{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,21]],"date-time":"2025-01-21T07:10:13Z","timestamp":1737443413217,"version":"3.33.0"},"reference-count":128,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100000028","name":"Semiconductor Research Corporation","doi-asserted-by":"publisher","award":["2991.001","2992.001"],"award-info":[{"award-number":["2991.001","2992.001"]}],"id":[{"id":"10.13039\/100000028","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NSF","award":["2138420"],"award-info":[{"award-number":["2138420"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3528304","type":"journal-article","created":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T20:47:04Z","timestamp":1736542024000},"page":"11029-11048","source":"Crossref","is-referenced-by-count":0,"title":["GuardianMPC: Backdoor-Resilient Neural Network Computation"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1216-1552","authenticated-orcid":false,"given":"Mohammad","family":"Hashemi","sequence":"first","affiliation":[{"name":"Electrical and Computer Engineering Department, Worcester Polytechnic Institute, Worcester, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2794-7320","authenticated-orcid":false,"given":"Domenic","family":"Forte","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering Department, University of Florida, Gainesville, FL, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0151-1307","authenticated-orcid":false,"given":"Fatemeh","family":"Ganji","sequence":"additional","affiliation":[{"name":"Electrical and Computer Engineering Department, Worcester Polytechnic Institute, Worcester, MA, USA"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1038\/nature14539"},{"volume-title":"Machine Learning on AWS","year":"2023","key":"ref2"},{"volume-title":"Azure Machine Learning","year":"2023","key":"ref3"},{"volume-title":"Caffe Model Zoo","year":"2012","key":"ref4"},{"volume-title":"Keras Pre-Trained Models","year":"2012","key":"ref5"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23291"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354209"},{"key":"ref8","article-title":"Backdoor attacks and countermeasures on deep learning: A comprehensive review","author":"Gao","year":"2020","journal-title":"arXiv:2007.10760"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3394486.3403064"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3239225"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.02356"},{"key":"ref12","article-title":"ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks","author":"Clifford","year":"2022","journal-title":"arXiv:2210.00108"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00035"},{"key":"ref14","article-title":"Evil from within: Machine learning backdoors through hardware trojans","author":"Warnecke","year":"2023","journal-title":"arXiv:2304.08411"},{"key":"ref15","article-title":"A stealthy hardware trojan exploiting the architectural vulnerability of deep learning architectures: Input interception attack (IIA)","author":"Odetola","year":"2019","journal-title":"arXiv:1911.00783"},{"key":"ref16","article-title":"Hardware trojan attacks on neural networks","author":"Clements","year":"2018","journal-title":"arXiv:1806.05768"},{"key":"ref17","first-page":"201","article-title":"CryptoNets: Applying neural networks to encrypted data with high throughput and accuracy","volume-title":"Proc. Intrl. Conf. Mach. Learn.","author":"Dowlin"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"key":"ref19","article-title":"CryptoDL: Deep neural networks over encrypted data","author":"Hesamifard","year":"2017","journal-title":"arXiv:1711.05189"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134056"},{"key":"ref21","first-page":"812","article-title":"Low latency privacy preserving inference","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Brutzkus"},{"key":"ref22","article-title":"Faster CryptoNets: Leveraging sparsity for real-world encrypted inference","author":"Chou","year":"2018","journal-title":"arXiv:1811.09953"},{"key":"ref23","first-page":"4490","article-title":"TAPAS: Tricks to accelerate (encrypted) prediction as a service","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Sanyal"},{"key":"ref24","first-page":"1651","article-title":"GAZELLE: A low latency framework for secure neural network inference","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Juvekar"},{"key":"ref25","article-title":"SHE: A fast and accurate deep neural network for encrypted data","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"32","author":"Lou"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-96878-0_17"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/DAC.2018.8465894"},{"key":"ref28","first-page":"338","article-title":"Garbled neural networks are practical","volume":"2019","author":"Ball","year":"2019","journal-title":"Cryptol. ePrint Arch."},{"key":"ref29","first-page":"1501","article-title":"XONN: XNOR-based oblivious deep neural network inference","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Riazi"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314628"},{"key":"ref31","first-page":"2505","article-title":"Delphi: A cryptographic inference service for neural networks","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Srinivasan"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417274"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1986.25"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179483"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3628446"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2022.3205665"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339819"},{"key":"ref38","first-page":"2165","article-title":"ABY2.0: Improved mixed-protocol secure two-party computation","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Patra"},{"key":"ref39","first-page":"35","article-title":"ABY3: A mixed protocol framework for machine learning","volume-title":"Proc. ACM SIGSAC Conf. Comput. Commun. Security","author":"Mohassel"},{"key":"ref40","first-page":"4961","article-title":"CrypTen: Secure multi-party computation meets machine learning","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"34","author":"Knott"},{"key":"ref41","article-title":"FALCON: Honest-majority maliciously secure framework for private deep learning","author":"Wagh","year":"2020","journal-title":"arXiv:2004.02229"},{"key":"ref42","article-title":"Trident: Efficient 4PC framework for privacy preserving machine learning","author":"Chaudhari","year":"2019","journal-title":"arXiv:1912.02631"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2022-0131"},{"key":"ref44","first-page":"827","article-title":"Piranha: A GPU platform for secure computation","volume-title":"Proc. USENIX Secur. Symp.","author":"Watson"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00457-5_22"},{"key":"ref46","article-title":"Constant round maliciously secure 2PC with function-independent preprocessing using LEGO","author":"Nielsen","year":"2016","journal-title":"Cryptol. ePrint Arch."},{"article-title":"A proof of Yao\u2019s protocol for secure two-party computation. ECCC report TR04\u2013063","volume-title":"Proc. Electron. Colloq. Comput. Complex. (ECCC)","author":"Lindell","key":"ref47"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-008-9036-8"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00028"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-54776-8_13"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382279"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70583-3_40"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49096-9_23"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813666"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-72540-4_4"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1561\/9781680835090"},{"key":"ref57","first-page":"1085","article-title":"The cut-and-choose game and its application to cryptographic protocols","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Zhu"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_35"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0077"},{"key":"ref60","first-page":"493","article-title":"BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Zhang"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2013.09.310"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70694-8_15"},{"key":"ref63","article-title":"FLASH: Fast and robust framework for privacy-preserving machine learning","author":"Byali","year":"2019","journal-title":"Cryptol. ePrint Arch."},{"volume-title":"Blaze: Blazing Fast Privacy-preserving Machine Learning","year":"2020","author":"Patra","key":"ref64"},{"key":"ref65","first-page":"2651","article-title":"SWIFT: Super-fast and robust privacy-preserving machine learning","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Koti"},{"key":"ref66","first-page":"2183","article-title":"Fantastic four: Honest-majority four-party secure computation with malicious security","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Dalskov"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-77870-5_24"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/s11128-012-0417-4"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2018.2860009"},{"key":"ref70","first-page":"2201","article-title":"Muse: Secure inference resilient to malicious clients","volume-title":"Proc. USENIX Secur. Symp.","author":"Lehmkuhl"},{"key":"ref71","first-page":"1361","article-title":"SIMC: ML inference secure against malicious clients at semi-honest cost","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Chandran"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3288557"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-26954-8_23"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.011.2000473"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38980-1_21"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44381-1_27"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134053"},{"key":"ref78","first-page":"285","article-title":"Billion-gate secure computation with malicious adversaries","volume-title":"Proc. 21st USENIX Secur. Symp.","author":"Kreuter"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78967-3_17"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44381-1_26"},{"key":"ref81","first-page":"309","article-title":"TinyLEGO: An interactive garbling scheme for maliciously secure two-party computation","volume":"2015","author":"Frederiksen","year":"2015","journal-title":"Cryptol. ePrint Arch."},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"ref84","article-title":"Universal adversarial attacks with natural triggers for text classification","author":"Song","year":"2020","journal-title":"arXiv:2005.00174"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.21437\/Interspeech.2019-1353"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485368"},{"key":"ref87","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017","journal-title":"arXiv:1712.05526"},{"key":"ref88","article-title":"BadNets: Identifying vulnerabilities in the machine learning model supply chain","author":"Gu","year":"2017","journal-title":"arXiv:1708.06733"},{"key":"ref89","first-page":"8068","article-title":"Handcrafted backdoors in deep neural networks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"35","author":"Hong"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS54457.2022.00092"},{"key":"ref91","article-title":"Don\u2019t trigger me! A triggerless backdoor attack against deep neural networks","author":"Salem","year":"2020","journal-title":"arXiv:2010.03282"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-60566-766-9.ch011"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243757"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20465-4_22"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-015-9198-0"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-014-9177-x"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3411501.3419433"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00092"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0035"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38348-9_32"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-22829-2_13"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-7091-6597-3"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36033-7_11"},{"key":"ref104","first-page":"531","article-title":"Faster secure computation through automatic parallelization","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Buescher"},{"volume-title":"Guardianmpc","year":"2024","author":"Hashemi","key":"ref105"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.2211477"},{"volume-title":"Tinylego Framework","year":"2019","author":"Braun","key":"ref107"},{"volume-title":"V2021.1","year":"2021","author":"Xilinx","key":"ref108"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196522"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00043"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57077-4_10"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046682"},{"key":"ref114","first-page":"799","article-title":"Adaptively truncating backpropagation through time to control gradient bias","volume-title":"Proc. Uncertainty Artif. Intell.","author":"Aicher"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1007\/s12083-021-01076-8"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53008-5_3"},{"article-title":"A fully homomorphic encryption scheme","year":"2009","author":"Gentry","key":"ref117"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.AI.100-2e2023.ipd"},{"key":"ref120","article-title":"NeuronInspect: Detecting backdoors in neural networks via output explanations","author":"Huang","year":"2019","journal-title":"arXiv:1911.07399"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/647"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00034"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1145\/3489517.3530606"},{"key":"ref124","first-page":"1","article-title":"Full-lock: Hard distributions of SAT instances for obfuscating circuits using fully configurable logic and routing blocks","volume-title":"Proc. 56th ACM\/IEEE Design Autom. Conf. (DAC)","author":"Kamali"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1109\/MWSCAS57524.2023.10406065"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2744823"},{"article-title":"Distributed momentum for Byzantine-resilient stochastic gradient descent","volume-title":"Proc. 9th Int. Conf. Learn. Represent. (ICLR)","author":"Mhamdi","key":"ref127"},{"volume-title":"Architecture Reference Manual","year":"2012","author":"Arm","key":"ref128"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/6287639\/10820123\/10836681-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10836681.pdf?arnumber=10836681","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,21]],"date-time":"2025-01-21T06:30:39Z","timestamp":1737441039000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10836681\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":128,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3528304","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}