wang Q, Kong W (2022) Backdoor attacks and defenses in federated learning: state-of-the-art, taxonomy, and future directions. IEEE Wirel Commun 30(2):114\u201321","journal-title":"IEEE Wirel Commun"},{"key":"1664_CR31","unstructured":"Sun Z, Kairouz P, Suresh AT, McMahan HB (2019) Can you really backdoor federated learning? arXiv:1911.07963"},{"key":"1664_CR32","doi-asserted-by":"crossref","unstructured":"Ozdayi MS, Kantarcioglu M, Gel YR (2021) Defending against backdoors in federated learning with robust learning rate. In: Proceedings of the AAAI conference on artificial intelligence","DOI":"10.1609\/aaai.v35i10.17118"},{"key":"1664_CR33","unstructured":"Fang M, Cao X, Jia J, Gong N (2020) Local model poisoning attacks to $$\\{$$Byzantine-Robust$$\\}$$ federated learning. In: 29th USENIX security symposium (USENIX Security 20), pp 1605\u20131622"},{"issue":"6","key":"1664_CR34","doi-asserted-by":"publisher","first-page":"4096","DOI":"10.1109\/TCSVT.2021.3116976","volume":"32","author":"S Guo","year":"2021","unstructured":"Guo S, Zhang T, Yu H, Xie X, Ma L, Xiang T, Liu Y (2021) Byzantine-resilient decentralized stochastic gradient descent. IEEE Trans Circuits Syst Video Technol 32(6):4096\u2013106","journal-title":"IEEE Trans Circuits Syst Video Technol"},{"key":"1664_CR35","unstructured":"Prakash S, Avestimehr AS (2020) Mitigating byzantine attacks in federated learning. arXiv:2010.07541"},{"key":"1664_CR36","unstructured":"Zizzo G, Rawat A, Sinn M, Buesser B (2020) Fat: federated adversarial training. arXiv:2012.01791"},{"key":"1664_CR37","unstructured":"Chen C, Liu Y, Ma X, Lyu L (2022) Calfat: calibrated federated adversarial training with label skewness. In: Advances in neural information processing systems"},{"key":"1664_CR38","unstructured":"Li X, Song Z, Yang J (2023) Federated adversarial learning: a framework with convergence analysis. In: International conference on machine learning"},{"key":"1664_CR39","doi-asserted-by":"crossref","unstructured":"Zhang J, Li B, Chen C, Lyu L, Wu S, Ding S, Wu C (2023) Delving into the adversarial robustness of federated learning. arXiv:2302.09479","DOI":"10.1609\/aaai.v37i9.26331"},{"key":"1664_CR40","doi-asserted-by":"crossref","unstructured":"Miao C, Li Q, Xiao H, Jiang W, Huai M, Su L (2018) Towards data poisoning attacks in crowd sensing systems. In: Proceedings of the eighteenth ACM international symposium on mobile ad hoc networking and computing","DOI":"10.1145\/3209582.3209594"},{"key":"1664_CR41","doi-asserted-by":"crossref","unstructured":"Zhang H, Zheng T, Gao J, Miao C, Su L, Li Y, Ren K (2019) Data poisoning attack against knowledge graph embedding. arXiv:1904.12052","DOI":"10.24963\/ijcai.2019\/674"},{"key":"1664_CR42","doi-asserted-by":"crossref","unstructured":"Barreno M, Nelson B, Sears R, Joseph AD, Tygar JD (2006) Can machine learning be secure? In: Proceedings of the 2006 ACM symposium on information, computer and communications security","DOI":"10.1145\/1128817.1128824"},{"key":"1664_CR43","doi-asserted-by":"crossref","unstructured":"Lamport L, Shostak R, Pease M (2019) The byzantine generals problem. In: Concurrency: the works of Leslie Lamport, pp 203\u2013226","DOI":"10.1145\/3335772.3335936"},{"key":"1664_CR44","unstructured":"Xie C, Koyejo O, Gupta I (2020) Fall of empires: breaking byzantine-tolerant sgd by inner product manipulation. In: Uncertainty in artificial intelligence"},{"key":"1664_CR45","unstructured":"Bernstein J, Zhao J, Azizzadenesheli K, Anandkumar A (2018) signsgd with majority vote is communication efficient and fault tolerant. arXiv:1810.05291"},{"key":"1664_CR46","first-page":"81","volume":"1","author":"G Damaskinos","year":"2019","unstructured":"Damaskinos G, El-Mhamdi E-M, Guerraoui R, Guirguis A, Rouault S (2019) Aggregathor: Byzantine machine learning via robust gradient aggregation. Proc Mach Learn Syst 1:81\u2013106","journal-title":"Proc Mach Learn Syst"},{"issue":"2","key":"1664_CR47","doi-asserted-by":"publisher","first-page":"191","DOI":"10.3233\/JCS-2012-0460","volume":"21","author":"A Geigel","year":"2013","unstructured":"Geigel A (2013) Neural network trojan. J Comput Secur 21(2):191\u2013232","journal-title":"J Comput Secur"},{"key":"1664_CR48","unstructured":"Gu T, Dolan-Gavitt B, Garg S (2017) Badnets: identifying vulnerabilities in the machine learning model supply chain. arXiv:1708.06733"},{"key":"1664_CR49","unstructured":"Xie C, Huang K, Chen P-Y, Li B (2019) Dba: distributed backdoor attacks against federated learning. In: International conference on learning representations"},{"key":"1664_CR50","doi-asserted-by":"crossref","unstructured":"Salem A, Wen R, Backes M, Ma S, Zhang Y (2022) Dynamic backdoor attacks against machine learning models. In: 2022 IEEE 7th European symposium on security and privacy","DOI":"10.1109\/EuroSP53844.2022.00049"},{"key":"1664_CR51","unstructured":"Li Y, Zhai T, Wu B, Jiang Y, Li Z, Xia S (2020) Rethinking the trigger of backdoor attack. arXiv:2004.04692"},{"key":"1664_CR52","unstructured":"Dai Y, Li S (2023) Chameleon: adapting to peer images for planting durable backdoors in federated learning. arXiv:2304.12961"},{"key":"1664_CR53","unstructured":"Shen S, Tople S, Saxena P (2016) Auror: defending against poisoning attacks in collaborative deep learning systems. In: Proceedings of the 32nd annual conference on computer security applications"},{"key":"1664_CR54","unstructured":"Steinhardt J, Koh PWW, Liang PS (2017) Certified defenses for data poisoning attacks. In: Advances in neural information processing systems, vol 30"},{"key":"1664_CR55","doi-asserted-by":"crossref","unstructured":"Tolpegin V, Truex S, Gursoy ME, Liu L (2020) Data poisoning attacks against federated learning systems. In: Computer Security\u2013ESORICS 2020: 25th European symposium on research in computer security, ESORICS 2020, Guildford, September 14\u201318, 2020, Proceedings, Part I 25, pp 480\u2013501","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"1664_CR56","unstructured":"Shafahi A, Huang WR, Najibi M, Suciu O, Studer C, Dumitras T, Goldstein T (2018) Poison frogs! Targeted clean-label poisoning attacks on neural networks"},{"key":"1664_CR57","unstructured":"Zhu C, Huang WR, Li H, Taylor G, Studer C, Goldstein T (2019) Transferable clean-label poisoning attacks on deep neural nets. In: International conference on machine learning"},{"key":"1664_CR58","unstructured":"Tran B, Li J, Madry A (2018) Spectral signatures in backdoor attacks, vol 31"},{"key":"1664_CR59","unstructured":"Chen B, Carvalho W, Baracaldo N, Ludwig H, Edwards B, Lee T, Molloy I, Srivastava B (2018) Detecting backdoor attacks on deep neural networks by activation clustering. arXiv:1811.03728"},{"key":"1664_CR60","doi-asserted-by":"crossref","unstructured":"Liu Y, Xie Y, Srivastava A (2017) Neural trojans. In: 2017 IEEE international conference on computer design, pp 45\u201348","DOI":"10.1109\/ICCD.2017.16"},{"key":"1664_CR61","unstructured":"Li Y, Zhai T, Jiang Y, Li Z, Xia S-T (2021) Backdoor attack in the physical world. arXiv:2104.02361"},{"key":"1664_CR62","unstructured":"Fung C, Yoon CJ, Beschastnikh I (2018) Mitigating sybils in federated learning poisoning. arXiv:1808.04866"},{"key":"1664_CR63","unstructured":"Nguyen TD, Rieger P, Yalame MH, M\u00f6llering H, Fereidooni H, Marchal S, Miettinen M, Mirhoseini A, Sadeghi A-R, Schneider T et al (2021) Flguard: secure and private federated learning. Crytogr Secur 32"},{"key":"1664_CR64","doi-asserted-by":"crossref","unstructured":"Zhang Z, Cao X, Jia J, Gong NZ (2022) Fldetector: defending federated learning against model poisoning attacks via detecting malicious clients. In: Proceedings of the 28th ACM SIGKDD conference on knowledge discovery and data mining","DOI":"10.1145\/3534678.3539231"},{"key":"1664_CR65","doi-asserted-by":"crossref","unstructured":"Cao X, Jia J, Zhang Z, Gong NZ (2023) Fedrecover: recovering from poisoning attacks in federated learning using historical information. In: IEEE symposium on security and privacy","DOI":"10.1109\/SP46215.2023.10179336"},{"key":"1664_CR66","unstructured":"Naseri M, Hayes J, De\u00a0Cristofaro E (2020) Toward robustness and privacy in federated learning: experimenting with local and central differential privacy. arXiv:2009.03561"},{"key":"1664_CR67","unstructured":"Bagdasaryan E, Poursaeed O, Shmatikov V (2019) Differential privacy has disparate impact on model accuracy. In: Advances in neural information processing systems, vol 32"},{"key":"1664_CR68","unstructured":"McMahan HB, Ramage D, Talwar K, Zhang L (2017) Learning differentially private recurrent language models. arXiv:1710.06963"},{"key":"1664_CR69","doi-asserted-by":"crossref","unstructured":"Andreina S, Marson GA, M\u00f6llering H, Karame G (2021) Baffle: backdoor detection via feedback-based federated learning. In: 2021 IEEE 41st International conference on distributed computing systems","DOI":"10.1109\/ICDCS51616.2021.00086"},{"key":"1664_CR70","unstructured":"Xie C, Chen M, Chen P-Y, Li B (2021) Crfl: certifiably robust federated learning against backdoor attacks. In: International conference on machine learning"},{"key":"1664_CR71","unstructured":"Nguyen TD, Rieger P, De\u00a0Viti R, Chen H, Brandenburg BB, Yalame H, M\u00f6llering H, Fereidooni H, Marchal S, Miettinen M (2022) $$\\{$$FLAME$$\\}$$: taming backdoors in federated learning. In: 31st USENIX security symposium"},{"key":"1664_CR72","unstructured":"Sun J, Li A, DiValentin L, Hassanzadeh A, Chen Y, Li H (2021) Fl-wbc: enhancing robustness against model poisoning attacks in federated learning from a client perspective"},{"key":"1664_CR73","doi-asserted-by":"crossref","unstructured":"Wang N, Xiao Y, Chen Y, Hu Y, Lou W, Hou YT (2022) Flare: defending federated learning against model poisoning attacks via latent space representations. In: Proceedings of the 2022 ACM on Asia conference on computer and communications security","DOI":"10.1145\/3488932.3517395"},{"key":"1664_CR74","unstructured":"Li Y, Lyu X, Koren N, Lyu L, Li B, Ma X (2021) Anti-backdoor learning: training clean models on poisoned data"},{"key":"1664_CR75","unstructured":"Zeng Y, Chen S, Park W, Mao ZM, Jin M, Jia R (2021) Adversarial unlearning of backdoors via implicit hypergradient. arXiv:2110.03735"},{"key":"1664_CR76","unstructured":"Zhao P, Chen P-Y, Das P, Ramamurthy KN, Lin X (2020) Bridging mode connectivity in loss landscapes and adversarial robustness. arXiv:2005.00060"},{"key":"1664_CR77","doi-asserted-by":"crossref","unstructured":"Yoshida K, Fujino T (2020) Disabling backdoor and identifying poison data by using knowledge distillation in backdoor attacks on deep neural networks. In: Proceedings of the 13th ACM workshop on artificial intelligence and security","DOI":"10.1145\/3411508.3421375"},{"key":"1664_CR78","unstructured":"Huang H, Ma X, Erfani S, Bailey J (2023) Distilling cognitive backdoor patterns within an image. arXiv:2301.10908"},{"key":"1664_CR79","doi-asserted-by":"crossref","unstructured":"Zhu L, Ning R, Wang C, Xin C, Wu H (2020) Gangsweep: sweep out neural backdoors by gan. In: Proceedings of the 28th ACM international conference on multimedia","DOI":"10.1145\/3394171.3413546"},{"key":"1664_CR80","doi-asserted-by":"crossref","unstructured":"Guo W, Wang L, Xu Y, Xing X, Du M, Song D (2020) Towards inspecting and eliminating trojan backdoors in deep neural networks. In: 2020 IEEE international conference on data mining","DOI":"10.1109\/ICDM50108.2020.00025"},{"key":"1664_CR81","doi-asserted-by":"crossref","unstructured":"Wang B, Yao Y, Shan S, Li H, Viswanath B, Zheng H, Zhao BY (2019) Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE symposium on security and privacy","DOI":"10.1109\/SP.2019.00031"},{"key":"1664_CR82","unstructured":"Xu K, Liu S, Chen P-Y, Zhao P, Lin X (2020) Defending against backdoor attack on deep neural networks. arXiv preprint arXiv:2002.12162"},{"key":"1664_CR83","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102277","volume":"106","author":"W Aiken","year":"2021","unstructured":"Aiken W, Kim H, Woo S, Ryoo J (2021) Neural network laundering: removing black-box backdoor watermarks from deep neural networks. Comput Secur 106:102277","journal-title":"Comput Secur"},{"key":"1664_CR84","doi-asserted-by":"crossref","unstructured":"Douceur JR (2002) The sybil attack. In: International workshop on peer-to-peer systems, pp 251\u2013260","DOI":"10.1007\/3-540-45748-8_24"},{"key":"1664_CR85","unstructured":"Bhagoji AN, Chakraborty S, Mittal P, Calo S (2019) Analyzing federated learning through an adversarial lens. In: International conference on machine learning, pp 634\u2013643"},{"key":"1664_CR86","unstructured":"Lin J, Du M, Liu J (2019) Free-riders in federated learning: attacks and defenses. arXiv:1911.12560"},{"key":"1664_CR87","doi-asserted-by":"crossref","unstructured":"Yang H, Zhong Y, Yang B, Yang Y, Xu Z, Wang L, Zhang Y (2022) An overview of sybil attack detection mechanisms in vfc. In: 2022 52nd annual IEEE\/IFIP international conference on dependable systems and networks workshops (DSN-W), pp 117\u2013122","DOI":"10.1109\/DSN-W54100.2022.00028"},{"issue":"3","key":"1664_CR88","doi-asserted-by":"publisher","first-page":"1342","DOI":"10.1109\/COMST.2015.2422735","volume":"17","author":"L Zhang","year":"2015","unstructured":"Zhang L, Ding G, Wu Q, Zou Y, Han Z, Wang J (2015) Byzantine attack and defense in cognitive radio networks: a survey. IEEE Commun Surv Tutor 17(3):1342\u20131363","journal-title":"IEEE Commun Surv Tutor"},{"key":"1664_CR89","unstructured":"Kailkhura B, Han YS, Brahma S, Varshney PK (2013) Distributed Bayesian detection with byzantine data. arXiv:1307.3544"},{"key":"1664_CR90","doi-asserted-by":"crossref","unstructured":"Fatemieh O, Chandra R, Gunter CA (2010) Secure collaborative sensing for crowd sourcing spectrum data in white space networks. In: 2010 IEEE symposium on new frontiers in dynamic spectrum (DySPAN), pp 1\u201312","DOI":"10.1109\/DYSPAN.2010.5457893"},{"issue":"6","key":"1664_CR91","doi-asserted-by":"publisher","first-page":"2680","DOI":"10.1109\/TWC.2013.041913.120516","volume":"12","author":"Z Qin","year":"2013","unstructured":"Qin Z, Li Q, Hsieh G (2013) Defending against cooperative attacks in cooperative spectrum sensing. IEEE Trans Wirel Commun 12(6):2680\u20132687","journal-title":"IEEE Trans Wirel Commun"},{"key":"1664_CR92","unstructured":"Fatemieh O, Farhadi A, Chandra R, Gunter CA (2011) Using classification to protect the integrity of spectrum measurements in white space networks. In: NDSS"},{"issue":"2","key":"1664_CR93","doi-asserted-by":"publisher","first-page":"500","DOI":"10.1109\/LWC.2018.2877665","volume":"8","author":"J Wu","year":"2018","unstructured":"Wu J, Yu Y, Song T, Hu J (2018) Sequential 0\/1 for cooperative spectrum sensing in the presence of strategic byzantine attack. IEEE Wirel Commun Lett 8(2):500\u2013503","journal-title":"IEEE Wirel Commun Lett"},{"key":"1664_CR94","unstructured":"Guerraoui R, Rouault S (2018) The hidden vulnerability of distributed learning in byzantium. In: International conference on machine learning, pp 3521\u20133530"},{"key":"1664_CR95","unstructured":"Xie C, Koyejo O, Gupta I (2018) Generalized byzantine-tolerant sgd. arXiv:1802.10116"},{"key":"1664_CR96","doi-asserted-by":"crossref","unstructured":"Li Q, Li Y, Gao J, Zhao B, Fan W, Han J (2014) Resolving conflicts in heterogeneous data by truth discovery and source reliability estimation. In: Proceedings of the 2014 ACM SIGMOD international conference on management of data","DOI":"10.1145\/2588555.2610509"},{"key":"1664_CR97","unstructured":"Hsu T-MH, Qi H, Brown M (2019) Measuring the effects of non-identical data distribution for federated visual classification. arXiv:1909.06335"},{"key":"1664_CR98","unstructured":"Jiang Y, Ma B, Wang X, Yu G, Sun C, Ni W, Liu RP (2023) A secure aggregation for federated learning on long-tailed data. arXiv:2307.08324"},{"key":"1664_CR99","doi-asserted-by":"publisher","first-page":"1383","DOI":"10.1007\/s10514-017-9621-5","volume":"41","author":"S Gil","year":"2017","unstructured":"Gil S, Kumar S, Mazumder M, Katabi D, Rus D (2017) Guaranteeing spoof-resilient multi-robot networks. Auton Robot 41:1383\u20131400","journal-title":"Auton Robot"},{"key":"1664_CR100","unstructured":"Blanchard P, El\u00a0Mhamdi EM, Guerraoui R, Stainer J (2017) Machine learning with adversaries: Byzantine tolerant gradient descent"},{"key":"1664_CR101","unstructured":"Mu\u00f1oz-Gonz\u00e1lez L, Co KT, Lupu EC (2019) Byzantine-robust federated machine learning through adaptive model averaging. arXiv:1909.05125"},{"issue":"1","key":"1664_CR102","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/TRO.2021.3089033","volume":"38","author":"F Mallmann-Trenn","year":"2021","unstructured":"Mallmann-Trenn F, Cavorsi M, Gil S (2021) Crowd vetting: rejecting adversaries via collaboration with application to multirobot flocking. IEEE Trans Robot 38(1):5\u201324","journal-title":"IEEE Trans Robot"},{"key":"1664_CR103","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1016\/j.comcom.2014.03.009","volume":"46","author":"H Wang","year":"2014","unstructured":"Wang H, Jia Q, Fleck D, Powell W, Li F, Stavrou A (2014) A moving target ddos defense mechanism. Comput Commun 46:10\u201321","journal-title":"Comput Commun"},{"issue":"4","key":"1664_CR104","doi-asserted-by":"publisher","first-page":"3769","DOI":"10.1109\/COMST.2019.2934468","volume":"21","author":"N Agrawal","year":"2019","unstructured":"Agrawal N, Tapaswi S (2019) Defense mechanisms against ddos attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Commun Surv Tutor 21(4):3769\u20133795","journal-title":"IEEE Commun Surv Tutor"},{"key":"1664_CR105","unstructured":"Mostafa H (2019) Robust federated learning through representation matching and adaptive hyper-parameters. arXiv:1912.13075"},{"key":"1664_CR106","doi-asserted-by":"crossref","unstructured":"Zheng X, Dong Q, Fu A (2022) Wmdefense: using watermark to defense byzantine attacks in federated learning. In: IEEE INFOCOM conference on computer communications workshops","DOI":"10.1109\/INFOCOMWKSHPS54753.2022.9798217"},{"key":"1664_CR107","doi-asserted-by":"crossref","unstructured":"Mehmuda D, Bhagat C, Patel D, Captain K, Parmar A (2023) Defense against byzantine attack in cognitive radio using isolation forest. In: International conference on communication systems & networks","DOI":"10.1109\/COMSNETS56262.2023.10041300"},{"key":"1664_CR108","doi-asserted-by":"publisher","first-page":"1241","DOI":"10.1109\/TIFS.2023.3333555","volume":"19","author":"Z Gong","year":"2023","unstructured":"Gong Z, Shen L, Zhang Y, Zhang LY, Wang J, Bai G, Xiang Y (2023) Agramplifier: defending federated learning against poisoning attacks through local update amplification. IEEE Trans Inf Forensics Secur 19:1241\u20131250","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"1664_CR109","unstructured":"Portnoy A, Hendler D (2020) Towards realistic byzantine-robust federated learning"},{"key":"1664_CR110","doi-asserted-by":"publisher","first-page":"1142","DOI":"10.1109\/TSP.2022.3153135","volume":"70","author":"K Pillutla","year":"2022","unstructured":"Pillutla K, Kakade SM, Harchaoui Z (2022) Robust aggregation for federated learning. IEEE Trans Signal Process 70:1142\u20131154","journal-title":"IEEE Trans Signal Process"},{"key":"1664_CR111","unstructured":"Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv:1412.6572"},{"key":"1664_CR112","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2017) Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083"},{"key":"1664_CR113","doi-asserted-by":"crossref","unstructured":"Wang H, Wu C, Zheng K (2024) Defense against adversarial attacks based on color space transformation. Neural Netw 173:106176","DOI":"10.1016\/j.neunet.2024.106176"},{"key":"1664_CR114","unstructured":"Wang Q, Li C, Luo Y, Ling H, Li P, Chen J, Huang S, Yu N (2024) Detecting adversarial data via perturbation forgery. arXiv:2405.16226"},{"key":"1664_CR115","unstructured":"Zhang S, Liu F, Yang J, Yang Y, Li C, Han B, Tan M (2023) Detecting adversarial data by probing multiple perturbations using expected perturbation score. In: International conference on machine learning"},{"key":"1664_CR116","unstructured":"Feinman R, Curtin RR, Shintre S, Gardner AB (2017) Detecting adversarial samples from artifacts. arXiv:1703.00410"},{"key":"1664_CR117","doi-asserted-by":"crossref","unstructured":"Pang T, Zhang H, He D, Dong Y, Su H, Chen W, Zhu J, Liu T-Y (2022) Two coupled rejection metrics can tell adversarial examples apart. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition","DOI":"10.1109\/CVPR52688.2022.01479"},{"key":"1664_CR118","unstructured":"Reisizadeh A, Farnia F, Pedarsani R, Jadbabaie A (2020) Robust federated learning: the case of affine distribution shifts"},{"key":"1664_CR119","unstructured":"Polyak BT et al (1963) Gradient methods for minimizing functionals. Zhurnal vychislitel\u2019noi matematiki i matematicheskoi fiziki, vol 3"},{"key":"1664_CR120","unstructured":"Hong J, Wang H, Wang Z, Zhou J (2021) Federated robustness propagation: sharing robustness in heterogeneous federated learning. arXiv:2106.10196"},{"key":"1664_CR121","doi-asserted-by":"crossref","unstructured":"Chen C, Kailkhura B, Goldhahn R, Zhou Y (2021) Certifiably-robust federated adversarial learning via randomized smoothing. In: 2021 IEEE 18th international conference on mobile ad hoc and smart systems (MASS)","DOI":"10.1109\/MASS52906.2021.00032"},{"key":"1664_CR122","doi-asserted-by":"crossref","unstructured":"Zhou Y, Wu J, Wang H, He J (2022) Adversarial robustness through bias variance decomposition: a new perspective for federated learning. In: Proceedings of the 31st ACM international conference on information & knowledge management","DOI":"10.1145\/3511808.3557232"},{"key":"1664_CR123","doi-asserted-by":"crossref","unstructured":"Zhang J, Chen Y, Li H (2022) Privacy leakage of adversarial training models in federated learning systems. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition","DOI":"10.1109\/CVPRW56347.2022.00021"},{"key":"1664_CR124","unstructured":"Zhou Y, Wu J, He J (2020) Adversarially robust federated learning for neural networks"},{"key":"1664_CR125","unstructured":"Shah D, Dube P, Chakraborty S, Verma A (2021) Adversarial training in communication constrained federated learning. arXiv:2103.01319"},{"key":"1664_CR126","unstructured":"Weng C-H, Lee Y-T, Wu S-HB (2020) On the trade-off between adversarial and backdoor robustness"}],"container-title":["Complex & Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-024-01664-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s40747-024-01664-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-024-01664-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,7]],"date-time":"2025-02-07T16:34:42Z","timestamp":1738946082000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s40747-024-01664-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,29]]},"references-count":126,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["1664"],"URL":"https:\/\/doi.org\/10.1007\/s40747-024-01664-0","relation":{},"ISSN":["2199-4536","2198-6053"],"issn-type":[{"value":"2199-4536","type":"print"},{"value":"2198-6053","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,29]]},"assertion":[{"value":"7 June 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 September 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 January 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"165"}}