{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T00:34:07Z","timestamp":1771893247929,"version":"3.50.1"},"reference-count":78,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T00:00:00Z","timestamp":1752710400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T00:00:00Z","timestamp":1752710400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"funder":[{"name":"the Key Program of Natural Science Fund of Tianjin","award":["21JCZDJC00130"],"award-info":[{"award-number":["21JCZDJC00130"]}]},{"DOI":"10.13039\/501100019062","name":"Tianjin Research Innovation Project for Postgraduate Students","doi-asserted-by":"crossref","award":["2022BKY037"],"award-info":[{"award-number":["2022BKY037"]}],"id":[{"id":"10.13039\/501100019062","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J. King Saud Univ. Comput. Inf. Sci."],"published-print":{"date-parts":[[2025,8]]},"DOI":"10.1007\/s44443-025-00115-1","type":"journal-article","created":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T16:48:00Z","timestamp":1752770880000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Attacks and countermeasures on federated learning via historical knowledge modeling"],"prefix":"10.1007","volume":"37","author":[{"given":"Songsong","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhengliang","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4797-3072","authenticated-orcid":false,"given":"Hang","family":"Gao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suying","family":"Gui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tiegang","family":"Gao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,7,17]]},"reference":[{"key":"115_CR1","doi-asserted-by":"crossref","unstructured":"Andreina S, Marson GA, M\u00f6llering H, Karame G (2021) Baffle: Backdoor detection via feedback-based federated learning. In: 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS). IEEE, pp 852\u2013863","DOI":"10.1109\/ICDCS51616.2021.00086"},{"key":"115_CR2","doi-asserted-by":"crossref","unstructured":"Awan S, Luo B, Li F (2021) Contra: Defending against poisoning attacks in federated learning. In: Computer Security\u2013ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4\u20138, 2021, Proceedings, Part I 26. Springer, pp 455\u2013475","DOI":"10.1007\/978-3-030-88418-5_22"},{"key":"115_CR3","unstructured":"Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V (2020) How to backdoor federated learning. In: International conference on artificial intelligence and statistics. PMLR, pp 2938\u20132948"},{"key":"115_CR4","doi-asserted-by":"publisher","unstructured":"Bao X, Su C, Xiong Y, Huang W, Hu Y (2019) Flchain: A blockchain for auditable federated learning with trust and incentive. In: 2019 5th International Conference on Big Data Computing and Communications (BIGCOM). IEEE, pp 151\u2013159. https:\/\/doi.org\/10.1109\/BIGCOM.2019.00030","DOI":"10.1109\/BIGCOM.2019.00030"},{"key":"115_CR5","doi-asserted-by":"publisher","unstructured":"Baruch G, Baruch M, Goldberg Y (2019) A little is enough: Circumventing defenses for distributed learning. Adv Neural Inf Process Syst 32. https:\/\/doi.org\/10.48550\/arXiv.1902.06156","DOI":"10.48550\/arXiv.1902.06156"},{"key":"115_CR6","unstructured":"Bhagoji AN, Chakraborty S, Mittal P, Calo S (2019) Analyzing federated learning through an adversarial lens. In: International conference on machine learning. PMLR, pp 634\u2013643"},{"key":"115_CR7","unstructured":"Blanchard P, El\u00a0Mhamdi EM, Guerraoui R, Stainer J (2017) Machine learning with adversaries: byzantine tolerant gradient descent. In: Proceedings of the 31st international conference on neural information processing systems. NIPS\u201917. Curran Associates Inc., Red Hook, NY, USA, pp 118\u2013128"},{"key":"115_CR8","doi-asserted-by":"crossref","unstructured":"Boenisch F, Dziedzic A, Schuster R, Shamsabadi AS, Shumailov I, Papernot N (2023) When the curious abandon honesty: federated learning is not private. In: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS &P). IEEE, pp 175\u2013199","DOI":"10.1109\/EuroSP57164.2023.00020"},{"key":"115_CR9","first-page":"374","volume":"1","author":"K Bonawitz","year":"2019","unstructured":"Bonawitz K, Eichner H, Grieskamp W, Huba D, Ingerman A, Ivanov V, Kiddon C, Kone\u010dn\u1ef3 J, Mazzocchi S, McMahan B et al (2019) Towards federated learning at scale: system design. Proc Mach Learn Syst 1:374\u2013388","journal-title":"Proc Mach Learn Syst"},{"issue":"14","key":"115_CR10","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1093\/bioinformatics\/btl242","volume":"22","author":"KM Borgwardt","year":"2006","unstructured":"Borgwardt KM, Gretton A, Rasch MJ, Kriegel H-P, Sch\u00f6lkopf B, Smola AJ (2006) Integrating structured biological data by Kernel maximum mean discrepancy. Bioinformatics 22(14):49\u201357. https:\/\/doi.org\/10.1093\/bioinformatics\/btl242","journal-title":"Bioinformatics"},{"key":"115_CR11","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2024.102420","volume":"109","author":"J Cai","year":"2024","unstructured":"Cai J, Shen W, Qin J (2024) Esvfl: Efficient and secure verifiable federated learning with privacy-preserving. Inf Fusion 109:102420. https:\/\/doi.org\/10.1016\/j.inffus.2024.102420","journal-title":"Inf Fusion"},{"key":"115_CR12","doi-asserted-by":"crossref","unstructured":"Cao X, Fang M, Liu J, Gong NZ (2020) Fltrust: Byzantine-robust federated learning via trust bootstrapping. arXiv:2012.13995","DOI":"10.14722\/ndss.2021.24434"},{"key":"115_CR13","doi-asserted-by":"publisher","unstructured":"Cao X, Gong NZ (2022) Mpaf: Model poisoning attacks to federated learning based on fake clients. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition, pp 3396\u20133404. https:\/\/doi.org\/10.48550\/arXiv.2203.08669","DOI":"10.48550\/arXiv.2203.08669"},{"key":"115_CR14","doi-asserted-by":"crossref","unstructured":"Cao X, Jia J, Zhang Z, Gong NZ (2023) Fedrecover: Recovering from poisoning attacks in federated learning using historical information. In: 2023 IEEE Symposium on Security and Privacy (SP). IEEE, pp 1366\u20131383","DOI":"10.1109\/SP46215.2023.10179336"},{"issue":"2","key":"115_CR15","doi-asserted-by":"publisher","first-page":"1070","DOI":"10.1109\/TNSE.2020.3002796","volume":"8","author":"Z Chen","year":"2021","unstructured":"Chen Z, Tian P, Liao W, Yu W (2021) Zero knowledge clustering based adversarial mitigation in heterogeneous federated learning. IEEE Trans Netw Sci Eng 8(2):1070\u20131083. https:\/\/doi.org\/10.1109\/TNSE.2020.3002796","journal-title":"IEEE Trans Netw Sci Eng"},{"key":"115_CR16","doi-asserted-by":"publisher","unstructured":"Dong Y, Chen X, Li K, Wang D, Zeng S (2021) Flod: Oblivious defender for private byzantine-robust federated learning with dishonest-majority. In: European symposium on research in computer security. Springer, pp 497\u2013518. https:\/\/doi.org\/10.1007\/978-3-030-88418-5_24","DOI":"10.1007\/978-3-030-88418-5_24"},{"key":"115_CR17","unstructured":"Fang M, Cao X, Jia J, Gong N (2020a) Local model poisoning attacks to $$\\{$$Byzantine-Robust$$\\}$$ federated learning. In: 29th USENIX Security Symposium (USENIX Security 20), pp 1605\u20131622"},{"key":"115_CR18","doi-asserted-by":"publisher","unstructured":"Fang M, Gong NZ, Liu J (2020b) Influence function based data poisoning attacks to top-n recommender systems. In: Proceedings of the web conference 2020, pp 3019\u20133025. https:\/\/doi.org\/10.1145\/3366423.3380072","DOI":"10.1145\/3366423.3380072"},{"key":"115_CR19","doi-asserted-by":"publisher","first-page":"103097","DOI":"10.1016\/j.cose.2023.103097","volume":"127","author":"O Friha","year":"2023","unstructured":"Friha O, Ferrag MA, Benbouzid M, Berghout T, Kantarci B, Choo K-KR (2023) 2df-ids: Decentralized and differentially private federated learning-based intrusion detection system for industrial iot. Comput Secur 127:103097. https:\/\/doi.org\/10.1016\/j.cose.2023.103097","journal-title":"Comput Secur"},{"key":"115_CR20","unstructured":"Fung C, Yoon CJ, Beschastnikh I (2020a) The limitations of federated learning in sybil settings. In: 23rd International symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp 301\u2013316"},{"key":"115_CR21","unstructured":"Fung C, Yoon CJM, Beschastnikh I (2020b) The limitations of federated learning in sybil settings. In: Recent advances in intrusion detection"},{"key":"115_CR22","doi-asserted-by":"publisher","unstructured":"Gabrielli E, Belli D, Miori V, Tolomei G (2023) Protecting federated learning from extreme model poisoning attacks via multidimensional time series anomaly detection. arXiv e-prints, 2303. https:\/\/doi.org\/10.48550\/arXiv.2303.16668","DOI":"10.48550\/arXiv.2303.16668"},{"key":"115_CR23","doi-asserted-by":"publisher","unstructured":"Gaikwad NS, Heublein L, Raichur NL, Feigl T, Mutschler C, Ott F (2024) Federated learning with mmd-based early stopping for adaptive gnss interference classification. arXiv:2410.15681. https:\/\/doi.org\/10.48550\/arXiv.2410.15681","DOI":"10.48550\/arXiv.2410.15681"},{"key":"115_CR24","doi-asserted-by":"publisher","DOI":"10.1109\/SPW59333.2023.00012","author":"T Gehlhar","year":"2023","unstructured":"Gehlhar T, Marx F, Schneider T, Suresh A, Wehrle T, Yalame H (2023) Safefl: Mpc-friendly framework for private and robust federated learning. Cryptology ePrint Archive. https:\/\/doi.org\/10.1109\/SPW59333.2023.00012","journal-title":"Cryptology ePrint Archive"},{"issue":"12","key":"115_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10846-005-9001-9","volume":"6","author":"A Gretton","year":"2005","unstructured":"Gretton A, Herbrich R, Smola A, Bousquet O, Sch\u00f6lkopf B, Hyv\u00e4rinen A (2005) Kernel methods for measuring independence. J Mach Learn Res 6(12):1. https:\/\/doi.org\/10.1007\/s10846-005-9001-9","journal-title":"J Mach Learn Res"},{"key":"115_CR26","doi-asserted-by":"publisher","unstructured":"Guerraoui R, Rouault S et\u00a0al (2018) The hidden vulnerability of distributed learning in byzantium. In: International conference on machine learning. PMLR, pp 3521\u20133530. https:\/\/doi.org\/10.48550\/arXiv.1802.07927","DOI":"10.48550\/arXiv.1802.07927"},{"key":"115_CR27","doi-asserted-by":"publisher","unstructured":"Gupta A, Luo T, Ngo MV, Das SK (2022) Long-short history of gradients is all you need: Detecting malicious and unreliable clients in federated learning. In: European symposium on research in computer security. Springer, pp 445\u2013465. https:\/\/doi.org\/10.1007\/978-3-031-17143-7_22","DOI":"10.1007\/978-3-031-17143-7_22"},{"key":"115_CR28","doi-asserted-by":"publisher","unstructured":"Hsu T-MH, Qi H, Brown M (2019) Measuring the effects of non-identical data distribution for federated visual classification. arXiv:1909.06335. https:\/\/doi.org\/10.48550\/arXiv.1909.06335","DOI":"10.48550\/arXiv.1909.06335"},{"key":"115_CR29","doi-asserted-by":"publisher","first-page":"121463","DOI":"10.1016\/j.eswa.2023.121463","volume":"237","author":"K Hu","year":"2024","unstructured":"Hu K, Li Y, Zhang S, Wu J, Gong S, Jiang S, Weng L (2024) Fedmmd: A federated weighting algorithm considering non-iid and local model deviation. Expert Syst Appl 237:121463. https:\/\/doi.org\/10.1016\/j.eswa.2023.121463","journal-title":"Expert Syst Appl"},{"key":"115_CR30","unstructured":"Jebreel NM, Domingo-Ferrer J, S\u00e1nchez D, Blanco-Justicia A (2022) Defending against the label-flipping attack in federated learning. arXiv:2207.01982"},{"key":"115_CR31","doi-asserted-by":"crossref","unstructured":"Joshi S, Owens JA, Shah S, Munasinghe T (2021) Analysis of preprocessing techniques, keras tuner, and transfer learning on cloud street image data. In: 2021 IEEE International Conference on Big Data (Big Data). IEEE, pp 4165\u20134168","DOI":"10.1109\/BigData52589.2021.9671878"},{"key":"115_CR32","unstructured":"Karimireddy SP, Kale S, Mohri M, Reddi S, Stich S, Suresh AT (2020) Scaffold: Stochastic controlled averaging for federated learning. In: International conference on machine learning. PMLR, pp 5132\u20135143"},{"key":"115_CR33","doi-asserted-by":"publisher","unstructured":"Khan MA, Shejwalkar V, Houmansadr A, Anwar FM (2023) On the pitfalls of security evaluation of robust federated learning. In: 2023 IEEE Security and Privacy Workshops (SPW). IEEE, pp 57\u201368. https:\/\/doi.org\/10.1109\/SPW59333.2023.00011","DOI":"10.1109\/SPW59333.2023.00011"},{"key":"115_CR34","unstructured":"Krizhevsky A, Hinton G (2009) Learning multiple layers of features from tiny images"},{"issue":"11","key":"115_CR35","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278\u20132324. https:\/\/doi.org\/10.1109\/5.726791","journal-title":"Proc IEEE"},{"key":"115_CR36","doi-asserted-by":"crossref","unstructured":"Li W, Chen J, Wang Z, Shen Z, Ma C, Cui X (2022) Ifl-gan: Improved federated learning generative adversarial network with maximum mean discrepancy model aggregation. IEEE Trans Neural Netw Learn Syst","DOI":"10.1109\/TNNLS.2022.3167482"},{"issue":"1","key":"115_CR37","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1109\/MNET.011.2000263","volume":"35","author":"Y Li","year":"2021","unstructured":"Li Y, Chen C, Liu N, Huang H, Zheng Z, Yan Q (2021) A blockchain-based decentralized federated learning framework with committee consensus. IEEE Netw 35(1):234\u2013241. https:\/\/doi.org\/10.1109\/MNET.011.2000263","journal-title":"IEEE Netw"},{"key":"115_CR38","doi-asserted-by":"crossref","unstructured":"Liu S, Li Z, Sun Q, Chen L, Zhang X, Duan L (2023) Flow: A robust federated learning framework to defend against model poisoning attacks in iots. IEEE Internet Things J","DOI":"10.1109\/JIOT.2023.3341811"},{"issue":"1","key":"115_CR39","first-page":"10320","volume":"22","author":"Y Liu","year":"2021","unstructured":"Liu Y, Fan T, Chen T, Xu Q, Yang Q (2021) Fate: An industrial grade platform for collaborative learning with data protection. J Mach Learn Res 22(1):10320\u201310325","journal-title":"J Mach Learn Res"},{"key":"115_CR40","doi-asserted-by":"publisher","first-page":"102584","DOI":"10.1016\/j.inffus.2024.102584","volume":"112","author":"J Liu","year":"2024","unstructured":"Liu J, Yang N, Lee Y, Huang W, Du Y, Li T, Zhang P (2024) Feddaf: Federated deep attention fusion for dangerous driving behavior detection. Inf Fusion 112:102584. https:\/\/doi.org\/10.1016\/j.inffus.2024.102584","journal-title":"Inf Fusion"},{"key":"115_CR41","doi-asserted-by":"publisher","unstructured":"Lu Y, Fan L (2020) An efficient and robust aggregation algorithm for learning federated cnn. In: Proceedings of the 2020 3rd International Conference on Signal Processing and Machine Learning. SPML \u201920. Association for Computing Machinery, New York, NY, USA, pp 1\u20137. https:\/\/doi.org\/10.1145\/3432291.3432303","DOI":"10.1145\/3432291.3432303"},{"issue":"4","key":"115_CR42","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1109\/TPDS.2023.3240767","volume":"34","author":"R Lu","year":"2023","unstructured":"Lu R, Zhang W, Wang Y, Li Q, Zhong X, Yang H, Wang D (2023) Auction-based cluster federated learning in mobile edge computing systems. IEEE Trans Parallel Distrib Syst 34(4):1145\u20131158. https:\/\/doi.org\/10.1109\/TPDS.2023.3240767","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"115_CR43","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/TIFS.2022.3169918","volume":"17","author":"Z Ma","year":"2022","unstructured":"Ma Z, Ma J, Miao Y, Li Y, Deng RH (2022) Shieldfl: Mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Trans Inf Forensics Secur 17:1639\u20131654","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"115_CR44","doi-asserted-by":"publisher","unstructured":"Mao Y, Yuan X, Zhao X, Zhong S (2021) Romoa: Ro bust mo del a ggregation for the resistance of federated learning to model poisoning attacks. In: Computer Security\u2013ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4\u20138, 2021, Proceedings, Part I 26, pp 476\u2013496. https:\/\/doi.org\/10.1007\/978-3-030-88418-5_23. Springer","DOI":"10.1007\/978-3-030-88418-5_23"},{"key":"115_CR45","doi-asserted-by":"publisher","unstructured":"McMahan B, Moore E, Ramage D, Hampson S, Arcas BA (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics. PMLR, pp 1273\u20131282. https:\/\/doi.org\/10.48550\/arXiv.1602.05629","DOI":"10.48550\/arXiv.1602.05629"},{"key":"115_CR46","doi-asserted-by":"publisher","unstructured":"Miao J, Yang Z, Fan L, Yang Y (2023) Fedseg: Class-heterogeneous federated learning for semantic segmentation. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp 8042\u20138052. https:\/\/doi.org\/10.1109\/CVPR52729.2023.00777","DOI":"10.1109\/CVPR52729.2023.00777"},{"key":"115_CR47","unstructured":"Mozaffari H, Shejwalkar V, Houmansadr A (2023) Every vote counts: Ranking-based training of federated learning to resist poisoning attacks. In: 32nd USENIX Security Symposium (USENIX Security 23)"},{"key":"115_CR48","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3451359","author":"X Mu","year":"2024","unstructured":"Mu X, Cheng K, Liu T, Zhang T, Geng X, Shen Y (2024) Fedpta: Prior-based tensor approximation for detecting malicious clients in federated learning. IEEE Trans Inf Forensics Secur. https:\/\/doi.org\/10.1109\/TIFS.2024.3451359","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"115_CR49","doi-asserted-by":"publisher","unstructured":"Nguyen TD, Rieger P, De\u00a0Viti R, Chen H, Brandenburg BB, Yalame H, M\u00f6llering H, Fereidooni H, Marchal S, Miettinen M, et\u00a0al (2022) Flame: Taming backdoors in federated learning. In: 31st USENIX Security Symposium (USENIX Security 22), pp 1415\u20131432. https:\/\/doi.org\/10.48550\/arXiv.2101.02281","DOI":"10.48550\/arXiv.2101.02281"},{"key":"115_CR50","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3345171","author":"K \u00d6zfatura","year":"2023","unstructured":"\u00d6zfatura K, \u00d6zfatura E, K\u00fcp\u00e7\u00fc A, G\u00fcnd\u00fcz D (2023) Byzantines can also learn from history: fall of centered clipping in federated learning. IEEE Trans Inf Forensics Secur. https:\/\/doi.org\/10.1109\/TIFS.2023.3345171","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"115_CR51","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1007\/978-3-540-87481-2_36","volume":"8","author":"SJ Pan","year":"2008","unstructured":"Pan SJ, Kwok JT, Yang Q et al (2008) Transfer learning via dimensionality reduction. AAAI 8:677\u2013682. https:\/\/doi.org\/10.1007\/978-3-540-87481-2_36","journal-title":"AAAI"},{"key":"115_CR52","doi-asserted-by":"publisher","first-page":"1142","DOI":"10.1109\/TSP.2022.3153135","volume":"70","author":"K Pillutla","year":"2022","unstructured":"Pillutla K, Kakade SM, Harchaoui Z (2022) Robust aggregation for federated learning. IEEE Trans Signal Process 70:1142\u20131154. https:\/\/doi.org\/10.1109\/TSP.2022.3153135","journal-title":"IEEE Trans Signal Process"},{"key":"115_CR53","first-page":"129","volume":"24","author":"X Qiu","year":"2023","unstructured":"Qiu X, Parcollet T, Fernandez-Marques J, Gusmao PP, Gao Y, Beutel DJ, Topal T, Mathur A, Lane ND (2023) A first look into the carbon footprint of federated learning. J Mach Learn Res 24:129\u20131","journal-title":"J Mach Learn Res"},{"key":"115_CR54","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/0377-0427(87)90125-7","volume":"20","author":"PJ Rousseeuw","year":"1987","unstructured":"Rousseeuw PJ (1987) Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J Comput Appl Math 20:53\u201365. https:\/\/doi.org\/10.1016\/0377-0427(87)90125-7","journal-title":"J Comput Appl Math"},{"key":"115_CR55","doi-asserted-by":"publisher","unstructured":"Roy\u00a0Chowdhury A, Guo C, Jha S, Maaten L (2022) Eiffel: Ensuring integrity for federated learning. In: Proceedings of the 2022 ACM SIGSAC conference on computer and communications security, pp 2535\u20132549. https:\/\/doi.org\/10.48550\/arXiv.2112.12727","DOI":"10.48550\/arXiv.2112.12727"},{"key":"115_CR56","unstructured":"Ruder S (2016) An overview of gradient descent optimization algorithms. arXiv:1609.04747"},{"key":"115_CR57","doi-asserted-by":"publisher","first-page":"102074","DOI":"10.1016\/j.inffus.2023.102074","volume":"102","author":"MM Salim","year":"2024","unstructured":"Salim MM, Azzaoui AE, Deng X, Park JH (2024) Fl-ctif: A federated learning based cti framework based on information fusion for secure iiot. Inf Fusion 102:102074. https:\/\/doi.org\/10.1016\/j.inffus.2023.102074","journal-title":"Inf Fusion"},{"issue":"194","key":"115_CR58","first-page":"1","volume":"24","author":"A Schrab","year":"2023","unstructured":"Schrab A, Kim I, Albert M, Laurent B, Guedj B, Gretton A (2023) Mmd aggregated two-sample test. J Mach Learn Res 24(194):1\u201381","journal-title":"J Mach Learn Res"},{"key":"115_CR59","doi-asserted-by":"publisher","unstructured":"Shejwalkar V, Houmansadr A, Kairouz P, Ramage D (2022) Back to the drawing board: A critical evaluation of poisoning attacks on production federated learning. In: 2022 IEEE Symposium on Security and Privacy (SP). IEEE, pp 1354\u20131371. https:\/\/doi.org\/10.48550\/arXiv.2108.10241","DOI":"10.48550\/arXiv.2108.10241"},{"key":"115_CR60","doi-asserted-by":"publisher","unstructured":"Shejwalkar V, Houmansadr A (2021) Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning. In: NDSS Symposium 2021. https:\/\/doi.org\/10.14722\/ndss.2021.24498, https:\/\/www.ndss-symposium.org\/","DOI":"10.14722\/ndss.2021.24498"},{"key":"115_CR61","doi-asserted-by":"publisher","unstructured":"Steinhardt J, Koh PWW, Liang PS (2017) Certified defenses for data poisoning attacks. Adv Neural Inf Process Syst 30. https:\/\/doi.org\/10.48550\/arXiv.1706.03691","DOI":"10.48550\/arXiv.1706.03691"},{"issue":"5","key":"115_CR62","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/app12052405","volume":"12","author":"G Stewart","year":"2022","unstructured":"Stewart G, Al-Khassaweneh M (2022) An implementation of the hdbscan* clustering algorithm. Appl Sci 12(5):1. https:\/\/doi.org\/10.3390\/app12052405","journal-title":"Appl Sci"},{"issue":"2","key":"115_CR63","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1111\/1467-9868.00293","volume":"63","author":"R Tibshirani","year":"2002","unstructured":"Tibshirani R, Walther G, Hastie T (2002) Estimating the number of clusters in a data set via the gap statistic. J R Stat Soc Ser B Stat Methodol 63(2):411\u2013423. https:\/\/doi.org\/10.1111\/1467-9868.00293","journal-title":"J R Stat Soc Ser B Stat Methodol"},{"key":"115_CR64","unstructured":"Tolstikhin IO, Sriperumbudur BK, Sch\u00f6lkopf B (2016) Minimax estimation of maximum mean discrepancy with radial kernels. Adv Neural Inf Process Syst 29"},{"key":"115_CR65","doi-asserted-by":"crossref","unstructured":"Wang N, Xiao Y, Chen Y, Hu Y, Lou W, Hou YT (2022) Flare: defending federated learning against model poisoning attacks via latent space representations. In: Proceedings of the 2022 ACM on asia conference on computer and communications security, pp 946\u2013958","DOI":"10.1145\/3488932.3517395"},{"issue":"1","key":"115_CR66","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1103\/RevModPhys.78.275","volume":"78","author":"A Wei\u00dfe","year":"2006","unstructured":"Wei\u00dfe A, Wellein G, Alvermann A, Fehske H (2006) The kernel polynomial method. Rev Mod Phys 78(1):275\u2013306","journal-title":"Rev Mod Phys"},{"issue":"2","key":"115_CR67","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/MNET.001.1900153","volume":"34","author":"B Wu","year":"2020","unstructured":"Wu B, Xu K, Li Q, Ren S, Liu Z, Zhang Z (2020) Toward blockchain-powered trusted collaborative services for edge-centric networks. IEEE Netw 34(2):30\u201336. https:\/\/doi.org\/10.1109\/MNET.001.1900153","journal-title":"IEEE Netw"},{"key":"115_CR68","doi-asserted-by":"publisher","unstructured":"Xia G, Chen J, Huang X, Yu C, Zhang Z (2023) Fl-ptd: A privacy preserving defense strategy against poisoning attacks in federated learning. In: 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC). IEEE, pp 735\u2013740. https:\/\/doi.org\/10.1109\/COMPSAC57700.2023.00101","DOI":"10.1109\/COMPSAC57700.2023.00101"},{"key":"115_CR69","unstructured":"Xiao H, Rasul K, Vollgraf R (2017) Fashion-mnist: A novel image dataset for benchmarking machine learning algorithms. arXiv:1708.07747"},{"key":"115_CR70","unstructured":"Xie Y, Zhang W, Pi R, Wu F, Chen Q, Xie X, Kim S (2022) Optimizing server-side aggregation for robust federated learning via subspace training. arXiv:2211.05554"},{"key":"115_CR71","doi-asserted-by":"publisher","unstructured":"Xu J, Huang S-L, Song L, Lan T (2021) Signguard: Byzantine-robust federated learning through collaborative malicious gradient filtering. arXiv:2109.05872. https:\/\/doi.org\/10.48550\/arXiv.2109.05872","DOI":"10.48550\/arXiv.2109.05872"},{"issue":"12","key":"115_CR72","doi-asserted-by":"publisher","first-page":"4835","DOI":"10.1109\/TPDS.2022.3205714","volume":"33","author":"C Xu","year":"2022","unstructured":"Xu C, Jia Y, Zhu L, Zhang C, Jin G, Sharif K (2022) Tdfl: Truth discovery based byzantine robust federated learning. IEEE Trans Parallel Distrib Syst 33(12):4835\u20134848. https:\/\/doi.org\/10.1109\/TPDS.2022.3205714","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"115_CR73","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1016\/j.ins.2023.02.025","volume":"630","author":"M Yang","year":"2023","unstructured":"Yang M, Cheng H, Chen F, Liu X, Wang M, Li X (2023) Model poisoning attack in differential privacy-based federated learning. Inf Sci 630:158\u2013172. https:\/\/doi.org\/10.1016\/j.ins.2023.02.025","journal-title":"Inf Sci"},{"key":"115_CR74","doi-asserted-by":"publisher","unstructured":"Yin D, Chen Y, Kannan R, Bartlett P (2018) Byzantine-robust distributed learning: towards optimal statistical rates. In: International conference on machine learning. PMLR, pp 5650\u20135659. https:\/\/doi.org\/10.48550\/arXiv.1803.01498","DOI":"10.48550\/arXiv.1803.01498"},{"key":"115_CR75","doi-asserted-by":"crossref","unstructured":"Yu Y, Liu Q, Wu L, Yu R, Yu SL, Zhang Z (2023) Untargeted attack against federated recommendation systems via poisonous item embeddings and the defense. In: Proceedings of the AAAI conference on artificial intelligence vol 37, pp 4854\u20134863","DOI":"10.1609\/aaai.v37i4.25611"},{"key":"115_CR76","doi-asserted-by":"publisher","unstructured":"Zhang Z, Cao X, Jia J, Gong NZ (2022) Fldetector: Defending federated learning against model poisoning attacks via detecting malicious clients. In: Proceedings of the 28th ACM SIGKDD conference on knowledge discovery and data mining, pp 2545\u20132555. https:\/\/doi.org\/10.1145\/3534678.3539231","DOI":"10.1145\/3534678.3539231"},{"key":"115_CR77","doi-asserted-by":"crossref","unstructured":"Zhang H, Yao Z, Zhang LY, Hu S, Chen C, Liew A, Li Z (2023a) Denial-of-service or fine-grained control: Towards flexible model poisoning attacks on federated learning. arXiv:2304.10783","DOI":"10.24963\/ijcai.2023\/508"},{"key":"115_CR78","doi-asserted-by":"crossref","unstructured":"Zhang X, Zhang H, Zhang G, Li H, Yu D, Cheng X, Hu P (2023b) Model poisoning attack on neural network without reference data. IEEE Trans Comput","DOI":"10.1109\/TC.2023.3280133"}],"container-title":["Journal of King Saud University Computer and Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s44443-025-00115-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s44443-025-00115-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s44443-025-00115-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T13:33:33Z","timestamp":1757252013000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s44443-025-00115-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,17]]},"references-count":78,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["115"],"URL":"https:\/\/doi.org\/10.1007\/s44443-025-00115-1","relation":{},"ISSN":["1319-1578","2213-1248"],"issn-type":[{"value":"1319-1578","type":"print"},{"value":"2213-1248","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,17]]},"assertion":[{"value":"20 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 June 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 July 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"116"}}