{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,11]],"date-time":"2026-01-11T01:20:14Z","timestamp":1768094414042,"version":"3.49.0"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,4,15]],"date-time":"2025-04-15T00:00:00Z","timestamp":1744675200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,4,15]],"date-time":"2025-04-15T00:00:00Z","timestamp":1744675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Complex Intell. Syst."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s40747-025-01876-y","type":"journal-article","created":{"date-parts":[[2025,4,15]],"date-time":"2025-04-15T13:07:07Z","timestamp":1744722427000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Effective defense against physically embedded backdoor attacks via clustering-based filtering"],"prefix":"10.1007","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3815-8028","authenticated-orcid":false,"given":"Mohammed","family":"Kutbi","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,15]]},"reference":[{"key":"1876_CR1","doi-asserted-by":"crossref","unstructured":"Aladag M, Catak F\u00a0O, Gul E (2019) Preventing data poisoning attacks by using generative models. In 2019 1st international informatics and software engineering conference (UBMYK). IEEE, pp 1\u20135","DOI":"10.1109\/UBMYK48245.2019.8965459"},{"issue":"4","key":"1876_CR2","doi-asserted-by":"publisher","first-page":"3161","DOI":"10.1007\/s40747-021-00563-y","volume":"8","author":"J Amin","year":"2022","unstructured":"Amin J, Sharif M, Haldorai A, Yasmin M, Nayak RS (2022) Brain tumor detection and classification using machine learning: a comprehensive survey. Complex Intell Syst 8(4):3161\u20133183","journal-title":"Complex Intell Syst"},{"key":"1876_CR3","unstructured":"Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V(2020) How to backdoor federated learning. In International conference on artificial intelligence and statistics. PMLR, pp 2938\u20132948"},{"key":"1876_CR4","doi-asserted-by":"crossref","unstructured":"Borgnia E, Cherepanova V, Fowl Lam, Ghiasi A, Geiping J, Goldblum M, Goldstein T, Gupta A (2021) Strong data augmentation sanitizes poisoning and backdoor attacks without an accuracy tradeoff. In ICASSP 2021-2021 IEEE international conference on acoustics, speech and signal processing (ICASSP). IEEE, pp 3855\u20133859","DOI":"10.1109\/ICASSP39728.2021.9414862"},{"key":"1876_CR5","unstructured":"Chen B, Carvalho W, Abdalmageed W, Koushanfar F, Roth K (2019) Detecting backdoor attacks on deep neural networks by activation clustering. In Proceedings of the AAAI workshop on artificial intelligence safety. pp 36\u201342"},{"key":"1876_CR6","doi-asserted-by":"crossref","unstructured":"Chou E, Gao Y, Mazi\u00e8res D, Chuang J (2020) Sentinet: detecting localized universal attacks against deep learning systems. In 2020 IEEE security and privacy workshops (SPW). IEEE, pp 48\u201354","DOI":"10.1109\/SPW50608.2020.00025"},{"issue":"11","key":"1876_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3585385","volume":"55","author":"AE Cin\u00e0","year":"2023","unstructured":"Cin\u00e0 AE, Grosse K, Demontis A, Biggio B, Vascon S (2023) Wild patterns reloaded: a survey of machine learning security against training data poisoning. ACM Comput Surv 55(11):1\u201336","journal-title":"ACM Comput Surv"},{"key":"1876_CR8","doi-asserted-by":"crossref","unstructured":"Deng J, Dong W, Socher R, Li Richard, Li K, Fei-Fei L (2009) Imagenet: a large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition. IEEE, pp 248\u2013255","DOI":"10.1109\/CVPR.2009.5206848"},{"issue":"16","key":"1876_CR9","doi-asserted-by":"publisher","first-page":"6434","DOI":"10.3390\/su12166434","volume":"12","author":"D Christopher","year":"2020","unstructured":"Christopher D, Nour M, Benjamin T (2020) Robustness evaluations of sustainable machine learning models against data poisoning attacks in the internet of things. Sustainability 12(16):6434","journal-title":"Sustainability"},{"key":"1876_CR10","unstructured":"Gao Y, Doan B\u00a0G, Zhang Z, Ma S, Zhang J, Fu A, Nepal S, Kim H (2020) Backdoor attacks and countermeasures on deep learning: a comprehensive review. arXiv preprint arXiv:2007.10760"},{"key":"1876_CR11","doi-asserted-by":"crossref","unstructured":"Gao Y, Xu C, Wang D, Chen S, Ranasinghe D, Nepal S (2019) Strip: a defence against trojan attacks on deep neural networks. In Proceedings of the 35th annual computer security applications conference. pp 113\u2013125","DOI":"10.1145\/3359789.3359790"},{"key":"1876_CR12","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"G Tianyu","year":"2019","unstructured":"Tianyu G, Kang L, Brendan D-G, Siddharth G (2019) Badnets: evaluating backdooring attacks on deep neural networks. IEEE Access 7:47230\u201347244","journal-title":"IEEE Access"},{"key":"1876_CR13","unstructured":"Gurav O (2020) Face mask detection dataset. https:\/\/www.kaggle.com\/datasets\/omkargurav\/face-mask-dataset, [Accessed 25 Oct 2023]"},{"key":"1876_CR14","doi-asserted-by":"crossref","unstructured":"Jagielski M, Severi G, Pousette\u00a0Harger N, Oprea A (2021) Subpopulation data poisoning attacks. In Proceedings of the 2021 ACM SIGSAC conference on computer and communications security. pp 3104\u20133122","DOI":"10.1145\/3460120.3485368"},{"key":"1876_CR15","doi-asserted-by":"crossref","unstructured":"Jia J, Liu Y, Cao X, Gong N\u00a0Z (2022) Certified robustness of nearest neighbors against data poisoning and backdoor attacks. In Proceedings of the AAAI conference on artificial intelligence, vol\u00a036. pp 9575\u20139583","DOI":"10.1609\/aaai.v36i9.21191"},{"key":"1876_CR16","unstructured":"Kingma D\u00a0P (2014) Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980"},{"key":"1876_CR17","unstructured":"Krizhevsky A (2009) Learning multiple layers of features from tiny images. Technical report, University of Toronto"},{"key":"1876_CR18","unstructured":"Kutbi M (2024) Impact of backdoor attacks on face classification models through training data poisoning. In 2024 4th international conference on computing and information technology (ICCIT). IEEE"},{"key":"1876_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.bspc.2024.106024","volume":"91","author":"L Haozhi","year":"2024","unstructured":"Haozhi L, Noradin G (2024) Hybrid convolutional neural network and flexible dwarf mongoose optimization algorithm for strong kidney stone diagnosis. Biomed Signal Process Control 91:106024","journal-title":"Biomed Signal Process Control"},{"key":"1876_CR20","doi-asserted-by":"crossref","unstructured":"Liu K, Dolan-Gavitt B, Garg S (2018) Fine-pruning: defending against backdooring attacks on deep neural networks. In International symposium on research in attacks, intrusions, and defenses, Springer. pp 273\u2013294","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"1876_CR21","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks. In 6th international conference on learning representations (ICLR), 1050(9)"},{"key":"1876_CR22","first-page":"2825","volume":"12","author":"P Fabian","year":"2011","unstructured":"Fabian P, Ga\u00ebl V, Alexandre G, Vincent M, Bertrand T, Olivier G, Mathieu B, Peter P, Ron W, Vincent D et al (2011) Scikit-learn: machine learning in python. J Mach Learn Res 12:2825\u20132830","journal-title":"J Mach Learn Res"},{"key":"1876_CR23","doi-asserted-by":"publisher","first-page":"1144","DOI":"10.1007\/s40815-017-0305-2","volume":"19","author":"R Navid","year":"2017","unstructured":"Navid R, Mehdi R, Noradin G (2017) Imperialist competitive algorithm-based optimization of neuro-fuzzy system parameters for automatic red-eye removal. Int J Fuzzy Syst 19:1144\u20131156","journal-title":"Int J Fuzzy Syst"},{"key":"1876_CR24","first-page":"11957","volume":"34","author":"S Aniruddha","year":"2020","unstructured":"Aniruddha S, Akshayvarun S, Hamed P (2020) Hidden trigger backdoor attacks. Proc AAAI Conf Artif Intell 34:11957\u201311965","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"1876_CR25","doi-asserted-by":"crossref","unstructured":"Salem A, Wen R, Backes M, Ma S, Zhang Y (2022) Dynamic backdoor attacks against machine learning models. In 2022 IEEE 7th European symposium on security and privacy (EuroS &P). IEEE, pp 703\u2013718","DOI":"10.1109\/EuroSP53844.2022.00049"},{"key":"1876_CR26","doi-asserted-by":"crossref","unstructured":"Sandler M, Howard A, Zhu M, Zhmoginov A, Chen L-C (2018) Mobilenetv2: inverted residuals and linear bottlenecks. In Proceedings of the IEEE conference on computer vision and pattern recognition. pp 4510\u20134520","DOI":"10.1109\/CVPR.2018.00474"},{"issue":"1","key":"1876_CR27","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1007\/s11036-022-01937-3","volume":"28","author":"IH Sarker","year":"2023","unstructured":"Sarker IH, Khan AI, Abushark YB, Alsolami F (2023) Internet of things (iot) security intelligence: a comprehensive overview, machine learning solutions and research directions. Mobile Netw Appl 28(1):296\u2013312","journal-title":"Mobile Netw Appl"},{"key":"1876_CR28","first-page":"3517","volume":"30","author":"J Steinhardt","year":"2017","unstructured":"Steinhardt J, Koh PW, Percy L (2017) Certified defenses for data poisoning attacks. Adv Neural Inf Process Syst 30:3517\u20133529","journal-title":"Adv Neural Inf Process Syst"},{"key":"1876_CR29","doi-asserted-by":"crossref","unstructured":"Stokes J\u00a0W, England P, Kane K (2021) Preventing machine learning poisoning attacks using authentication and provenance. In MILCOM 2021-2021 IEEE military communications conference (MILCOM). IEEE, pp 181\u2013188","DOI":"10.1109\/MILCOM52596.2021.9653139"},{"key":"1876_CR30","unstructured":"Guoming S, Yulai C, Jiarong D, Qiong W (2021) Data poisoning attacks on federated machine learning. IEEE Internet Things J 8(6):4393\u20134401"},{"key":"1876_CR31","unstructured":"Sun Z, Kairouz P, Suresh A\u00a0T, McMahan H\u00a0B (2019) Can you really backdoor federated learning? 2nd international workshop on federated learning for data privacy and confidentiality at NeurIPS"},{"key":"1876_CR32","first-page":"8000","volume":"31","author":"T Brandon","year":"2018","unstructured":"Brandon T, Jerry L, Aleksander M (2018) Spectral signatures in backdoor attacks. Adv Neural Inf Process Syst 31:8000\u20138010","journal-title":"Adv Neural Inf Process Syst"},{"issue":"2","key":"1876_CR33","doi-asserted-by":"publisher","first-page":"880","DOI":"10.1109\/TR.2022.3159784","volume":"71","author":"U Sakshi","year":"2022","unstructured":"Sakshi U, Shanshan P, Gerald W, Lionell L, Louth R, Sudipta C (2022) Model agnostic defence against backdoor attacks in machine learning. IEEE Trans Reliab 71(2):880\u2013895","journal-title":"IEEE Trans Reliab"},{"key":"1876_CR34","doi-asserted-by":"crossref","unstructured":"Wang B, Yao Y, Shan S, Li H, Viswanath B, Zheng H, Zhao B\u00a0Y (2019) Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In 2019 IEEE symposium on security and privacy (SP). IEEE, pp 707\u2013723","DOI":"10.1109\/SP.2019.00031"},{"key":"1876_CR35","doi-asserted-by":"crossref","unstructured":"Wang J, Pun A, Tu J, Manivasagam S, Sadat A, Casas S, Ren M, Urtasun R (2021) Advsim: generating safety-critical scenarios for self-driving vehicles. In Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition. pp 9909\u20139918","DOI":"10.1109\/CVPR46437.2021.00978"},{"key":"1876_CR36","volume":"200","author":"AY Fatma","year":"2022","unstructured":"Fatma AY, Sibel B (2022) Data poisoning attacks against machine learning algorithms. Expert Syst Appl 200:117029","journal-title":"Expert Syst Appl"},{"key":"1876_CR37","first-page":"31474","volume":"35","author":"Z Yuhao","year":"2022","unstructured":"Yuhao Z, Aws A, Loris D (2022) Bagflip: a certified defense against data poisoning. Adv Neural Inf Process Syst 35:31474\u201331483","journal-title":"Adv Neural Inf Process Syst"}],"container-title":["Complex &amp; Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-025-01876-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s40747-025-01876-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s40747-025-01876-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,17]],"date-time":"2025-05-17T11:22:10Z","timestamp":1747480930000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s40747-025-01876-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,15]]},"references-count":37,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1876"],"URL":"https:\/\/doi.org\/10.1007\/s40747-025-01876-y","relation":{},"ISSN":["2199-4536","2198-6053"],"issn-type":[{"value":"2199-4536","type":"print"},{"value":"2198-6053","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,15]]},"assertion":[{"value":"19 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 March 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 April 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The author declares that he has no competing financial or non-financial interests that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"241"}}