{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:32:07Z","timestamp":1774539127070,"version":"3.50.1"},"reference-count":56,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T00:00:00Z","timestamp":1730419200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T00:00:00Z","timestamp":1730419200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T00:00:00Z","timestamp":1730419200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2022YFB3102100"],"award-info":[{"award-number":["2022YFB3102100"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102360"],"award-info":[{"award-number":["62102360"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Open Research Projects of Zhejiang Lab","award":["2022RC0AB01"],"award-info":[{"award-number":["2022RC0AB01"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,11]]},"DOI":"10.1109\/tdsc.2024.3376790","type":"journal-article","created":{"date-parts":[[2024,3,18]],"date-time":"2024-03-18T20:30:44Z","timestamp":1710793844000},"page":"5431-5447","source":"Crossref","is-referenced-by-count":12,"title":["Towards Practical Backdoor Attacks on Federated Learning Systems"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8799-9045","authenticated-orcid":false,"given":"Chenghui","family":"Shi","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4268-372X","authenticated-orcid":false,"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1394-0395","authenticated-orcid":false,"given":"Xudong","family":"Pan","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8571-9780","authenticated-orcid":false,"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3567-3478","authenticated-orcid":false,"given":"Mi","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9714-5545","authenticated-orcid":false,"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6033-6102","authenticated-orcid":false,"given":"Jun","family":"Zhou","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4703-7348","authenticated-orcid":false,"given":"Jianwei","family":"Yin","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4927-5833","authenticated-orcid":false,"given":"Ting","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Stony Brook University, Stony Brook, NY, USA"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Federated optimization: Distributed machine learning for on-device intelligence","author":"Kone\u010dny","year":"2016"},{"key":"ref2","article-title":"Federated learning: Strategies for improving communication efficiency","author":"Kone\u010dny","year":"2016"},{"key":"ref3","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. 20th Int. Conf. Artif. Intell. Statist.","author":"McMahan","year":"2017"},{"key":"ref4","article-title":"Federated learning for mobile keyboard prediction","author":"Hard","year":"2018"},{"key":"ref5","volume-title":"Private Federated Learning (neurips 2019 expo talk abstract)","year":"2019"},{"key":"ref6","volume-title":"WeBank and swiss re signed cooperation MoU","year":"2019"},{"key":"ref7","first-page":"92","article-title":"Multi-institutional deep learning modeling without sharing patient data: A feasibility study on brain tumor segmentation","volume-title":"Proc. Int. MICCAI Brainlesion Workshop","author":"Sheller","year":"2018"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i08.7021"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3298981"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1561\/9781680837896"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23291"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243757"},{"key":"ref15","first-page":"2938","article-title":"How to backdoor federated learning","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"Bagdasaryan","year":"2020"},{"key":"ref16","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"Proc. 36th Int. Conf. Mach. Learn.","author":"Bhagoji","year":"2019"},{"key":"ref17","volume-title":"Tensorflow Federated","year":"2019"},{"key":"ref18","volume-title":"PySyft","year":"2019"},{"key":"ref19","volume-title":"FATE","year":"2019"},{"key":"ref20","volume-title":"PaddleFL","year":"2020"},{"key":"ref21","article-title":"Byzantine-tolerant machine learning","author":"Blanchard","year":"2017"},{"key":"ref22","article-title":"Byzantine-robust distributed learning: Towards optimal statistical rates","author":"Yin","year":"2018"},{"key":"ref23","first-page":"301","article-title":"The limitations of federated learning in sybil settings","volume-title":"Proc. 23rd Int. Symp. Res. Attacks Intrusions Defenses","author":"Fung","year":"2020"},{"key":"ref24","first-page":"6893","article-title":"Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance","volume-title":"Proc. 36th Int. Conf. Mach. Learn.","author":"Xie","year":"2019"},{"key":"ref25","article-title":"Differentially private federated learning: A client level perspective","author":"Geyer","year":"2017"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"ref27","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017"},{"key":"ref28","first-page":"6106","article-title":"Poison frogs! Targeted clean-label poisoning attacks on neural networks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Shafahi","year":"2018"},{"key":"ref29","first-page":"1","article-title":"DBA: Distributed backdoor attacks against federated learning","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Xie","year":"2020"},{"key":"ref30","article-title":"Attack of the tails: Yes, you really can backdoor federated learning","author":"Wang","year":"2020"},{"key":"ref31","first-page":"26429","article-title":"Neurotoxin: Durable backdoors in federated learning","volume-title":"Proc. 39th Int. Conf. Mach. Learn.","author":"Zhang","year":"2022"},{"key":"ref32","first-page":"242","article-title":"A convergence theory for deep learning via over-parameterization","volume-title":"Proc. 36th Int. Conf. Mach. Learn.","author":"Allen-Zhu","year":"2018"},{"key":"ref33","article-title":"Adam: A method for stochastic optimization","author":"Kingma","year":"2015"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2019.06.011"},{"key":"ref35","article-title":"Learning face representation from scratch","author":"Yi","year":"2014"},{"key":"ref36","volume-title":"Toxic Comment Classification Challenge","year":"2017"},{"key":"ref37","article-title":"Learning multiple layers of features from tiny images","author":"Krizhevsky","year":"2009"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2017.7966217"},{"key":"ref39","article-title":"Can you really backdoor federated learning?","author":"Sun","year":"2019"},{"key":"ref40","first-page":"1","article-title":"Deep compression: Compressing deep neural networks with pruning, trained quantization and huffman coding","volume-title":"Proc. 4th Int. Conf. Learn. Representations","author":"Han","year":"2016"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"ref42","article-title":"Detecting backdoor attacks on deep neural networks by activation clustering","author":"Chen","year":"2018"},{"key":"ref43","first-page":"5739","article-title":"Learning with bad training data via iterative trimmed loss minimization","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Shen","year":"2019"},{"key":"ref44","first-page":"8011","article-title":"Spectral signatures in backdoor attacks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Tran","year":"2018"},{"key":"ref45","first-page":"1415","article-title":"FLAME: Taming backdoors in federated learning","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Nguyen","year":"2022"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23156"},{"key":"ref47","article-title":"The hidden vulnerability of distributed learning in byzantium","author":"Mhamdi","year":"2018"},{"key":"ref48","article-title":"A little is enough: Circumventing defenses for distributed learning","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Baruch","year":"2019"},{"key":"ref49","article-title":"Local model poisoning attacks to byzantine-robust federated learning","author":"Fang","year":"2019"},{"key":"ref50","article-title":"Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance","author":"Xie","year":"2018"},{"key":"ref51","article-title":"Byzantine-robust federated machine learning through adaptive model averaging","author":"Mu\u00f1oz-Gonz\u00e1lez","year":"2019"},{"key":"ref52","article-title":"Deep leakage from gradients","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Zhu","year":"2019"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"ref55","article-title":"Updates-leak: Data set inference and reconstruction attacks in online learning","author":"Salem","year":"2019"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359660"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10750463\/10472128.pdf?arnumber=10472128","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:02:55Z","timestamp":1732665775000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10472128\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11]]},"references-count":56,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3376790","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11]]}}}