{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,11]],"date-time":"2025-11-11T13:51:53Z","timestamp":1762869113506,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"IBM Center for Advanced Studies (CAS) Canada","award":["Project 1059"],"award-info":[{"award-number":["Project 1059"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3595790","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"593-607","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Going Haywire: False Friends in Federated Learning and\u00a0How\u00a0to\u00a0Find\u00a0Them"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2421-994X","authenticated-orcid":false,"given":"William","family":"Aiken","sequence":"first","affiliation":[{"name":"School of Electrical Engineering and Computer Science, University of Ottawa, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9917-3694","authenticated-orcid":false,"given":"Paula","family":"Branco","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, University of Ottawa, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6067-6545","authenticated-orcid":false,"given":"Guy-Vincent","family":"Jourdan","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, University of Ottawa, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi , Carsten Baum , Moustapha Cisse , Benny Pinkas , and Joseph Keshet . 2018 . Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring . In 27th USENIX Security Symposium (USENIX Security 18) . USENIX Association, Baltimore, MD, 1615\u20131631. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/adi Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. 2018. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 1615\u20131631. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/adi"},{"key":"e_1_3_2_1_2_1","volume-title":"Neural network laundering: Removing black-box backdoor watermarks from deep neural networks. Computers & Security 106","author":"Aiken William","year":"2021","unstructured":"William Aiken , Hyoungshick Kim , Simon Woo , and Jungwoo Ryoo . 2021. Neural network laundering: Removing black-box backdoor watermarks from deep neural networks. Computers & Security 106 ( 2021 ). https:\/\/doi.org\/10.1016\/j.cose.2021.102277 10.1016\/j.cose.2021.102277 William Aiken, Hyoungshick Kim, Simon Woo, and Jungwoo Ryoo. 2021. Neural network laundering: Removing black-box backdoor watermarks from deep neural networks. Computers & Security 106 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102277"},{"key":"e_1_3_2_1_3_1","volume-title":"Federated Learning with Personalization Layers. arXiv preprint","author":"Arivazhagan Manoj\u00a0Ghuhan","year":"2019","unstructured":"Manoj\u00a0Ghuhan Arivazhagan , Vinay Aggarwal , Aaditya\u00a0Kumar Singh , and Sunav Choudhary . 2019. Federated Learning with Personalization Layers. arXiv preprint ( 2019 ). https:\/\/doi.org\/10.48550\/arXiv.1912.00818 10.48550\/arXiv.1912.00818 Manoj\u00a0Ghuhan Arivazhagan, Vinay Aggarwal, Aaditya\u00a0Kumar Singh, and Sunav Choudhary. 2019. Federated Learning with Personalization Layers. arXiv preprint (2019). https:\/\/doi.org\/10.48550\/arXiv.1912.00818"},{"key":"e_1_3_2_1_4_1","volume-title":"European Symposium on Research in Computer Security. Springer, 455\u2013475","author":"Awan Sana","year":"2021","unstructured":"Sana Awan , Bo Luo , and Fengjun Li . 2021 . CONTRA: Defending against poisoning attacks in federated learning . In European Symposium on Research in Computer Security. Springer, 455\u2013475 . https:\/\/doi.org\/10.1007\/978-3-030-88418-5_22 10.1007\/978-3-030-88418-5_22 Sana Awan, Bo Luo, and Fengjun Li. 2021. CONTRA: Defending against poisoning attacks in federated learning. In European Symposium on Research in Computer Security. Springer, 455\u2013475. https:\/\/doi.org\/10.1007\/978-3-030-88418-5_22"},{"key":"e_1_3_2_1_5_1","volume-title":"When the curious abandon honesty: Federated learning is not private. arXiv preprint","author":"Boenisch Franziska","year":"2021","unstructured":"Franziska Boenisch , Adam Dziedzic , Roei Schuster , Ali\u00a0Shahin Shamsabadi , Ilia Shumailov , and Nicolas Papernot . 2021. When the curious abandon honesty: Federated learning is not private. arXiv preprint ( 2021 ). https:\/\/doi.org\/10.48550\/arXiv.2112.02918 10.48550\/arXiv.2112.02918 Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali\u00a0Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2021. When the curious abandon honesty: Federated learning is not private. arXiv preprint (2021). https:\/\/doi.org\/10.48550\/arXiv.2112.02918"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/335191.335388"},{"key":"e_1_3_2_1_7_1","volume-title":"Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , and Dawn Song . 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint ( 2017 ). https:\/\/doi.org\/10.48550\/arXiv.1712.05526 10.48550\/arXiv.1712.05526 Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint (2017). https:\/\/doi.org\/10.48550\/arXiv.1712.05526"},{"key":"e_1_3_2_1_8_1","volume-title":"Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models. arXiv preprint","author":"Fowl Liam","year":"2021","unstructured":"Liam Fowl , Jonas Geiping , Wojtek Czaja , Micah Goldblum , and Tom Goldstein . 2021. Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models. arXiv preprint ( 2021 ). https:\/\/doi.org\/10.48550\/arXiv.2110.13057 arXiv:2110.13057 10.48550\/arXiv.2110.13057 Liam Fowl, Jonas Geiping, Wojtek Czaja, Micah Goldblum, and Tom Goldstein. 2021. Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models. arXiv preprint (2021). https:\/\/doi.org\/10.48550\/arXiv.2110.13057 arXiv:2110.13057"},{"key":"e_1_3_2_1_9_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020","author":"Fung Clement","year":"2020","unstructured":"Clement Fung , Chris\u00a0 JM Yoon , and Ivan Beschastnikh . 2020 . The limitations of federated learning in sybil settings . In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020 ). 301\u2013316. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/fung Clement Fung, Chris\u00a0JM Yoon, and Ivan Beschastnikh. 2020. The limitations of federated learning in sybil settings. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 301\u2013316. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/fung"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"e_1_3_2_1_11_1","volume-title":"2021 IEEE International Parallel and Distributed Processing Symposium (IPDPS). IEEE, 671\u2013680","author":"Gu Zhipin","year":"2021","unstructured":"Zhipin Gu and Yuexiang Yang . 2021 . Detecting Malicious Model Updates from Federated Learning on Conditional Variational Autoencoder . In 2021 IEEE International Parallel and Distributed Processing Symposium (IPDPS). IEEE, 671\u2013680 . https:\/\/doi.org\/10.1109\/IPDPS49936.2021.00075 10.1109\/IPDPS49936.2021.00075 Zhipin Gu and Yuexiang Yang. 2021. Detecting Malicious Model Updates from Federated Learning on Conditional Variational Autoencoder. In 2021 IEEE International Parallel and Distributed Processing Symposium (IPDPS). IEEE, 671\u2013680. https:\/\/doi.org\/10.1109\/IPDPS49936.2021.00075"},{"key":"e_1_3_2_1_12_1","volume-title":"Computer Security \u2013 ESORICS","author":"Gupta Ashish","year":"2022","unstructured":"Ashish Gupta , Tie Luo , Mao\u00a0 V. Ngo , and Sajal\u00a0 K. Das . 2022. Long-Short History of Gradients Is All You Need: Detecting Malicious and Unreliable Clients in Federated Learning . In Computer Security \u2013 ESORICS 2022 , Vijayalakshmi Atluri, Roberto Di\u00a0Pietro, Christian\u00a0D. Jensen, and Weizhi Meng (Eds.). Springer Nature Switzerland , Cham, 445\u2013465. https:\/\/doi.org\/10.1007\/978-3-031-17143-7_22 10.1007\/978-3-031-17143-7_22 Ashish Gupta, Tie Luo, Mao\u00a0V. Ngo, and Sajal\u00a0K. Das. 2022. Long-Short History of Gradients Is All You Need: Detecting Malicious and Unreliable Clients in Federated Learning. In Computer Security \u2013 ESORICS 2022, Vijayalakshmi Atluri, Roberto Di\u00a0Pietro, Christian\u00a0D. Jensen, and Weizhi Meng (Eds.). Springer Nature Switzerland, Cham, 445\u2013465. https:\/\/doi.org\/10.1007\/978-3-031-17143-7_22"},{"key":"e_1_3_2_1_13_1","volume-title":"How Apple personalizes Siri without hoovering up your data. MIT Technology Review [Online]","author":"Hao Karen","year":"2019","unstructured":"Karen Hao . 2019. How Apple personalizes Siri without hoovering up your data. MIT Technology Review [Online] ( 2019 ). https:\/\/www.technologyreview.com\/2019\/12\/11\/131629\/apple-ai-personalizes-siri-federated-learning\/ Karen Hao. 2019. How Apple personalizes Siri without hoovering up your data. MIT Technology Review [Online] (2019). https:\/\/www.technologyreview.com\/2019\/12\/11\/131629\/apple-ai-personalizes-siri-federated-learning\/"},{"key":"e_1_3_2_1_14_1","volume-title":"IoT Anomaly Detection Based on Autoencoder and Bayesian Gaussian Mixture Model. Electronics 11, 20","author":"Hou Yunyun","year":"2022","unstructured":"Yunyun Hou , Ruiyu He , Jie Dong , Yangrui Yang , and Wei Ma. 2022. IoT Anomaly Detection Based on Autoencoder and Bayesian Gaussian Mixture Model. Electronics 11, 20 ( 2022 ). https:\/\/doi.org\/10.3390\/electronics11203287 10.3390\/electronics11203287 Yunyun Hou, Ruiyu He, Jie Dong, Yangrui Yang, and Wei Ma. 2022. IoT Anomaly Detection Based on Autoencoder and Bayesian Gaussian Mixture Model. Electronics 11, 20 (2022). https:\/\/doi.org\/10.3390\/electronics11203287"},{"key":"e_1_3_2_1_16_1","volume-title":"MNIST handwritten digit database. ATT Labs [Online] 2","author":"LeCun Yann","year":"2010","unstructured":"Yann LeCun , Corinna Cortes , and CJ Burges . 2010. MNIST handwritten digit database. ATT Labs [Online] 2 ( 2010 ). http:\/\/yann.lecun.com\/exdb\/mnist Yann LeCun, Corinna Cortes, and CJ Burges. 2010. MNIST handwritten digit database. ATT Labs [Online] 2 (2010). http:\/\/yann.lecun.com\/exdb\/mnist"},{"key":"e_1_3_2_1_17_1","volume-title":"2021 8th International Conference on Dependable Systems and Their Applications (DSA). IEEE, 551\u2013559","author":"Li Dongcheng","year":"2021","unstructured":"Dongcheng Li , W\u00a0Eric Wong , Wei Wang , Yao Yao , and Matthew Chau . 2021 . Detection and mitigation of label-flipping attacks in federated learning systems with KPCA and K-means . In 2021 8th International Conference on Dependable Systems and Their Applications (DSA). IEEE, 551\u2013559 . https:\/\/doi.org\/10.1109\/DSA52907.2021.00081 10.1109\/DSA52907.2021.00081 Dongcheng Li, W\u00a0Eric Wong, Wei Wang, Yao Yao, and Matthew Chau. 2021. Detection and mitigation of label-flipping attacks in federated learning systems with KPCA and K-means. In 2021 8th International Conference on Dependable Systems and Their Applications (DSA). IEEE, 551\u2013559. https:\/\/doi.org\/10.1109\/DSA52907.2021.00081"},{"key":"e_1_3_2_1_18_1","first-page":"04","article-title":"A Survey on Federated Learning Systems: Vision, Hype and Reality for Data Privacy and Protection","volume":"35","author":"Li Qinbin","year":"2023","unstructured":"Qinbin Li , Zeyi Wen , Zhaomin Wu , Sixu Hu , Naibo Wang , Yuan Li , Xu Liu , and Bingsheng He . 2023 . A Survey on Federated Learning Systems: Vision, Hype and Reality for Data Privacy and Protection . IEEE Transactions on Knowledge and Data Engineering 35 , 04 (April 2023), 3347\u20133366. https:\/\/doi.org\/10.1109\/TKDE.2021.3124599 10.1109\/TKDE.2021.3124599 Qinbin Li, Zeyi Wen, Zhaomin Wu, Sixu Hu, Naibo Wang, Yuan Li, Xu Liu, and Bingsheng He. 2023. A Survey on Federated Learning Systems: Vision, Hype and Reality for Data Privacy and Protection. IEEE Transactions on Knowledge and Data Engineering 35, 04 (April 2023), 3347\u20133366. https:\/\/doi.org\/10.1109\/TKDE.2021.3124599","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"key":"e_1_3_2_1_19_1","volume-title":"Learning to detect malicious clients for robust federated learning. arXiv preprint","author":"Li Suyi","year":"2020","unstructured":"Suyi Li , Yong Cheng , Wei Wang , Yang Liu , and Tianjian Chen . 2020. Learning to detect malicious clients for robust federated learning. arXiv preprint ( 2020 ). https:\/\/doi.org\/10.48550\/arXiv.2002.00211 10.48550\/arXiv.2002.00211 Suyi Li, Yong Cheng, Wei Wang, Yang Liu, and Tianjian Chen. 2020. Learning to detect malicious clients for robust federated learning. arXiv preprint (2020). https:\/\/doi.org\/10.48550\/arXiv.2002.00211"},{"key":"e_1_3_2_1_20_1","volume-title":"Modular Federated Learning. In 2022 International Joint Conference on Neural Networks (IJCNN). IEEE. https:\/\/doi.org\/10","author":"Liang Kuo-Yun","year":"2022","unstructured":"Kuo-Yun Liang , Abhishek Srinivasan , and Juan\u00a0Carlos Andresen . 2022 . Modular Federated Learning. In 2022 International Joint Conference on Neural Networks (IJCNN). IEEE. https:\/\/doi.org\/10 .1109\/ijcnn55064.2022.9892377 10.1109\/ijcnn55064.2022.9892377 Kuo-Yun Liang, Abhishek Srinivasan, and Juan\u00a0Carlos Andresen. 2022. Modular Federated Learning. In 2022 International Joint Conference on Neural Networks (IJCNN). IEEE. https:\/\/doi.org\/10.1109\/ijcnn55064.2022.9892377"},{"key":"e_1_3_2_1_21_1","volume-title":"Isolation forest. In 2008 eighth IEEE international conference on data mining","author":"Liu Fei\u00a0Tony","year":"2008","unstructured":"Fei\u00a0Tony Liu , Kai\u00a0Ming Ting , and Zhi-Hua Zhou . 2008. Isolation forest. In 2008 eighth IEEE international conference on data mining . IEEE , 413\u2013422. https:\/\/doi.org\/10.1109\/ICDM. 2008 .17 10.1109\/ICDM.2008.17 Fei\u00a0Tony Liu, Kai\u00a0Ming Ting, and Zhi-Hua Zhou. 2008. Isolation forest. In 2008 eighth IEEE international conference on data mining. IEEE, 413\u2013422. https:\/\/doi.org\/10.1109\/ICDM.2008.17"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.07.021"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3011726"},{"key":"e_1_3_2_1_24_1","volume-title":"Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Liu Yingqi","year":"2018","unstructured":"Yingqi Liu , Shiqing Ma , Yousra Aafer , Wen-Chuan Lee , Juan Zhai , Weihang Wang , and Xiangyu Zhang . 2018 . Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA , February 18-221, 2018. The Internet Society. https:\/\/doi.org\/10.14722\/ndss.2018.23291 10.14722\/ndss.2018.23291 Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. 2018. Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-221, 2018. The Internet Society. https:\/\/doi.org\/10.14722\/ndss.2018.23291"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS). Proceedings of Machine Learning Research (PMLR), 1273\u20131282","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan , Eider Moore , Daniel Ramage , Seth Hampson , and Blaise\u00a0Aguera y Arcas . 2017 . Communication-efficient learning of deep networks from decentralized data . In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS). Proceedings of Machine Learning Research (PMLR), 1273\u20131282 . https:\/\/proceedings.mlr.press\/v54\/mcmahan17a\/mcmahan17a.pdf Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise\u00a0Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS). Proceedings of Machine Learning Research (PMLR), 1273\u20131282. https:\/\/proceedings.mlr.press\/v54\/mcmahan17a\/mcmahan17a.pdf"},{"key":"e_1_3_2_1_26_1","volume-title":"Federated Learning: Collaborative Machine Learning without Centralized Training Data. Google AI Blog [Online]","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan and Daniel Ramage . 2017 . Federated Learning: Collaborative Machine Learning without Centralized Training Data. Google AI Blog [Online] (2017). https:\/\/ai.googleblog.com\/2017\/04\/federated-learning-collaborative.html Brendan McMahan and Daniel Ramage. 2017. Federated Learning: Collaborative Machine Learning without Centralized Training Data. Google AI Blog [Online] (2017). https:\/\/ai.googleblog.com\/2017\/04\/federated-learning-collaborative.html"},{"key":"#cr-split#-e_1_3_2_1_27_1.1","doi-asserted-by":"crossref","unstructured":"Matin Mortaheb Cemil Vahapoglu and Sennur Ulukus. 2022. FedGradNorm: Personalized Federated Gradient-Normalized Multi-Task Learning. In 2022 IEEE 23rd International Workshop on Signal Processing Advances in Wireless Communication (SPAWC). 1-5. https:\/\/doi.org\/10.1109\/SPAWC51304.2022.9833969 10.1109\/SPAWC51304.2022.9833969","DOI":"10.1109\/SPAWC51304.2022.9833969"},{"key":"#cr-split#-e_1_3_2_1_27_1.2","doi-asserted-by":"crossref","unstructured":"Matin Mortaheb Cemil Vahapoglu and Sennur Ulukus. 2022. FedGradNorm: Personalized Federated Gradient-Normalized Multi-Task Learning. In 2022 IEEE 23rd International Workshop on Signal Processing Advances in Wireless Communication (SPAWC). 1-5. https:\/\/doi.org\/10.1109\/SPAWC51304.2022.9833969","DOI":"10.1109\/SPAWC51304.2022.9833969"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2022.3153135"},{"key":"e_1_3_2_1_30_1","volume-title":"Perfect Harmony: Pharma\u2019s MELLODDY Consortium Joins Forces with NVIDIA to Supercharge AI Drug Discovery. Nvidia Blogs [Online]","author":"Rhodes Craig","year":"2019","unstructured":"Craig Rhodes . 2019 . Perfect Harmony: Pharma\u2019s MELLODDY Consortium Joins Forces with NVIDIA to Supercharge AI Drug Discovery. Nvidia Blogs [Online] (2019). https:\/\/blogs.nvidia.com\/blog\/2019\/08\/08\/pharma-melloddy-ai-drug-discovery-consortium\/ Craig Rhodes. 2019. Perfect Harmony: Pharma\u2019s MELLODDY Consortium Joins Forces with NVIDIA to Supercharge AI Drug Discovery. Nvidia Blogs [Online] (2019). https:\/\/blogs.nvidia.com\/blog\/2019\/08\/08\/pharma-melloddy-ai-drug-discovery-consortium\/"},{"key":"e_1_3_2_1_31_1","volume-title":"Estimating the support of a high-dimensional distribution. Neural computation 13, 7","author":"Sch\u00f6lkopf Bernhard","year":"2001","unstructured":"Bernhard Sch\u00f6lkopf , John\u00a0 C Platt , John Shawe-Taylor , Alex\u00a0 J Smola , and Robert\u00a0 C Williamson . 2001. Estimating the support of a high-dimensional distribution. Neural computation 13, 7 ( 2001 ), 1443\u20131471. https:\/\/doi.org\/10.1162\/089976601750264965 10.1162\/089976601750264965 Bernhard Sch\u00f6lkopf, John\u00a0C Platt, John Shawe-Taylor, Alex\u00a0J Smola, and Robert\u00a0C Williamson. 2001. Estimating the support of a high-dimensional distribution. Neural computation 13, 7 (2001), 1443\u20131471. https:\/\/doi.org\/10.1162\/089976601750264965"},{"key":"e_1_3_2_1_32_1","volume-title":"Nonlinear component analysis as a kernel eigenvalue problem. Neural computation 10, 5","author":"Sch\u00f6lkopf Bernhard","year":"1998","unstructured":"Bernhard Sch\u00f6lkopf , Alexander Smola , and Klaus-Robert M\u00fcller . 1998. Nonlinear component analysis as a kernel eigenvalue problem. Neural computation 10, 5 ( 1998 ), 1299\u20131319. https:\/\/doi.org\/10.1162\/089976698300017467 10.1162\/089976698300017467 Bernhard Sch\u00f6lkopf, Alexander Smola, and Klaus-Robert M\u00fcller. 1998. Nonlinear component analysis as a kernel eigenvalue problem. Neural computation 10, 5 (1998), 1299\u20131319. https:\/\/doi.org\/10.1162\/089976698300017467"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833647"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991125"},{"key":"e_1_3_2_1_35_1","volume-title":"Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations (ICLR). https:\/\/www.robots.ox.ac.uk\/\u00a0vgg\/publications\/2015\/Simonyan15\/","author":"Simonyan Karen","year":"2015","unstructured":"Karen Simonyan and Andrew Zisserman . 2015 . Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations (ICLR). https:\/\/www.robots.ox.ac.uk\/\u00a0vgg\/publications\/2015\/Simonyan15\/ Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations (ICLR). https:\/\/www.robots.ox.ac.uk\/\u00a0vgg\/publications\/2015\/Simonyan15\/"},{"key":"e_1_3_2_1_36_1","volume-title":"Adaptive Federated Learning for Digital Twin Driven Industrial Internet of Things. In 2021 IEEE Wireless Communications and Networking Conference (WCNC). 1\u20136. https:\/\/doi.org\/10","author":"Song Qiang","year":"2021","unstructured":"Qiang Song , Shiyu Lei , Wen Sun , and Yan Zhang . 2021 . Adaptive Federated Learning for Digital Twin Driven Industrial Internet of Things. In 2021 IEEE Wireless Communications and Networking Conference (WCNC). 1\u20136. https:\/\/doi.org\/10 .1109\/WCNC49053.2021.9417370 10.1109\/WCNC49053.2021.9417370 Qiang Song, Shiyu Lei, Wen Sun, and Yan Zhang. 2021. Adaptive Federated Learning for Digital Twin Driven Industrial Internet of Things. In 2021 IEEE Wireless Communications and Networking Conference (WCNC). 1\u20136. https:\/\/doi.org\/10.1109\/WCNC49053.2021.9417370"},{"key":"e_1_3_2_1_37_1","volume-title":"Can You Really Backdoor Federated Learning?arXiv preprint","author":"Sun Ziteng","year":"2019","unstructured":"Ziteng Sun , Peter Kairouz , Ananda\u00a0Theertha Suresh , and H.\u00a0 Brendan McMahan . 2019. Can You Really Backdoor Federated Learning?arXiv preprint ( 2019 ). https:\/\/doi.org\/10.48550\/arXiv.1911.07963 10.48550\/arXiv.1911.07963 Ziteng Sun, Peter Kairouz, Ananda\u00a0Theertha Suresh, and H.\u00a0Brendan McMahan. 2019. Can You Really Backdoor Federated Learning?arXiv preprint (2019). https:\/\/doi.org\/10.48550\/arXiv.1911.07963"},{"key":"e_1_3_2_1_38_1","volume-title":"WAFFLE: Watermarking in Federated Learning. In 2021 40th International Symposium on Reliable Distributed Systems (SRDS). 310\u2013320","author":"Tekgul Buse","year":"2021","unstructured":"Buse G.\u00a0A. Tekgul , Yuxi Xia , Samuel Marchal , and N. Asokan . 2021 . WAFFLE: Watermarking in Federated Learning. In 2021 40th International Symposium on Reliable Distributed Systems (SRDS). 310\u2013320 . https:\/\/doi.org\/10.1109\/SRDS53918. 2021 .00038 10.1109\/SRDS53918.2021.00038 Buse G.\u00a0A. Tekgul, Yuxi Xia, Samuel Marchal, and N. Asokan. 2021. WAFFLE: Watermarking in Federated Learning. In 2021 40th International Symposium on Reliable Distributed Systems (SRDS). 310\u2013320. https:\/\/doi.org\/10.1109\/SRDS53918.2021.00038"},{"key":"e_1_3_2_1_39_1","volume-title":"Computer Security \u2013 ESORICS","author":"Tolpegin Vale","year":"2020","unstructured":"Vale Tolpegin , Stacey Truex , Mehmet\u00a0Emre Gursoy , and Ling Liu . 2020. Data Poisoning Attacks Against Federated Learning Systems . In Computer Security \u2013 ESORICS 2020 , Liqun Chen, Ninghui Li , Kaitai Liang, and Steve Schneider (Eds.). Springer International Publishing , Cham, 480\u2013501. https:\/\/doi.org\/10.1007\/978-3-030-58951-6_24 10.1007\/978-3-030-58951-6_24 Vale Tolpegin, Stacey Truex, Mehmet\u00a0Emre Gursoy, and Ling Liu. 2020. Data Poisoning Attacks Against Federated Learning Systems. In Computer Security \u2013 ESORICS 2020, Liqun Chen, Ninghui Li, Kaitai Liang, and Steve Schneider (Eds.). Springer International Publishing, Cham, 480\u2013501. https:\/\/doi.org\/10.1007\/978-3-030-58951-6_24"},{"key":"e_1_3_2_1_40_1","volume-title":"IEEE International Conference on Data Mining, ICDM 2018","author":"Vercruyssen Vincent","year":"2018","unstructured":"Vincent Vercruyssen , Wannes Meert , Gust Verbruggen , Koen Maes , Ruben B\u00e4umer , and Jesse Davis . 2018 . Semi-Supervised Anomaly Detection with an Application to Water Analytics . In IEEE International Conference on Data Mining, ICDM 2018 , Singapore , November 17-20, 2018. IEEE, 527\u2013536. https:\/\/doi.org\/10.1109\/ICDM.2018.00068 10.1109\/ICDM.2018.00068 Vincent Vercruyssen, Wannes Meert, Gust Verbruggen, Koen Maes, Ruben B\u00e4umer, and Jesse Davis. 2018. Semi-Supervised Anomaly Detection with an Application to Water Analytics. In IEEE International Conference on Data Mining, ICDM 2018, Singapore, November 17-20, 2018. IEEE, 527\u2013536. https:\/\/doi.org\/10.1109\/ICDM.2018.00068"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 946\u2013958","author":"Wang Ning","year":"2022","unstructured":"Ning Wang , Yang Xiao , Yimin Chen , Yang Hu , Wenjing Lou , and Y\u00a0Thomas Hou . 2022 . FLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representations . In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 946\u2013958 . https:\/\/doi.org\/10.1145\/3488932.3517395 10.1145\/3488932.3517395 Ning Wang, Yang Xiao, Yimin Chen, Yang Hu, Wenjing Lou, and Y\u00a0Thomas Hou. 2022. FLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representations. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 946\u2013958. https:\/\/doi.org\/10.1145\/3488932.3517395"},{"volume-title":"Model Poisoning Defense on Federated Learning: A Validation Based Approach","author":"Wang Yuao","key":"e_1_3_2_1_42_1","unstructured":"Yuao Wang , Tianqing Zhu , Wenhan Chang , Sheng Shen , and Wei Ren . 2020. Model Poisoning Defense on Federated Learning: A Validation Based Approach . In Network and System Security, Miros\u0142aw Kuty\u0142owski, Jun Zhang, and Chao Chen (Eds.). Springer International Publishing , Cham , 207\u2013223. https:\/\/doi.org\/10.1007\/978-3-030-65745-1_12 10.1007\/978-3-030-65745-1_12 Yuao Wang, Tianqing Zhu, Wenhan Chang, Sheng Shen, and Wei Ren. 2020. Model Poisoning Defense on Federated Learning: A Validation Based Approach. In Network and System Security, Miros\u0142aw Kuty\u0142owski, Jun Zhang, and Chao Chen (Eds.). Springer International Publishing, Cham, 207\u2013223. https:\/\/doi.org\/10.1007\/978-3-030-65745-1_12"},{"key":"e_1_3_2_1_43_1","volume-title":"Principal component analysis. Chemometrics and intelligent laboratory systems 2, 1-3","author":"Wold Svante","year":"1987","unstructured":"Svante Wold , Kim Esbensen , and Paul Geladi . 1987. Principal component analysis. Chemometrics and intelligent laboratory systems 2, 1-3 ( 1987 ), 37\u201352. https:\/\/doi.org\/10.1016\/0169-7439(87)80084-9 10.1016\/0169-7439(87)80084-9 Svante Wold, Kim Esbensen, and Paul Geladi. 1987. Principal component analysis. Chemometrics and intelligent laboratory systems 2, 1-3 (1987), 37\u201352. https:\/\/doi.org\/10.1016\/0169-7439(87)80084-9"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196550"}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Melbourne VIC Australia","acronym":"ASIA CCS '23"},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3595790","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:17Z","timestamp":1750183697000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3595790"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":44,"alternative-id":["10.1145\/3579856.3595790","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3595790","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}