{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T14:12:50Z","timestamp":1780495970519,"version":"3.54.1"},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,2,24]],"date-time":"2025-02-24T00:00:00Z","timestamp":1740355200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,2,24]],"date-time":"2025-02-24T00:00:00Z","timestamp":1740355200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Discov Internet Things"],"DOI":"10.1007\/s43926-025-00108-6","type":"journal-article","created":{"date-parts":[[2025,2,24]],"date-time":"2025-02-24T06:51:55Z","timestamp":1740379915000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Securing federated learning: a defense strategy against targeted data poisoning attack"],"prefix":"10.1007","volume":"5","author":[{"given":"Ansam","family":"Khraisat","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ammar","family":"Alazab","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Moutaz","family":"Alazab","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tony","family":"Jan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sarabjot","family":"Singh","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Md. Ashraf","family":"Uddin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,2,24]]},"reference":[{"key":"108_CR1","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1016\/j.comcom.2022.09.012","volume":"195","author":"S Agrawal","year":"2022","unstructured":"Agrawal S, Sarkar S, Aouedi O, Yenduri G, Piamrat K, Alazab M, Bhattacharya S, Maddikunta PKR, Gadekallu TR. Federated learning for intrusion detection system: concepts, challenges and future directions. Comput Commun. 2022;195:346\u201361.","journal-title":"Comput Commun"},{"key":"108_CR2","doi-asserted-by":"crossref","unstructured":"Nguyen TD, Rieger P, Miettinen M, Sadeghi A-R. Poisoning attacks on federated learning-based iot intrusion detection system. In: Proc. workshop decentralized IoT syst. secur. (DISS), 2020. pp. 1\u20137.","DOI":"10.14722\/diss.2020.23003"},{"key":"108_CR3","doi-asserted-by":"publisher","first-page":"10708","DOI":"10.1109\/ACCESS.2023.3238823","volume":"11","author":"G Xia","year":"2023","unstructured":"Xia G, Chen J, Yu C, Ma J. Poisoning attacks in federated learning: a survey. IEEE Access. 2023;11:10708\u201322.","journal-title":"IEEE Access."},{"key":"108_CR4","unstructured":"Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V. How to backdoor federated learning. In: International conference on artificial intelligence and statistics. Cambridge: PMLR; 2020. pp. 2938\u201348."},{"key":"108_CR5","doi-asserted-by":"crossref","unstructured":"Tolpegin V, Truex S, Gursoy ME, Liu L. Data poisoning attacks against federated learning systems. In: Computer security\u2013ESORICS 2020: 25th European symposium on research in computer security, ESORICS 2020, Guildford, UK, September 14\u201318, 2020, Proceedings, Part I 25. Berlin: Springer; 2020. pp. 480\u2013501.","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"108_CR6","unstructured":"Biggio B, Nelson B, Laskov P. Support vector machines under adversarial label noise. In: Asian conference on machine learning. 2011. pp. 97\u2013112."},{"key":"108_CR7","unstructured":"Steinhardt J, Koh PWW, Liang PS. Certified defenses for data poisoning attacks. In: NeurIPS. 2017. pp. 3517\u201329."},{"key":"108_CR8","doi-asserted-by":"crossref","unstructured":"Xiao H, Xiao H, Eckert C. Adversarial label flips attack on support vector machines. In: ECAI. 2012. pp. 870\u20135.","DOI":"10.3233\/978-1-61499-098-7-870"},{"key":"108_CR9","unstructured":"Xiao H, Rasul K, Vollgraf R. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747. 2017."},{"issue":"16","key":"108_CR10","doi-asserted-by":"publisher","first-page":"3382","DOI":"10.3390\/electronics12163382","volume":"12","author":"A Alazab","year":"2023","unstructured":"Alazab A, Khraisat A, Singh S, Jan T. Enhancing privacy-preserving intrusion detection through federated learning. Electronics. 2023;12(16):3382.","journal-title":"Electronics."},{"key":"108_CR11","doi-asserted-by":"crossref","unstructured":"Shejwalkar V, Houmansadr A, Kairouz P, Ramage D. Back to the drawing board: a critical evaluation of poisoning attacks on production federated learning. In: 2022 IEEE symposium on security and privacy (SP). New York: IEEE; 2022. pp. 1354\u201371.","DOI":"10.1109\/SP46214.2022.9833647"},{"key":"108_CR12","doi-asserted-by":"crossref","unstructured":"Cao D, Chang S, Lin Z, Liu G, Sun D. Understanding distributed poisoning attack in federated learning. In: 2019 IEEE 25th International conference on parallel and distributed systems (ICPADS). New York: IEEE; 2019. pp. 233\u20139.","DOI":"10.1109\/ICPADS47876.2019.00042"},{"issue":"1","key":"108_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3687124","volume":"57","author":"A Khraisat","year":"2024","unstructured":"Khraisat A, Alazab A, Singh S, Jan T Jr, Gomez A. Survey on federated learning for intrusion detection system: concept, architectures, aggregation strategies, challenges, and future directions. ACM Comput Surv. 2024;57(1):1\u201338.","journal-title":"ACM Comput Surv"},{"key":"108_CR14","unstructured":"Fang M, Cao X, Jia J, Gong N. Local model poisoning attacks to $$\\{$$Byzantine-Robust$$\\}$$ federated learning. In: 29th USENIX security symposium (USENIX Security 20). 2020. pp. 1605\u201322."},{"key":"108_CR15","doi-asserted-by":"crossref","unstructured":"Guo Z, Zhang Y, Zhang Z, Xu, Z, King I. Fedhlt: Efficient federated low-rank adaption with hierarchical language tree for multilingual modeling. In: Companion proceedings of the ACM on web conference 2024. 2024. pp. 1558\u201367.","DOI":"10.1145\/3589335.3651933"},{"issue":"3","key":"108_CR16","doi-asserted-by":"publisher","first-page":"1861","DOI":"10.1109\/COMST.2024.3361451","volume":"26","author":"Y Wan","year":"2024","unstructured":"Wan Y, Qu Y, Ni W, Xiang Y, Gao L, Hossain E. Data and model poisoning backdoor attacks on wireless federated learning, and the defense mechanisms: a comprehensive survey. IEEE Commun Surv Tutor. 2024;26(3):1861\u201397.","journal-title":"IEEE Commun Surv Tutor"},{"key":"108_CR17","unstructured":"Blanchard P, El Mhamdi EM, Guerraoui R. Stainer J. Machine learning with adversaries: byzantine tolerant gradient descent. In: Advances in neural information processing systems, vol. 30. 2017."},{"key":"108_CR18","doi-asserted-by":"crossref","unstructured":"Mei S, Zhu X. Using machine teaching to identify optimal training-set attacks on machine learners. In: Proceedings of the AAAI conference on artificial intelligence, vol. 29. 2015.","DOI":"10.1609\/aaai.v29i1.9569"},{"key":"108_CR19","unstructured":"Suya F, Mahloujifar S, Suri A, Evans D, Tian Y. Model-targeted poisoning attacks with provable convergence. In: International conference on machine learning. Cambridge: PMLR; 2021. pp. 10000\u201310."},{"issue":"1\u20132","key":"108_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1561\/2200000083","volume":"14","author":"P Kairouz","year":"2021","unstructured":"Kairouz P, McMahan HB, Avent B, Bellet A, Bennis M, Bhagoji AN, Bonawitz K, Charles Z, Cormode G, Cummings R. Advances and open problems in federated learning. Found Trends Mach Learn. 2021;14(1\u20132):1\u2013210.","journal-title":"Found Trends Mach Learn."},{"key":"108_CR21","unstructured":"Lin J, Dang L, Rahouti M, Xiong K. Ml attack models: adversarial attacks and data poisoning attacks. arXiv preprint arXiv:2112.02797. 2021."},{"key":"108_CR22","doi-asserted-by":"crossref","unstructured":"Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A. Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security. 2017. pp. 506\u201319.","DOI":"10.1145\/3052973.3053009"},{"issue":"3","key":"108_CR23","first-page":"58","volume":"11","author":"D Namiot","year":"2023","unstructured":"Namiot D. Introduction to data poison attacks on machine learning models. Int J Open Inf Technol. 2023;11(3):58\u201368.","journal-title":"Int J Open Inf Technol"},{"key":"108_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-021-00077-7","volume":"4","author":"A Khraisat","year":"2021","unstructured":"Khraisat A, Alazab A. A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges. Cybersecurity. 2021;4:1\u201327.","journal-title":"Cybersecurity."},{"key":"108_CR25","doi-asserted-by":"crossref","unstructured":"Cao X, Jia J, Zhang Z, Gong NZ. Fedrecover: recovering from poisoning attacks in federated learning using historical information. In: 2023 IEEE symposium on security and privacy (SP). New York: IEEE; 2023. pp. 1366\u201383.","DOI":"10.1109\/SP46215.2023.10179336"},{"key":"108_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.121192","volume":"235","author":"H Kasyap","year":"2024","unstructured":"Kasyap H, Tripathy S. Beyond data poisoning in federated learning. Expert Syst Appl. 2024;235: 121192.","journal-title":"Expert Syst Appl"},{"key":"108_CR27","unstructured":"Yuan W, Yang C, Qu L, Ye G, Nguyen QVH, Yin H. Robust federated contrastive recommender system against model poisoning attack. arXiv preprint arXiv:2403.20107. 2024."},{"issue":"1","key":"108_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3677328","volume":"57","author":"TT Nguyen","year":"2024","unstructured":"Nguyen TT, Hung Quoc Viet N, Nguyen TT, Huynh TT, Nguyen TT, Weidlich M, Yin H. Manipulating recommender systems: a survey of poisoning attacks and countermeasures. ACM Comput Surv. 2024;57(1):1\u201339.","journal-title":"ACM Comput Surv."},{"key":"108_CR29","doi-asserted-by":"crossref","unstructured":"Yang S, Wang C, Xu X, Zhu L, Yao L. Attacking visually-aware recommender systems with transferable and imperceptible adversarial styles. In: Proceedings of the 33rd ACM international conference on information and knowledge managements. 2024. pp. 2900\u20139.","DOI":"10.1145\/3627673.3679828"},{"issue":"11","key":"108_CR30","doi-asserted-by":"publisher","first-page":"2524","DOI":"10.1109\/TPDS.2020.2996273","volume":"31","author":"L Lyu","year":"2020","unstructured":"Lyu L, Yu J, Nandakumar K, Li Y, Ma X, Jin J, Yu H, Ng KS. Towards fair and privacy-preserving federated deep models. IEEE Trans Parallel Distrib Syst. 2020;31(11):2524\u201341.","journal-title":"IEEE Trans Parallel Distrib Syst."},{"key":"108_CR31","unstructured":"Paszke A, Gross S, Massa F, Lerer A, Bradbury J, Chanan G, Killeen T, Lin Z, Gimelshein N, Antiga L. Pytorch: an imperative style, high-performance deep learning library. In: NeurIPS. 2019. pp. 8024\u201335."}],"container-title":["Discover Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s43926-025-00108-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s43926-025-00108-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s43926-025-00108-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,24]],"date-time":"2025-02-24T18:32:38Z","timestamp":1740421958000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s43926-025-00108-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,24]]},"references-count":31,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["108"],"URL":"https:\/\/doi.org\/10.1007\/s43926-025-00108-6","relation":{},"ISSN":["2730-7239"],"issn-type":[{"value":"2730-7239","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,24]]},"assertion":[{"value":"26 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 February 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 February 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"16"}}