{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,15]],"date-time":"2025-11-15T07:43:39Z","timestamp":1763192619628,"version":"3.45.0"},"reference-count":54,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,6,30]],"date-time":"2025-06-30T00:00:00Z","timestamp":1751241600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,6,30]],"date-time":"2025-06-30T00:00:00Z","timestamp":1751241600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,30]]},"DOI":"10.1109\/ijcnn64981.2025.11229350","type":"proceedings-article","created":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T18:46:15Z","timestamp":1763145975000},"page":"1-8","source":"Crossref","is-referenced-by-count":0,"title":["Foundation Models in Federated Learning: Assessing Backdoor Vulnerabilities"],"prefix":"10.1109","author":[{"given":"Xi","family":"Li","sequence":"first","affiliation":[{"name":"University of Alabama at Birmingham"}]},{"given":"Chen","family":"Wu","sequence":"additional","affiliation":[{"name":"Meta"}]},{"given":"Jiaqi","family":"Wang","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University"}]}],"member":"263","reference":[{"article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"AISTATS","author":"McMahan","key":"ref1"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-26422-1_27"},{"key":"ref3","first-page":"29 515","article-title":"Towards personalized federated learning via heterogeneous model reassembly","volume":"36","author":"Wang","year":"2023","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-19821-2_29"},{"article-title":"Language models are few-shot learners","year":"2020","author":"Brown","key":"ref5"},{"article-title":"Llama: Open and efficient foundation language models","year":"2023","author":"Touvron","key":"ref6"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01042"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/cvprw67362.2025.00164"},{"article-title":"Ensemble distillation for robust model fusion in federated learning","volume-title":"NeurIPS","author":"Lin","key":"ref9"},{"article-title":"When foundation model meets federated learning: Motivations, challenges, and future directions","year":"2023","author":"Zhuang","key":"ref10"},{"article-title":"On the opportunities and risks of foundation models","year":"2021","author":"Bommasani","key":"ref11"},{"article-title":"Attack-sam: Towards evaluating adversarial robustness of segment anything model","year":"2023","author":"Zhang","key":"ref12"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVW60793.2023.00395"},{"article-title":"Backdoor attacks for in-context learning with language models","year":"2023","author":"Kandpal","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00095"},{"article-title":"Prompting gpt-3 to be reliable","year":"2022","author":"Si","key":"ref16"},{"article-title":"Position paper: Assessing robustness, privacy, and fairness in federated learning integrated with foundation models","year":"2024","author":"Li","key":"ref17"},{"article-title":"Fedmd: Heterogenous federated learning via model distillation","year":"2019","author":"Li","key":"ref18"},{"article-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain","year":"2017","author":"Gu","key":"ref19"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2941376"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.emnlp-main.241"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.00750"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i4.28104"},{"article-title":"How to backdoor federated learning","volume-title":"AISTATS","author":"Bagdasaryan","key":"ref24"},{"article-title":"Fedmeki: A benchmark for scaling medical foundation models via federated knowledge injection","year":"2024","author":"Wang","key":"ref25"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.emnlp-main.464"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i10.29007"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2023.3302410"},{"article-title":"Distilling the knowledge in a neural network","year":"2015","author":"Hinton","key":"ref29"},{"key":"ref30","article-title":"Federated learning from pre-trained models: A contrastive learning approach","author":"Tan","year":"2022","journal-title":"NeuIPS"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"article-title":"Local model poisoning attacks to byzantine-robust federated learning","volume-title":"USENIX","author":"Fang","key":"ref32"},{"article-title":"Attack of the tails: Yes, you really can backdoor federated learning","volume-title":"NeurIPS","author":"Wang","key":"ref33"},{"article-title":"DBA: distributed backdoor attacks against federated learning","volume-title":"ICLR","author":"Xie","key":"ref34"},{"article-title":"Can you really backdoor federated learning?","volume-title":"Workshop on FL for Data Privacy and Confidentiality at NeurIPS","author":"Sun","key":"ref35"},{"article-title":"Differentially private federated learning: A client level perspective","year":"2017","author":"Geyer","key":"ref36"},{"article-title":"CRFL: certifiably robust federated learning against backdoor attacks","volume-title":"ICML","author":"Xie","key":"ref37"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102819"},{"article-title":"FLAME: taming backdoors in federated learning","volume-title":"USENIX","author":"Nguyen","key":"ref39"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS54860.2022.00084"},{"article-title":"Badgpt: Exploring security vulnerabilities of chatgpt via backdoor attacks to instructgpt","year":"2023","author":"Shi","key":"ref41"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.naacl-long.171"},{"key":"ref43","article-title":"Backdoor threats from compromised foundation models to federated learning","author":"Li","year":"2023","journal-title":"FL@FM with NeurIPS"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-97-2259-4_13"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2025.findings-acl.401"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.emnlp-main.64"},{"article-title":"Character-level convolutional networks for text classification","volume-title":"NeurIPS","author":"Zhang","key":"ref47"},{"article-title":"Distilbert, a distilled version of bert: smaller, faster, cheaper and lighter","year":"2020","author":"Sanh","key":"ref48"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/cvpr.2016.90"},{"article-title":"Bayesian nonparametric federated learning of neural networks","volume-title":"ICML","author":"Yurochkin","key":"ref50"},{"article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume-title":"NeurIPS","author":"Blanchard","key":"ref51"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TBDATA.2023.3237397"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS54860.2022.00120"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2022.108588"}],"event":{"name":"2025 International Joint Conference on Neural Networks (IJCNN)","start":{"date-parts":[[2025,6,30]]},"location":"Rome, Italy","end":{"date-parts":[[2025,7,5]]}},"container-title":["2025 International Joint Conference on Neural Networks (IJCNN)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11227166\/11227148\/11229350.pdf?arnumber=11229350","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,15]],"date-time":"2025-11-15T07:40:37Z","timestamp":1763192437000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11229350\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,30]]},"references-count":54,"URL":"https:\/\/doi.org\/10.1109\/ijcnn64981.2025.11229350","relation":{},"subject":[],"published":{"date-parts":[[2025,6,30]]}}}