{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T19:25:29Z","timestamp":1774121129631,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":76,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"European Union within the project ELSA ? European Lighthouse on Secure and Safe AI","award":["101070617"],"award-info":[{"award-number":["101070617"]}]},{"name":"European Union project RRF-2.3.1-21-2022-00004 within the framework of the Artificial Intelligence National Laboratory","award":["10109571"],"award-info":[{"award-number":["10109571"]}]},{"name":"Helmholtz Association within the project ?Trustworthy Federated Data Analytics (TFDA)?","award":["ZT-I-OO1 4"],"award-info":[{"award-number":["ZT-I-OO1 4"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,26]]},"DOI":"10.1145\/3603216.3624964","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T01:38:42Z","timestamp":1700703522000},"page":"45-60","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Client-specific Property Inference against Secure Aggregation in Federated Learning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1458-7805","authenticated-orcid":false,"given":"Raouf","family":"Kerkouche","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4437-0110","authenticated-orcid":false,"given":"Gergely","family":"\u00c1cs","sequence":"additional","affiliation":[{"name":"Department of Networked Systems and Services, CrySyS Lab, BME, Budapest, Hungary"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8949-9896","authenticated-orcid":false,"given":"Mario","family":"Fritz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Gergely Á cs and Claude Castelluccia. 2011. I Have a DREAM! (DiffeRentially privatE smArt Metering). In IH."},{"key":"e_1_3_2_1_2_1","volume-title":"How To Backdoor Federated Learning. CoRR","author":"Bagdasaryan Eugene","year":"2018","unstructured":"Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2018. How To Backdoor Federated Learning. CoRR , Vol. abs\/1807.00459 (2018). arxiv: 1807.00459 http:\/\/arxiv.org\/abs\/1807.00459"},{"key":"e_1_3_2_1_3_1","volume-title":"Advances in Neural Information Processing Systems, H. Wallach, H. Larochelle, A. Beygelzimer, F. dtextquotesingle Alché-Buc","author":"Baruch Gilad","year":"2019","unstructured":"Gilad Baruch, Moran Baruch, and Yoav Goldberg. 2019. A Little Is Enough: Circumventing Defenses For Distributed Learning. In Advances in Neural Information Processing Systems, H. Wallach, H. Larochelle, A. Beygelzimer, F. dtextquotesingle Alché-Buc, E. Fox, and R. Garnett (Eds.), Vol. 32. Curran Associates, Inc. https:\/\/proceedings.neurips.cc\/paper\/2019\/file\/ec1c59141046cd1866bbbcdfb6ae31d4-Paper.pdf"},{"key":"e_1_3_2_1_4_1","volume-title":"signSGD with majority vote is communication efficient and fault tolerant. arXiv preprint arXiv:1810.05291","author":"Bernstein Jeremy","year":"2018","unstructured":"Jeremy Bernstein, Jiawei Zhao, Kamyar Azizzadenesheli, and Anima Anandkumar. 2018. signSGD with majority vote is communication efficient and fault tolerant. arXiv preprint arXiv:1810.05291 (2018)."},{"key":"e_1_3_2_1_5_1","volume-title":"International Conference on Machine Learning. PMLR, 634--643","author":"Bhagoji Arjun Nitin","year":"2019","unstructured":"Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin Calo. 2019. Analyzing federated learning through an adversarial lens. In International Conference on Machine Learning. PMLR, 634--643."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/3042573.3042761"},{"key":"e_1_3_2_1_7_1","volume-title":"Rachid Guerraoui, and Julien Stainer.","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. In NIPS. 119--129."},{"key":"e_1_3_2_1_8_1","volume-title":"Ilia Shumailov, and Nicolas Papernot.","author":"Boenisch Franziska","year":"2021","unstructured":"Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2021. When the curious abandon honesty: Federated learning is not private. arXiv preprint arXiv:2112.02918 (2021)."},{"key":"e_1_3_2_1_9_1","volume-title":"Ilia Shumailov, and Nicolas Papernot.","author":"Boenisch Franziska","year":"2022","unstructured":"Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2022. All You Need Is Matplotlib, or Federated Learning with Untrusted Servers is Not Private. http:\/\/www.cleverhans.io\/2022\/04\/17\/fl-privacy.html Retrieved January 20, 2023 from"},{"key":"e_1_3_2_1_10_1","volume-title":"Ilia Shumailov, and Nicolas Papernot.","author":"Boenisch Franziska","year":"2023","unstructured":"Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2023. Is Federated Learning a Practical PET Yet\" arXiv preprint arXiv:2301.04017 (2023)."},{"key":"e_1_3_2_1_11_1","volume-title":"Practical secure aggregation for federated learning on user-held data. arXiv preprint arXiv:1611.04482","author":"Bonawitz Keith","year":"2016","unstructured":"Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. 2016. Practical secure aggregation for federated learning on user-held data. arXiv preprint arXiv:1611.04482 (2016)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179336"},{"key":"e_1_3_2_1_14_1","volume-title":"Cronus: Robust and heterogeneous collaborative learning with black-box knowledge transfer. arXiv preprint arXiv:1912.11279","author":"Chang Hongyan","year":"2019","unstructured":"Hongyan Chang, Virat Shejwalkar, Reza Shokri, and Amir Houmansadr. 2019. Cronus: Robust and heterogeneous collaborative learning with black-box knowledge transfer. arXiv preprint arXiv:1912.11279 (2019)."},{"key":"e_1_3_2_1_15_1","volume-title":"Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)."},{"key":"e_1_3_2_1_16_1","volume-title":"Client selection in federated learning: Convergence analysis and power-of-choice selection strategies. arXiv preprint arXiv:2010.01243","author":"Cho Yae Jee","year":"2020","unstructured":"Yae Jee Cho, Jianyu Wang, and Gauri Joshi. 2020. Client selection in federated learning: Convergence analysis and power-of-choice selection strategies. arXiv preprint arXiv:2010.01243 (2020)."},{"key":"e_1_3_2_1_17_1","volume-title":"Differential privacy-enabled federated learning for sensitive health data. arXiv preprint arXiv:1910.02578","author":"Choudhury Olivia","year":"2019","unstructured":"Olivia Choudhury, Aris Gkoulalas-Divanis, Theodoros Salonidis, Issa Sylla, Yoonyoung Park, Grace Hsu, and Amar Das. 2019. Differential privacy-enabled federated learning for sensitive health data. arXiv preprint arXiv:1910.02578 (2019)."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"3530","author":"El Mhamdi El Mahdi","year":"2018","unstructured":"El Mahdi El Mhamdi, Rachid Guerraoui, and Sébastien Rouault. 2018. The Hidden Vulnerability of Distributed Learning in Byzantium. In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 80), Jennifer Dy and Andreas Krause (Eds.). PMLR, 3521--3530. http:\/\/proceedings.mlr.press\/v80\/mhamdi18a.html"},{"key":"e_1_3_2_1_19_1","volume-title":"The Federated Tumor Segmentation (FeTS) initiative. https:\/\/www.med.upenn.edu\/cbica\/fets\/ Retrieved","author":"CBICA Center for Biomedical Image Computing & Analytics. 2020.","year":"2023","unstructured":"CBICA Center for Biomedical Image Computing & Analytics. 2020. The Federated Tumor Segmentation (FeTS) initiative. https:\/\/www.med.upenn.edu\/cbica\/fets\/ Retrieved January 19, 2023 from"},{"key":"e_1_3_2_1_20_1","volume-title":"Tenth International Conference on Learning Representations (ICLR) 2022","author":"Fowl Liam","year":"2022","unstructured":"Liam Fowl, Jonas Geiping, Wojtek Czaja, Micah Goldblum, and Tom Goldstein. 2022. Robbing the fed: Directly obtaining private data in federated learning with modified models. Tenth International Conference on Learning Representations (ICLR) 2022 (2022)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2020.3036166"},{"key":"e_1_3_2_1_22_1","volume-title":"Label Inference Attacks Against Vertical Federated Learning. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Fu Chong","year":"2022","unstructured":"Chong Fu, Xuhong Zhang, Shouling Ji, Jinyin Chen, Jingzheng Wu, Shanqing Guo, Jun Zhou, Alex X Liu, and Ting Wang. 2022. Label Inference Attacks Against Vertical Federated Learning. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA."},{"key":"e_1_3_2_1_23_1","volume-title":"Chris JM Yoon, and Ivan Beschastnikh","author":"Fung Clement","year":"2018","unstructured":"Clement Fung, Chris JM Yoon, and Ivan Beschastnikh. 2018. Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866 (2018)."},{"key":"e_1_3_2_1_24_1","volume-title":"The Limitations of Federated Learning in Sybil Settings. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020","author":"Fung Clement","year":"2020","unstructured":"Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh. 2020. The Limitations of Federated Learning in Sybil Settings. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, San Sebastian, Spain, October 14--15, 2020, Manuel Egele and Leyla Bilge (Eds.). USENIX Association, 301--316. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/fung"},{"key":"e_1_3_2_1_25_1","volume-title":"Lin (Eds.)","volume":"33","author":"Geiping Jonas","year":"2020","unstructured":"Jonas Geiping, Hartmut Bauermeister, Hannah Dröge, and Michael Moeller. 2020. Inverting Gradients - How easy is it to break privacy in federated learning?. In Advances in Neural Information Processing Systems, H. Larochelle, M. Ranzato, R. Hadsell, M.F. Balcan, and H. Lin (Eds.), Vol. 33. Curran Associates, Inc., 16937--16947."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3043139"},{"key":"e_1_3_2_1_27_1","volume-title":"Versa: Verifiable secure aggregation for cross-device federated learning","author":"Hahn Changhee","year":"2021","unstructured":"Changhee Hahn, Hodong Kim, Minjae Kim, and Junbeom Hur. 2021. Versa: Verifiable secure aggregation for cross-device federated learning. IEEE Transactions on Dependable and Secure Computing (2021)."},{"key":"e_1_3_2_1_28_1","volume-title":"Verifiable and privacy preserving federated learning without fully trusted centers. Journal of Ambient Intelligence and Humanized Computing","author":"Han Gang","year":"2022","unstructured":"Gang Han, Tiantian Zhang, Yinghui Zhang, Guowen Xu, Jianfei Sun, and Jin Cao. 2022. Verifiable and privacy preserving federated learning without fully trusted centers. Journal of Ambient Intelligence and Humanized Computing (2022), 1--11."},{"key":"e_1_3_2_1_29_1","unstructured":"Andrew Hard Chlo\u00e9 M Kiddon Daniel Ramage Francoise Beaufays Hubert Eichner Kanishka Rao Rajiv Mathews and Sean Augenstein. 2018. Federated Learning for Mobile Keyboard Prediction. https:\/\/arxiv.org\/abs\/1811.03604"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2021.05.077"},{"key":"e_1_3_2_1_32_1","volume-title":"Federated learning in adversarial settings. arXiv preprint arXiv:2010.07808","author":"Kerkouche Raouf","year":"2020","unstructured":"Raouf Kerkouche, Gergely Ács, and Claude Castelluccia. 2020. Federated learning in adversarial settings. arXiv preprint arXiv:2010.07808 (2020)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3450439.3451859"},{"key":"e_1_3_2_1_34_1","volume-title":"International Conference on Machine Learning. PMLR","author":"Koh Pang Wei","year":"2017","unstructured":"Pang Wei Koh and Percy Liang. 2017. Understanding black-box predictions via influence functions. In International Conference on Machine Learning. PMLR, 1885--1894."},{"key":"e_1_3_2_1_35_1","unstructured":"Alex Krizhevsky Geoffrey Hinton et al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_1_36_1","volume-title":"International Conference on Machine Learning. PMLR, 5959--5968","author":"Lam Maximilian","year":"2021","unstructured":"Maximilian Lam, Gu-Yeon Wei, David Brooks, Vijay Janapa Reddi, and Michael Mitzenmacher. 2021. Gradient disaggregation: Breaking privacy in federated learning by reconstructing the user participant matrix. In International Conference on Machine Learning. PMLR, 5959--5968."},{"key":"e_1_3_2_1_37_1","unstructured":"Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. http:\/\/yann.lecun.com\/exdb\/mnist\/. (2010). http:\/\/yann.lecun.com\/exdb\/mnist\/"},{"key":"e_1_3_2_1_38_1","volume-title":"NeurIPS 2020 Workshop on Scalability, Privacy, and Security in Federated Learning","author":"Li Oscar","year":"2020","unstructured":"Oscar Li, Jiankai Sun, Xin Yang, Weihao Gao, Hongyi Zhang, Junyuan Xie, Virginia Smith, and Chong Wang. 2020. Label leakage and protection in two-party split learning. NeurIPS 2020 Workshop on Scalability, Privacy, and Security in Federated Learning (SpicyFL) (2020)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.00989"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3169918"},{"key":"e_1_3_2_1_41_1","volume-title":"Automation, Privacy, and Security: A Big Data Challenge (RDAAPS)","author":"Madi Abbass","unstructured":"Abbass Madi, Oana Stan, Aurélien Mayoue, Arnaud Grivet-Sébert, Cédric Gouy-Pailler, and Renaud Sirdey. 2021. A secure federated learning framework using homomorphic encryption and verifiable computing. In 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS). IEEE, 1--8."},{"key":"e_1_3_2_1_42_1","volume-title":"Mtadam: Automatic balancing of multiple training loss terms. arXiv preprint arXiv:2006.14683","author":"Malkiel Itzik","year":"2020","unstructured":"Itzik Malkiel and Lior Wolf. 2020. Mtadam: Automatic balancing of multiple training loss terms. arXiv preprint arXiv:2006.14683 (2020)."},{"key":"e_1_3_2_1_43_1","unstructured":"H. Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Agüera y Arcas. 2016. Communication-Efficient Learning of Deep Networks from Decentralized Data. In AISTATS."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/2886521.2886721"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_2_1_46_1","volume-title":"WASA 2021, Nanjing, China, June 25--27, 2021, Proceedings, Part II. Springer, 198--209","author":"Mou Wenhao","year":"2021","unstructured":"Wenhao Mou, Chunlei Fu, Yan Lei, and Chunqiang Hu. 2021. A verifiable federated learning scheme based on secure multi-party computation. In Wireless Algorithms, Systems, and Applications: 16th International Conference, WASA 2021, Nanjing, China, June 25--27, 2021, Proceedings, Part II. Springer, 198--209."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_1_48_1","volume-title":"FLAME: Taming Backdoors in Federated Learning. In 31st USENIX Security Symposium, USENIX Security 2022","author":"Nguyen Thien Duc","year":"2022","unstructured":"Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen Mö llering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, and Thomas Schneider. 2022. FLAME: Taming Backdoors in Federated Learning. In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10--12, 2022, Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 1415--1432. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/nguyen"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00035"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560557"},{"key":"e_1_3_2_1_51_1","volume-title":"Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, et al. 2019. Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems , Vol. 32 (2019)."},{"key":"e_1_3_2_1_52_1","volume-title":"DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022","author":"Rieger Phillip","year":"2022","unstructured":"Phillip Rieger, Thien Duc Nguyen, Markus Miettinen, and Ahmad-Reza Sadeghi. 2022. DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, April 24--28, 2022. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/auto-draft-205\/"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1639562.1639592"},{"key":"e_1_3_2_1_54_1","volume-title":"2021 IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE, 1--10","author":"Sannara EK","year":"2021","unstructured":"EK Sannara, Francois Portet, Philippe Lalanda, and VEGA German. 2021. A federated learning aggregation algorithm for pervasive computing: Evaluation and comparison. In 2021 IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE, 1--10."},{"key":"e_1_3_2_1_55_1","volume-title":"Potential uses for the Privacy Sandbox. https:\/\/blog.chromium.org\/2019\/08\/potential-uses-for-privacy-sandbox.html Retrieved","author":"Schuh Justin","year":"2023","unstructured":"Justin Schuh. 2019. Potential uses for the Privacy Sandbox. https:\/\/blog.chromium.org\/2019\/08\/potential-uses-for-privacy-sandbox.html Retrieved January 19, 2023 from"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991125"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Reza Shokri and Vitaly Shmatikov. 2015. Privacy-Preserving Deep Learning. In CCS.","DOI":"10.1109\/ALLERTON.2015.7447103"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00474"},{"key":"e_1_3_2_1_60_1","volume-title":"The MELLODDY project. https:\/\/www.melloddy.eu\/ Retrieved","author":"Union's The European","year":"2023","unstructured":"The European Union's. 2019. The MELLODDY project. https:\/\/www.melloddy.eu\/ Retrieved January 19, 2023 from"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0043"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_1_63_1","volume-title":"You Really Can Backdoor Federated Learning. In Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020","author":"Wang Hongyi","year":"2020","unstructured":"Hongyi Wang, Kartik Sreenivasan, Shashank Rajput, Harit Vishwakarma, Saurabh Agarwal, Jy-yong Sohn, Kangwook Lee, and Dimitris S. Papailiopoulos. 2020. Attack of the Tails: Yes, You Really Can Backdoor Federated Learning. In Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6--12, 2020, virtual, Hugo Larochelle, Marc'Aurelio Ranzato, Raia Hadsell, Maria-Florina Balcan, and Hsuan-Tien Lin (Eds.). https:\/\/proceedings.neurips.cc\/paper\/2020\/hash\/b8ffa41d4e492f0fad2f13e29e1762eb-Abstract.html"},{"key":"e_1_3_2_1_64_1","volume-title":"Proceedings of the 39th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"23684","author":"Wen Yuxin","year":"2022","unstructured":"Yuxin Wen, Jonas A. Geiping, Liam Fowl, Micah Goldblum, and Tom Goldstein. 2022. Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification. In Proceedings of the 39th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 162), Kamalika Chaudhuri, Stefanie Jegelka, Le Song, Csaba Szepesvari, Gang Niu, and Sivan Sabato (Eds.). PMLR, 23668--23684. https:\/\/proceedings.mlr.press\/v162\/wen22a.html"},{"key":"e_1_3_2_1_65_1","volume-title":"International Conference on Machine Learning. PMLR, 1689--1698","author":"Xiao Huang","year":"2015","unstructured":"Huang Xiao, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. 2015. Is feature selection secure against training data poisoning?. In International Conference on Machine Learning. PMLR, 1689--1698."},{"key":"e_1_3_2_1_66_1","volume-title":"Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. CoRR","author":"Xiao Han","year":"2017","unstructured":"Han Xiao, Kashif Rasul, and Roland Vollgraf. 2017. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. CoRR , Vol. abs\/1708.07747 (2017). showeprint[arXiv]1708.07747"},{"key":"e_1_3_2_1_67_1","volume-title":"8th International Conference on Learning Representations, ICLR 2020","author":"Xie Chulin","year":"2020","unstructured":"Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2020a. DBA: Distributed Backdoor Attacks against Federated Learning. In 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, April 26--30, 2020. OpenReview.net. https:\/\/openreview.net\/forum?id=rkgyS0VFvr"},{"key":"e_1_3_2_1_68_1","volume-title":"International conference on learning representations.","author":"Xie Chulin","year":"2020","unstructured":"Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2020b. Dba: Distributed backdoor attacks against federated learning. In International conference on learning representations."},{"key":"e_1_3_2_1_69_1","volume-title":"Generalized byzantine-tolerant sgd. arXiv preprint arXiv:1802.10116","author":"Xie Cong","year":"2018","unstructured":"Cong Xie, Oluwasanmi Koyejo, and Indranil Gupta. 2018. Generalized byzantine-tolerant sgd. arXiv preprint arXiv:1802.10116 (2018)."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2929409"},{"key":"e_1_3_2_1_71_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"5659","author":"Yin Dong","year":"2018","unstructured":"Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates. In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 80), Jennifer Dy and Andreas Krause (Eds.). PMLR, 5650--5659. http:\/\/proceedings.mlr.press\/v80\/yin18a.html"},{"key":"e_1_3_2_1_72_1","volume-title":"International conference on machine learning. PMLR, 7252--7261","author":"Yurochkin Mikhail","year":"2019","unstructured":"Mikhail Yurochkin, Mayank Agarwal, Soumya Ghosh, Kristjan Greenewald, Nghia Hoang, and Yasaman Khazaeni. 2019. Bayesian nonparametric federated learning of neural networks. In International conference on machine learning. PMLR, 7252--7261."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC40277.2020.9148628"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2022\/792"},{"key":"e_1_3_2_1_75_1","volume-title":"Konda Reddy Mopuri, and Hakan Bilen","author":"Zhao Bo","year":"2020","unstructured":"Bo Zhao, Konda Reddy Mopuri, and Hakan Bilen. 2020. idlg: Improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020)."},{"key":"e_1_3_2_1_76_1","volume-title":"Advances in Neural Information Processing Systems","volume":"32","author":"Zhu Ligeng","year":"2019","unstructured":"Ligeng Zhu, Zhijian Liu, and Song Han. 2019. Deep leakage from gradients. Advances in Neural Information Processing Systems , Vol. 32 (2019)."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd Workshop on Privacy in the Electronic Society"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603216.3624964","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3603216.3624964","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:49:11Z","timestamp":1750286951000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603216.3624964"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":76,"alternative-id":["10.1145\/3603216.3624964","10.1145\/3603216"],"URL":"https:\/\/doi.org\/10.1145\/3603216.3624964","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}