{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T19:16:18Z","timestamp":1778267778309,"version":"3.51.4"},"reference-count":88,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/access.2023.3238823","type":"journal-article","created":{"date-parts":[[2023,1,23]],"date-time":"2023-01-23T19:38:54Z","timestamp":1674502734000},"page":"10708-10722","source":"Crossref","is-referenced-by-count":152,"title":["Poisoning Attacks in Federated Learning: A Survey"],"prefix":"10.1109","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5884-5696","authenticated-orcid":false,"given":"Geming","family":"Xia","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, National University of Defense Technology, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4280-8748","authenticated-orcid":false,"given":"Jian","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, National University of Defense Technology, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7407-1579","authenticated-orcid":false,"given":"Chaodong","family":"Yu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, National University of Defense Technology, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3794-9434","authenticated-orcid":false,"given":"Jun","family":"Ma","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, National University of Defense Technology, Changsha, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1038\/s41746-020-00376-2"},{"key":"ref2","article-title":"Language models are few-shot learners","author":"Brown","year":"2020","journal-title":"arXiv:2005.14165"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2017.12.020"},{"key":"ref4","first-page":"191","article-title":"Health insurance portability and accountability act of 1996","volume":"104","author":"Act","year":"1996","journal-title":"Public Law"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57959-7"},{"key":"ref6","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. Conf. Artif. Intell. Statist.","volume":"54","author":"McMahan"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1561\/2200000083"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3075203"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2020.2986024"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63076-8_1"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.10.007"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC51071.2022.9771619"},{"key":"ref13","article-title":"Federated learning: Opportunities and challenges","author":"Mammen","year":"2021","journal-title":"arXiv:2101.05428"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-022-01664-x"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/tnnls.2022.3216981"},{"key":"ref16","first-page":"1","article-title":"Label inference attacks against vertical federated learning","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Fu"},{"key":"ref17","first-page":"16937","article-title":"Inverting gradients\u2014How easy is it to break privacy in federated learning?","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Geiping"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63076-8_2"},{"key":"ref19","article-title":"IDLG: Improved deep leakage from gradients","author":"Zhao","year":"2020","journal-title":"arXiv:2001.02610"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3411501.3419428"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/MCE.2019.2959108"},{"key":"ref22","article-title":"Poisoning attacks against support vector machines","author":"Biggio","year":"2012","journal-title":"arXiv:1206.6389"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833647"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN55064.2022.9891990"},{"key":"ref25","first-page":"6106","article-title":"Poison frogs! Targeted clean-label poisoning attacks on neural networks","volume-title":"Proc. 32nd Int. Neural Inf. Process. Syst.","author":"Shafahi"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3023126"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE53745.2022.00243"},{"key":"ref28","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"Proc. 36th Int. Conf. Mach. Learn.","volume":"97","author":"Bhagoji"},{"key":"ref29","article-title":"Can you really backdoor federated learning?","author":"Sun","year":"2019","journal-title":"arXiv:1911.07963"},{"key":"ref30","first-page":"2938","article-title":"How to backdoor federated learning","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","volume":"108","author":"Bagdasaryan"},{"key":"ref31","first-page":"1","article-title":"DBA: Distributed backdoor attacks against federated learning","volume-title":"Proc. Int. Conf. Learn. Represent.","author":"Xie"},{"key":"ref32","first-page":"1","article-title":"Learning to attack federated learning: A model-based reinforcement learning attack framework","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Li"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.3390\/fi13030073"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/MSN53354.2021.00038"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW56347.2022.00383"},{"key":"ref36","article-title":"Learning to detect malicious clients for robust federated learning","author":"Li","year":"2020","journal-title":"arXiv:2002.00211"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-88418-5_23"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3169918"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24498"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24434"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3534678.3539231"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-88418-5_22"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/jiot.2021.3081606"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-9739-8_7"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/DSA52907.2021.00081"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3135422"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/TPSISA52974.2021.00017"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2021.3090771"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2021.3132954"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3108434"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICPADS47876.2019.00042"},{"key":"ref53","article-title":"Mitigating sybils in federated learning poisoning","author":"Fung","year":"2018","journal-title":"arXiv:1808.04866"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2021.3118347"},{"key":"ref55","first-page":"1605","article-title":"Local model poisoning attacks to Byzantine-robust federated learning","volume-title":"Proc. USENIX Secur.","author":"Fang"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS51616.2021.00086"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65745-1_12"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.011.2000379"},{"key":"ref59","article-title":"Untargeted poisoning attack detection in federated learning via behavior attestation","author":"Mallah","year":"2021","journal-title":"arXiv:2101.10904"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI50451.2021.9659839"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.001.1900119"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.01.1900525"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3212174"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1811.09904"},{"key":"ref65","first-page":"7587","article-title":"SparseFed: Mitigating model poisoning attacks in federated learning with sparsification","volume-title":"Proc. 25th Int. Conf. Artif. Intell. Statist.","author":"Panda"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23054"},{"key":"ref67","first-page":"3521","article-title":"The hidden vulnerability of distributed learning in Byzantium","volume-title":"Proc. 35th Int. Conf. Mach. Learn.","author":"Guerraoui"},{"key":"ref68","article-title":"Robust aggregation for federated learning","author":"Pillutla","year":"2019","journal-title":"arXiv:1912.13445"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.02.037"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2022.3156645"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-38991-8_39"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5906"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC49032.2021.9369581"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.3390\/app12199901"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3369583.3392686"},{"key":"ref76","article-title":"Oort: Efficient federated learning via guided participant selection","author":"Lai","year":"2020","journal-title":"arXiv:2010.06081"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3128646"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-86890-1_3"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3030072"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.14722\/diss.2020.23003"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"ref82","first-page":"493","article-title":"BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning","volume-title":"Proc. Annu. Tech. Conf.","author":"Zhang"},{"key":"ref83","article-title":"Protection against reconstruction and its applications in private federated learning","author":"Bhowmick","year":"2018","journal-title":"arXiv:1812.00984"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/3438872.3439097"},{"key":"ref85","first-page":"5650","article-title":"Byzantine robust distributed learning: Towards optimal statistical rates","volume-title":"Proc. 35th Int. Conf. Mach. Learn. (ICML)","volume":"80","author":"Yin"},{"key":"ref86","first-page":"1","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"30","author":"Blanchard"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/657"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/3510548.3519372"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10005208\/10024252.pdf?arnumber=10024252","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,13]],"date-time":"2024-02-13T06:50:16Z","timestamp":1707807016000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10024252\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":88,"URL":"https:\/\/doi.org\/10.1109\/access.2023.3238823","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}