{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T22:04:58Z","timestamp":1766268298368,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,6,17]],"date-time":"2021-06-17T00:00:00Z","timestamp":1623888000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Strategic Priority Research Program of CAS,","award":["Grant No.XDC02010400"],"award-info":[{"award-number":["Grant No.XDC02010400"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,6,17]]},"DOI":"10.1145\/3437880.3460403","type":"proceedings-article","created":{"date-parts":[[2021,6,21]],"date-time":"2021-06-21T13:11:52Z","timestamp":1624281112000},"page":"51-62","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":26,"title":["FederatedReverse: A Detection and Defense Method Against Backdoor Attacks in Federated Learning"],"prefix":"10.1145","author":[{"given":"Chen","family":"Zhao","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Yu","family":"Wen","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"given":"Shuailou","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Fucheng","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Dan","family":"Meng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2021,6,21]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2000. Estimating a Dirichlet distribution. https:\/\/tminka.github.io\/papers\/dirichlet\/.  2000. Estimating a Dirichlet distribution. https:\/\/tminka.github.io\/papers\/dirichlet\/."},{"key":"e_1_3_2_2_2_1","unstructured":"2013. Using the Median Absolute Deviation to Find Outliers. https:\/\/eurekastatistics.com\/using-the-median-absolute-deviation-to-find-outliers.  2013. Using the Median Absolute Deviation to Find Outliers. https:\/\/eurekastatistics.com\/using-the-median-absolute-deviation-to-find-outliers."},{"key":"e_1_3_2_2_3_1","unstructured":"2020. Decentralized ML. https:\/\/decentralizedml.com\/.  2020. Decentralized ML. https:\/\/decentralizedml.com\/."},{"key":"e_1_3_2_2_4_1","volume-title":"International Conference on Artificial Intelligence and Statistics. PMLR, 2938--2948","author":"Bagdasaryan Eugene","year":"2020","unstructured":"Eugene Bagdasaryan , Andreas Veit , Yiqing Hua , Deborah Estrin , and Vitaly Shmatikov . 2020 . How to backdoor federated learning . In International Conference on Artificial Intelligence and Statistics. PMLR, 2938--2948 . Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In International Conference on Artificial Intelligence and Statistics. PMLR, 2938--2948."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0129183194000684"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"crossref","unstructured":"Yoshua Bengio Pascal Lamblin Dan Popovici Hugo Larochelle etal 2007. Greedy layer-wise training of deep networks. Advances in neural information processing systems Vol. 19 (2007) 153.  Yoshua Bengio Pascal Lamblin Dan Popovici Hugo Larochelle et al. 2007. Greedy layer-wise training of deep networks. Advances in neural information processing systems Vol. 19 (2007) 153.","DOI":"10.7551\/mitpress\/7503.003.0024"},{"key":"e_1_3_2_2_7_1","volume-title":"International Conference on Machine Learning. PMLR, 634--643","author":"Bhagoji Arjun Nitin","year":"2019","unstructured":"Arjun Nitin Bhagoji , Supriyo Chakraborty , Prateek Mittal , and Seraphin Calo . 2019 . Analyzing federated learning through an adversarial lens . In International Conference on Machine Learning. PMLR, 634--643 . Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin Calo. 2019. Analyzing federated learning through an adversarial lens. In International Conference on Machine Learning. PMLR, 634--643."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"crossref","unstructured":"Huili Chen Cheng Fu Jishen Zhao and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks.. In IJCAI. 4658--4664.  Huili Chen Cheng Fu Jishen Zhao and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks.. In IJCAI. 4658--4664.","DOI":"10.24963\/ijcai.2019\/647"},{"key":"e_1_3_2_2_10_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Chua Zheng Leong","year":"2017","unstructured":"Zheng Leong Chua , Shiqi Shen , Prateek Saxena , and Zhenkai Liang . 2017 . Neural nets can learn function type signatures from binaries . In 26th USENIX Security Symposium (USENIX Security 17) . 99--116. Zheng Leong Chua, Shiqi Shen, Prateek Saxena, and Zhenkai Liang. 2017. Neural nets can learn function type signatures from binaries. In 26th USENIX Security Symposium (USENIX Security 17). 99--116."},{"key":"e_1_3_2_2_11_1","volume-title":"Attack-resistant federated learning with residual-based reweighting. arXiv preprint arXiv:1912.11464","author":"Fu Shuhao","year":"2019","unstructured":"Shuhao Fu , Chulin Xie , Bo Li , and Qifeng Chen . 2019. Attack-resistant federated learning with residual-based reweighting. arXiv preprint arXiv:1912.11464 ( 2019 ). Shuhao Fu, Chulin Xie, Bo Li, and Qifeng Chen. 2019. Attack-resistant federated learning with residual-based reweighting. arXiv preprint arXiv:1912.11464 (2019)."},{"key":"e_1_3_2_2_12_1","volume-title":"Chris JM Yoon, and Ivan Beschastnikh","author":"Fung Clement","year":"2018","unstructured":"Clement Fung , Chris JM Yoon, and Ivan Beschastnikh . 2018 . Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866 (2018). Clement Fung, Chris JM Yoon, and Ivan Beschastnikh. 2018. Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866 (2018)."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"e_1_3_2_2_14_1","volume-title":"Generative adversarial networks. arXiv preprint arXiv:1406.2661","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow , Jean Pouget-Abadie , Mehdi Mirza , Bing Xu , David Warde-Farley , Sherjil Ozair , Aaron Courville , and Yoshua Bengio . 2014. Generative adversarial networks. arXiv preprint arXiv:1406.2661 ( 2014 ). Ian J Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial networks. arXiv preprint arXiv:1406.2661 (2014)."},{"key":"e_1_3_2_2_15_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1974.10482962"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_2_18_1","volume-title":"A fast learning algorithm for deep belief nets. Neural computation","author":"Hinton Geoffrey E","year":"2006","unstructured":"Geoffrey E Hinton , Simon Osindero , and Yee-Whye Teh . 2006. A fast learning algorithm for deep belief nets. Neural computation , Vol. 18 , 7 ( 2006 ), 1527--1554. Geoffrey E Hinton, Simon Osindero, and Yee-Whye Teh. 2006. A fast learning algorithm for deep belief nets. Neural computation, Vol. 18, 7 (2006), 1527--1554."},{"key":"e_1_3_2_2_19_1","volume-title":"Ananda Theertha Suresh, and Dave Bacon","author":"Jakub Konevc","year":"2016","unstructured":"Jakub Konevc n\u1ef3, H Brendan McMahan , Felix X Yu , Peter Richt\u00e1rik , Ananda Theertha Suresh, and Dave Bacon . 2016 . Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016). Jakub Konevc n\u1ef3, H Brendan McMahan, Felix X Yu, Peter Richt\u00e1rik, Ananda Theertha Suresh, and Dave Bacon. 2016. Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016)."},{"key":"e_1_3_2_2_20_1","volume-title":"Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky , Ilya Sutskever , and Geoffrey E Hinton . 2012. Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems , Vol. 25 ( 2012 ), 1097--1105. Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems, Vol. 25 (2012), 1097--1105."},{"key":"e_1_3_2_2_21_1","unstructured":"Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR 1273--1282.  Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR 1273--1282."},{"key":"e_1_3_2_2_22_1","volume-title":"Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784","author":"Mirza Mehdi","year":"2014","unstructured":"Mehdi Mirza and Simon Osindero . 2014. Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 ( 2014 ). Mehdi Mirza and Simon Osindero. 2014. Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014)."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_2_24_1","volume-title":"Robust aggregation for federated learning. arXiv preprint arXiv:1912.13445","author":"Pillutla Krishna","year":"2019","unstructured":"Krishna Pillutla , Sham M Kakade , and Zaid Harchaoui . 2019. Robust aggregation for federated learning. arXiv preprint arXiv:1912.13445 ( 2019 ). Krishna Pillutla, Sham M Kakade, and Zaid Harchaoui. 2019. Robust aggregation for federated learning. arXiv preprint arXiv:1912.13445 (2019)."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"crossref","unstructured":"Marc Ranzato Christopher Poultney Sumit Chopra Yann LeCun etal 2007. Efficient learning of sparse representations with an energy-based model. Advances in neural information processing systems Vol. 19 (2007) 1137.  Marc Ranzato Christopher Poultney Sumit Chopra Yann LeCun et al. 2007. Efficient learning of sparse representations with an energy-based model. Advances in neural information processing systems Vol. 19 (2007) 1137.","DOI":"10.7551\/mitpress\/7503.003.0147"},{"key":"e_1_3_2_2_26_1","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Richard Shin Eui Chul","year":"2015","unstructured":"Eui Chul Richard Shin , Dawn Song , and Reza Moazzezi . 2015 . Recognizing functions in binaries with neural networks . In 24th USENIX Security Symposium (USENIX Security 15) . 611--626. Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing functions in binaries with neural networks. In 24th USENIX Security Symposium (USENIX Security 15). 611--626."},{"key":"e_1_3_2_2_27_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman . 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 ( 2014 ). Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_2_28_1","volume-title":"Ananda Theertha Suresh, and H Brendan McMahan","author":"Sun Ziteng","year":"2019","unstructured":"Ziteng Sun , Peter Kairouz , Ananda Theertha Suresh, and H Brendan McMahan . 2019 . Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019). Ziteng Sun, Peter Kairouz, Ananda Theertha Suresh, and H Brendan McMahan. 2019. Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019)."},{"key":"e_1_3_2_2_29_1","first-page":"513","article-title":"The EU general data protection regulation: Toward a property regime for protecting data privacy","volume":"123","author":"Victor Jacob M","year":"2013","unstructured":"Jacob M Victor . 2013 . The EU general data protection regulation: Toward a property regime for protecting data privacy . Yale LJ , Vol. 123 (2013), 513 . Jacob M Victor. 2013. The EU general data protection regulation: Toward a property regime for protecting data privacy. Yale LJ, Vol. 123 (2013), 513.","journal-title":"Yale LJ"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_2_31_1","volume-title":"International Conference on Learning Representations .","author":"Xie Chulin","year":"2019","unstructured":"Chulin Xie , Keli Huang , Pin-Yu Chen , and Bo Li . 2019 . Dba: Distributed backdoor attacks against federated learning . In International Conference on Learning Representations . Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2019. Dba: Distributed backdoor attacks against federated learning. In International Conference on Learning Representations ."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339474"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-10590-1_53"}],"event":{"name":"IH&MMSec '21: ACM Workshop on Information Hiding and Multimedia Security","sponsor":["SIGMM ACM Special Interest Group on Multimedia"],"location":"Virtual Event Belgium","acronym":"IH&MMSec '21"},"container-title":["Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3437880.3460403","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3437880.3460403","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:26Z","timestamp":1750195466000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3437880.3460403"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,17]]},"references-count":33,"alternative-id":["10.1145\/3437880.3460403","10.1145\/3437880"],"URL":"https:\/\/doi.org\/10.1145\/3437880.3460403","relation":{},"subject":[],"published":{"date-parts":[[2021,6,17]]},"assertion":[{"value":"2021-06-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}