{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T09:40:37Z","timestamp":1768470037469,"version":"3.49.0"},"reference-count":51,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"NSF CISE","award":["2302720"],"award-info":[{"award-number":["2302720"]}]},{"name":"NSF CISE","award":["2312758"],"award-info":[{"award-number":["2312758"]}]},{"name":"NSF CISE","award":["2038029"],"award-info":[{"award-number":["2038029"]}]},{"name":"IBM"},{"name":"CISCO Edge AI program"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Serv. Comput."],"published-print":{"date-parts":[[2024,1]]},"DOI":"10.1109\/tsc.2023.3341951","type":"journal-article","created":{"date-parts":[[2023,12,12]],"date-time":"2023-12-12T18:50:26Z","timestamp":1702407026000},"page":"237-250","source":"Crossref","is-referenced-by-count":10,"title":["Demystifying Data Poisoning Attacks in Distributed Learning as a Service"],"prefix":"10.1109","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9177-114X","authenticated-orcid":false,"given":"Wenqi","family":"Wei","sequence":"first","affiliation":[{"name":"Department of Computer and Information Sciences, Fordham University, New York City, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5917-2577","authenticated-orcid":false,"given":"Ka-Ho","family":"Chow","sequence":"additional","affiliation":[{"name":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8761-5486","authenticated-orcid":false,"given":"Yanzhao","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4138-3082","authenticated-orcid":false,"given":"Ling","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"263","reference":[{"key":"ref1","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"McMahan"},{"key":"ref2","first-page":"374","article-title":"Towards federated learning at scale: System design","volume-title":"Proc. Mach. Learn. Syst.","author":"Bonawitz"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737464"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1038\/s41591-021-01506-3"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-82824-0_10"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref8","first-page":"7614","article-title":"Transferable clean-label poisoning attacks on deep neural nets","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Zhu"},{"key":"ref9","first-page":"6106","article-title":"Poison frogs! Targeted clean-label poisoning attacks on neural networks","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Shafahi"},{"key":"ref10","first-page":"1605","article-title":"Local model poisoning attacks to byzantine-robust federated learning","volume-title":"Proc. USENIX Secur. Symp.","author":"Fang"},{"key":"ref11","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Bhagoji"},{"key":"ref12","first-page":"8011","article-title":"Spectral signatures in backdoor attacks","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Tran"},{"key":"ref13","first-page":"1299","article-title":"When does machine learning $\\lbrace${FAIL? Generalized transferability for evasion and poisoning attacks","volume-title":"PRoc. USENIX Secur. Symp.","author":"Suciu"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/657"},{"key":"ref16","first-page":"2938","article-title":"How to backdoor federated learning","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"Bagdasaryan"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2986205"},{"key":"ref18","first-page":"1467","article-title":"Poisoning attacks against support vector machines","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Biggio"},{"key":"ref19","first-page":"301","article-title":"The limitations of federated learning in sybil settings","volume-title":"Proc. USENIX Int. Symp. Res. Attacks Intrusions Defenses","author":"Fung"},{"key":"ref20","article-title":"Can you really backdoor federated learning?","author":"Sun","year":"2019"},{"key":"ref21","first-page":"16 070","article-title":"Attack of the tails: Yes, you really can backdoor federated learning","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Wang"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.1137\/1.9781611971286","volume-title":"Probability","author":"Breiman","year":"1992"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3055399.3055491"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1137\/17M1126680"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1111\/rssb.12364"},{"key":"ref26","first-page":"508","article-title":"Auror: Defending against poisoning attacks in collaborative deep learning systems","volume-title":"Proc. Annu. Conf. Comput. Secur. Appl.","author":"Shen"},{"key":"ref27","first-page":"10 859","article-title":"Robust learning for data poisoning attacks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Wang"},{"key":"ref28","first-page":"4129","article-title":"Spectre: Defending against backdoor attacks using robust statistics","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Hayase"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.01568"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS51616.2021.00081"},{"key":"ref31","article-title":"Federated learning with Non-IID data","author":"Zhao","year":"2018"},{"key":"ref32","article-title":"Differentially private federated learning: A client level perspective","author":"Geyer","year":"2017"},{"key":"ref33","article-title":"Learning differentially private recurrent language models","volume-title":"Proc. Int. Conf. Learn. Representations","author":"McMahan"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1561\/9781601988195"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2007.66"},{"key":"ref36","first-page":"1415","article-title":"FLAME: Taming backdoors in federated learning","volume-title":"Proc. USENIX Secur. Symp.","author":"Nguyen"},{"key":"ref37","first-page":"118","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Blanchard"},{"key":"ref38","first-page":"14 747","article-title":"Deep leakage from gradients","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Zhu"},{"key":"ref39","first-page":"16 937","article-title":"Inverting gradients - how easy is it to break privacy in federated learning?","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Geiping"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_27"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"ref42","first-page":"1689","article-title":"Is feature selection secure against training data poisoning?","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Xiao"},{"key":"ref43","first-page":"5650","article-title":"Byzantine-robust distributed learning: Towards optimal statistical rates","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Yin"},{"key":"ref44","first-page":"3521","article-title":"The hidden vulnerability of distributed learning in byzantium","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Guerraoui"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140451"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128824"},{"key":"ref47","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017"},{"key":"ref48","article-title":"DBA: Distributed backdoor attacks against federated learning","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Xie"},{"key":"ref49","article-title":"Learning to detect malicious clients for robust federated learning","author":"Li","year":"2020"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24434"}],"container-title":["IEEE Transactions on Services Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/4629386\/10422891\/10354520-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/4629386\/10422891\/10354520.pdf?arnumber=10354520","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T09:44:03Z","timestamp":1725961443000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10354520\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1]]},"references-count":51,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tsc.2023.3341951","relation":{},"ISSN":["1939-1374","2372-0204"],"issn-type":[{"value":"1939-1374","type":"electronic"},{"value":"2372-0204","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1]]}}}