{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:42:18Z","timestamp":1767339738732,"version":"3.45.0"},"reference-count":43,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1109\/tdsc.2025.3594175","type":"journal-article","created":{"date-parts":[[2025,8,4]],"date-time":"2025-08-04T18:48:14Z","timestamp":1754333294000},"page":"7125-7138","source":"Crossref","is-referenced-by-count":1,"title":["AMA: Adaptive Model Poisoning Attacks Towards Federated Learning"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6979-3537","authenticated-orcid":false,"given":"Di","family":"Wu","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology, Xi’an Jiaotong Univiersity, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5507-3424","authenticated-orcid":false,"given":"Qi","family":"Guo","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xi’an Jiaotong Univiersity, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7682-5653","authenticated-orcid":false,"given":"Yong","family":"Qi","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xi’an Jiaotong Univiersity, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0394-4432","authenticated-orcid":false,"given":"Saiyu","family":"Qi","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Xi’an Jiaotong Univiersity, Xi’an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0110-451X","authenticated-orcid":false,"given":"Qian","family":"Li","sequence":"additional","affiliation":[{"name":"Ministry of Education Key Laboratory for Intelligent Networks and Network Security, School of Cyber Science and Engineering, Xi’an Jiaotong University, Xi’an, China"}]}],"member":"263","reference":[{"key":"ref1","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. Artif. Intell. Statist.","author":"McMahan"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1561\/9781680837896"},{"key":"ref3","first-page":"2938","article-title":"How to backdoor federated learning","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"Bagdasaryan"},{"key":"ref4","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Bhagoji"},{"article-title":"A little is enough: Circumventing defenses for distributed learning","year":"2019","author":"Baruch","key":"ref5"},{"article-title":"DBA: Distributed backdoor attacks against federated learning","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Xie","key":"ref6"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24498"},{"article-title":"Explaining and harnessing adversarial examples","year":"2014","author":"Goodfellow","key":"ref8"},{"key":"ref9","first-page":"16070","article-title":"Attack of the tails: Yes, you really can backdoor federated learning","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Wang"},{"key":"ref10","first-page":"3521","article-title":"The hidden vulnerability of distributed learning in byzantium","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Guerraoui"},{"key":"ref11","first-page":"1605","article-title":"Local model poisoning attacks to byzantine-robust federated learning","volume-title":"Proc. 29th {USENIX} Secur. Symp.","author":"Fang"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"ref13","first-page":"1299","article-title":"When does machine learning {FAIL }? generalized transferability for evasion and poisoning attacks","volume-title":"Proc. 27th { USENIX} Secur. Symp.","author":"Suciu"},{"key":"ref14","first-page":"1505","article-title":"Blind backdoors in deep learning models","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Bagdasaryan"},{"key":"ref15","first-page":"2899","article-title":"Accumulative poisoning attacks on real-time data","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Pang"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833647"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW56347.2022.00383"},{"key":"ref18","first-page":"118","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume-title":"Proc. 31st Int. Conf. Neural Inf. Process. Syst.","author":"Blanchard"},{"key":"ref19","first-page":"5650","article-title":"Byzantine-robust distributed learning: Towards optimal statistical rates","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Yin"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24434"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3169918"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i8.16849"},{"article-title":"Byzantine-robust learning on heterogeneous datasets via bucketing","year":"2020","author":"Karimireddy","key":"ref23"},{"key":"ref24","first-page":"5311","article-title":"Learning from history for byzantine robust optimization","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Karimireddy"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2019.2904348"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2019.8761315"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.241796"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2022.3153135"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"ref30","first-page":"493","article-title":"BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning","volume-title":"Proc. 2020 {USENIX} Annu. Tech. Conf.","author":"Zhang"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3108434"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3338501.3357371"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17143-7_20"},{"key":"ref34","first-page":"12613","article-title":"FL-WBC: Enhancing robustness against model poisoning attacks in federated learning from a client perspective","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Sun"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"article-title":"Rectifier nonlinearities improve neural network acoustic models","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Maas","key":"ref37"},{"article-title":"Intriguing properties of neural networks","year":"2013","author":"Szegedy","key":"ref38"},{"year":"2019","key":"ref39","article-title":"Acquire valued shoppers challenge at kaggle"},{"article-title":"Learning multiple layers of features from tiny images","year":"2009","author":"Krizhevsky","key":"ref40"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref42","first-page":"1097","article-title":"ImageNet classification with deep convolutional neural networks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Krizhevsky"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11242243\/11108303.pdf?arnumber=11108303","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T21:00:58Z","timestamp":1763154058000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11108303\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11]]},"references-count":43,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3594175","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"type":"print","value":"1545-5971"},{"type":"electronic","value":"1941-0018"},{"type":"electronic","value":"2160-9209"}],"subject":[],"published":{"date-parts":[[2025,11]]}}}