{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T05:22:03Z","timestamp":1772774523809,"version":"3.50.1"},"reference-count":102,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,12,17]],"date-time":"2022-12-17T00:00:00Z","timestamp":1671235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,12,17]],"date-time":"2022-12-17T00:00:00Z","timestamp":1671235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,12,17]]},"DOI":"10.1109\/bigdata55660.2022.10020431","type":"proceedings-article","created":{"date-parts":[[2023,1,26]],"date-time":"2023-01-26T19:35:23Z","timestamp":1674761723000},"page":"4256-4265","source":"Crossref","is-referenced-by-count":43,"title":["Federated Learning Attacks and Defenses: A Survey"],"prefix":"10.1109","author":[{"given":"Yao","family":"Chen","sequence":"first","affiliation":[{"name":"Jinan University,Guangzhou,China,510632"}]},{"given":"Yijie","family":"Gui","sequence":"additional","affiliation":[{"name":"Jinan University,Guangzhou,China,510632"}]},{"given":"Hong","family":"Lin","sequence":"additional","affiliation":[{"name":"Jinan University,Guangzhou,China,510632"}]},{"given":"Wensheng","family":"Gan","sequence":"additional","affiliation":[{"name":"Jinan University,Guangzhou,China,510632"}]},{"given":"Yongdong","family":"Wu","sequence":"additional","affiliation":[{"name":"Jinan University,Guangzhou,China,510632"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3298981"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.106775"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2020.2975749"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1561\/2200000083"},{"key":"ref5","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","author":"McMahan","year":"2017","journal-title":"Artificial Intelligence and Statistics."},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-019-9237-3"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2942190"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63076-8_17"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-70604-3_6"},{"key":"ref10","first-page":"720","article-title":"Hierarchical joint learning: Improving joint parsing and named entity recognition with non-jointly labeled data","volume-title":"48th Annual Meeting of the Association for Computational Linguistics","author":"Finkel"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1002\/widm.1216"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2019.2942594"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-79228-4_1"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3511808.3557327"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1142\/S0218488502001648"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2006.101"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1217299.1217302"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.10.007"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2020.2988525"},{"key":"ref21","article-title":"AES proposal: Rijndael","author":"Daemen","year":"1999"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-49151-6_5"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/18.54902"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243834"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2015.071829"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"ref29","article-title":"Explaining and harnessing adversarial examples","volume-title":"International Conference on Learning Representations","author":"Goodfellow"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2022.3182979"},{"key":"ref31","first-page":"16 070","article-title":"Attack of the tails: Yes, you really can backdoor federated learning","volume":"33","author":"Wang","year":"2020","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2000.839316"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1561\/0400000042"},{"key":"ref34","first-page":"110","article-title":"Secure multi-party computation","volume":"78","author":"Goldreich","year":"1998","journal-title":"Manuscript. Preliminary version"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2018.10.024"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046682"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3124441"},{"key":"ref38","first-page":"2938","article-title":"How to backdoor federated learning","volume-title":"International Conference on Artificial Intelligence and Statistics","author":"Bagdasaryan"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00023"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2020.3039941"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63076-8_1"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00105-6"},{"issue":"7","key":"ref43","first-page":"310","article-title":"Threats and defenses of federated learning: a survey","volume":"49","author":"Chen","year":"2022","journal-title":"Computer Science"},{"issue":"5","key":"ref44","first-page":"12","article-title":"Threats and defenses of federated learning: a survey","volume":"8","author":"Wu","year":"2022","journal-title":"Big Data Research"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-021-10098-w"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2009.191"},{"key":"ref47","article-title":"Quantifying the performance of federated transfer learning","author":"Jing","year":"2019","journal-title":"CoRR"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2017\/329"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01445"},{"key":"ref50","article-title":"Mitigating sybils in federated learning poisoning","author":"Fung","year":"2018"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref52","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref54","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"International Conference on Machine Learning","author":"Bhagoji"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/IJCB48548.2020.9304875"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01321"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ccnc49032.2021.9369498"},{"key":"ref58","first-page":"17","article-title":"Privacy in pharmacogenetics: An End-to-End case study of personalized warfarin dosing","volume-title":"23rd USENIX Security Symposium","author":"Fredrikson"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"ref60","article-title":"Deep leakage from gradients","volume":"32","author":"Zhu","year":"2019","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref61","article-title":"iDLG: Improved deep leakage from gradients","author":"Zhao","year":"2020"},{"key":"ref62","first-page":"16 937","article-title":"Inverting gradients-how easy is it to break privacy in federated learning?","volume":"33","author":"Geiping","year":"2020","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3510032"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241142"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00038"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00509"},{"key":"ref67","article-title":"Adversarial examples that fool detectors","author":"Lu","year":"2017"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978392"},{"key":"ref69","first-page":"513","article-title":"Hidden voice commands","volume-title":"25th USENIX Security Symposium","author":"Carlini"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2020.3012952"},{"key":"ref71","first-page":"261","article-title":"Fall of empires: Breaking byzantine- tolerant sgd by inner product manipulation","author":"Xie","year":"2020","journal-title":"Uncertainty in Artificial Intelligence."},{"key":"ref72","first-page":"1605","article-title":"Local model poisoning attacks to Byzantine-Robust federated learning","volume-title":"29th USENIX Security Symposium","author":"Fang"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/tnnls.2022.3216981"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2021.3119038"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3460427"},{"key":"ref76","first-page":"1814","article-title":"The PII problem: Privacy and a new concept of personally identifiable information","volume":"86","author":"Schwartz","year":"2011","journal-title":"New York University Law Review"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2020.3000372"},{"key":"ref78","first-page":"1762","article-title":"A syntactic approach for privacy-preserving federated learning","volume-title":"European Conference on Artificial Intelligence","author":"Choudhury"},{"issue":"2","key":"ref79","first-page":"377","article-title":"Theoretical results on de-anonymization via linkage attacks","volume":"5","author":"Merener","year":"2012","journal-title":"Transactions on Data Privacy"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.3390\/app12199901"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102402"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3075203"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/2886795"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48910-X_16"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.357"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataCongress.2017.85"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1145\/3560816"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2929409"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.02.037"},{"key":"ref91","article-title":"Dynamic federated learning model for identifying adversarial clients","author":"Rodr\u00edguez-Barroso","year":"2020"},{"key":"ref92","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume":"30","author":"Blanchard","year":"2017","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2019.8761267"},{"key":"ref94","article-title":"CaPC Learning: Confidential and private collaborative learning","volume-title":"International Conference on Learning Representations","author":"Choquette-Choo"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.08.032"},{"key":"ref96","article-title":"Free-riders in federated learning: Attacks and defenses","author":"Lin","year":"2019"},{"key":"ref97","article-title":"Federated learning with heterogeneous architectures using graph hypernetworks","author":"Litany","year":"2022"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.00982"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/BCCA50787.2020.9274451"},{"key":"ref100","article-title":"GFL: A decentralized federated learning framework based on blockchain","author":"Hu","year":"2020"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2021.3138848"},{"key":"ref102","first-page":"1615","article-title":"Turning your weakness into a strength: Watermarking deep neural networks by backdooring","volume-title":"27th USENIX Security Symposium","author":"Adi"}],"event":{"name":"2022 IEEE International Conference on Big Data (Big Data)","location":"Osaka, Japan","start":{"date-parts":[[2022,12,17]]},"end":{"date-parts":[[2022,12,20]]}},"container-title":["2022 IEEE International Conference on Big Data (Big Data)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10020192\/10020156\/10020431.pdf?arnumber=10020431","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,13]],"date-time":"2024-02-13T06:08:41Z","timestamp":1707804521000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10020431\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,17]]},"references-count":102,"URL":"https:\/\/doi.org\/10.1109\/bigdata55660.2022.10020431","relation":{},"subject":[],"published":{"date-parts":[[2022,12,17]]}}}