{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T19:44:36Z","timestamp":1771703076449,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,21]],"date-time":"2024-10-21T00:00:00Z","timestamp":1729468800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072208"],"award-info":[{"award-number":["62072208"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2302689, 2308730, 2319277, 232634, 2216926, 2241713, 2331302, 2339686"],"award-info":[{"award-number":["2302689, 2308730, 2319277, 232634, 2216926, 2241713, 2331302, 2339686"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key Research and Development Projects of Jilin Province","award":["20240302090GX"],"award-info":[{"award-number":["20240302090GX"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,21]]},"DOI":"10.1145\/3627673.3679566","type":"proceedings-article","created":{"date-parts":[[2024,10,20]],"date-time":"2024-10-20T19:34:21Z","timestamp":1729452861000},"page":"2930-2939","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Breaking State-of-the-Art Poisoning Defenses to Federated Learning: An Optimization-Based Attack Framework"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9907-9980","authenticated-orcid":false,"given":"Yuxin","family":"Yang","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Jilin University &amp; Department of Computer Science, Illinois Institute of Technology, Changchun, Jilin, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7510-4718","authenticated-orcid":false,"given":"Qiang","family":"Li","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Jilin University, Changchun, Jilin, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4334-5597","authenticated-orcid":false,"given":"Chenfei","family":"Nie","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Jilin University, Changchun, Jilin, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4095-4506","authenticated-orcid":false,"given":"Yuan","family":"Hong","sequence":"additional","affiliation":[{"name":"School of Computing, University of Connecticut, Storrs, Connecticut, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5616-060X","authenticated-orcid":false,"given":"Binghui","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Illinois Institute of Technology, Chicago, Illinois, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,10,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS51616.2021.00086"},{"key":"e_1_3_2_1_2_1","volume-title":"International Conference on Artificial Intelligence and Statistics. PMLR, 2938--2948","author":"Bagdasaryan Eugene","year":"2020","unstructured":"Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In International Conference on Artificial Intelligence and Statistics. PMLR, 2938--2948."},{"key":"e_1_3_2_1_3_1","volume-title":"Advances in Neural Information Processing Systems","volume":"32","author":"Baruch Gilad","year":"2019","unstructured":"Gilad Baruch, Moran Baruch, and Yoav Goldberg. 2019. A little is enough: Circumventing defenses for distributed learning. Advances in Neural Information Processing Systems, Vol. 32 (2019)."},{"key":"e_1_3_2_1_4_1","volume-title":"International Conference on Machine Learning. PMLR, 634--643","author":"Bhagoji Arjun Nitin","year":"2019","unstructured":"Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin Calo. 2019. Analyzing federated learning through an adversarial lens. In International Conference on Machine Learning. PMLR, 634--643."},{"key":"e_1_3_2_1_5_1","volume-title":"Rachid Guerraoui, and Julien Stainer.","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in neural information processing systems, Vol. 30 (2017)."},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of Machine Learning and Systems","author":"Bonawitz Keith","year":"2019","unstructured":"Keith Bonawitz, Hubert Eichner, Wolfgang Grieskamp, Dzmitry Huba, Alex Ingerman, Vladimir Ivanov, Chloe Kiddon, Jakub Konevcn\u1ef3, Stefano Mazzocchi, H Brendan McMahan, Timon Van Overveldt, David Petrou, Daniel Ramage, and Jason Roselander. 2019. Towards federated learning at scale: System design. Proceedings of Machine Learning and Systems (2019)."},{"key":"e_1_3_2_1_7_1","volume-title":"Peter Wu, Tian Li, Jakub Konevcn\u1ef3, H Brendan McMahan, Virginia Smith, and Ameet Talwalkar.","author":"Caldas Sebastian","year":"2018","unstructured":"Sebastian Caldas, Sai Meher Karthik Duddu, Peter Wu, Tian Li, Jakub Konevcn\u1ef3, H Brendan McMahan, Virginia Smith, and Ameet Talwalkar. 2018. Leaf: A benchmark for federated settings. arXiv preprint arXiv:1812.01097 (2018)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37456-2_14"},{"key":"e_1_3_2_1_9_1","volume-title":"Fltrust: Byzantine-robust federated learning via trust bootstrapping. In NDSS.","author":"Cao Xiaoyu","year":"2021","unstructured":"Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong. 2021. Fltrust: Byzantine-robust federated learning via trust bootstrapping. In NDSS."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179336"},{"key":"e_1_3_2_1_11_1","volume-title":"International Conference on Machine Learning.","author":"Chen Lingjiao","year":"2018","unstructured":"Lingjiao Chen, Hongyi Wang, Zachary Charles, and Dimitris Papailiopoulos. 2018. Draco: Byzantine-resilient distributed training via redundant gradients. In International Conference on Machine Learning."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3154503","article-title":"Distributed statistical machine learning in adversarial settings: Byzantine gradient descent","volume":"1","author":"Chen Yudong","year":"2017","unstructured":"Yudong Chen, Lili Su, and Jiaming Xu. 2017. Distributed statistical machine learning in adversarial settings: Byzantine gradient descent. Proceedings of the ACM on Measurement and Analysis of Computing Systems, Vol. 1, 2 (2017), 1--25.","journal-title":"Proceedings of the ACM on Measurement and Analysis of Computing Systems"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium. 1623--1640","author":"Fang Minghong","year":"2020","unstructured":"Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2020. Local model poisoning attacks to byzantine-robust federated learning. In Proceedings of the 29th USENIX Conference on Security Symposium. 1623--1640."},{"key":"e_1_3_2_1_14_1","volume-title":"International Conference on Machine Learning. PMLR, 6246--6283","author":"Farhadkhani Sadegh","year":"2022","unstructured":"Sadegh Farhadkhani, Rachid Guerraoui, Nirupam Gupta, Rafael Pinot, and John Stephan. 2022. Byzantine machine learning made easy by resilient averaging of momentums. In International Conference on Machine Learning. PMLR, 6246--6283."},{"key":"e_1_3_2_1_15_1","volume-title":"International Conference on Machine Learning. PMLR, 3521--3530","author":"Guerraoui Rachid","year":"2018","unstructured":"Rachid Guerraoui, S\u00e9bastien Rouault, et al. 2018. The hidden vulnerability of distributed learning in byzantium. In International Conference on Machine Learning. PMLR, 3521--3530."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_17_1","volume-title":"International Conference on Machine Learning. PMLR, 5311--5319","author":"Karimireddy Sai Praneeth","year":"2021","unstructured":"Sai Praneeth Karimireddy, Lie He, and Martin Jaggi. 2021. Learning from history for byzantine robust optimization. In International Conference on Machine Learning. PMLR, 5311--5319."},{"key":"e_1_3_2_1_18_1","volume-title":"International Conference on Learning Representations.","author":"Karimireddy Sai Praneeth","year":"2022","unstructured":"Sai Praneeth Karimireddy, Lie He, and Martin Jaggi. 2022. Byzantine-robust learning on heterogeneous datasets via bucketing. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_19_1","volume-title":"Lotteryfl: Personalized and communication-efficient federated learning with lottery ticket hypothesis on non-iid datasets. arXiv","author":"Li Ang","year":"2020","unstructured":"Ang Li, Jingwei Sun, Binghui Wang, Lin Duan, Sicheng Li, Yiran Chen, and Hai Li. 2020. Lotteryfl: Personalized and communication-efficient federated learning with lottery ticket hypothesis on non-iid datasets. arXiv (2020)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3531536.3532960"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33011544"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2020.2975749"},{"key":"e_1_3_2_1_23_1","unstructured":"Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics."},{"key":"e_1_3_2_1_24_1","volume-title":"Enhancing Federated Learning Robustness Using Data-Agnostic Model Pruning. In Pacific-Asia Conference on Knowledge Discovery and Data Mining. Springer, 441--453","author":"Meng Mark Huasong","year":"2023","unstructured":"Mark Huasong Meng, Sin G Teo, Guangdong Bai, Kailong Wang, and Jin Song Dong. 2023. Enhancing Federated Learning Robustness Using Data-Agnostic Model Pruning. In Pacific-Asia Conference on Knowledge Discovery and Data Mining. Springer, 441--453."},{"key":"e_1_3_2_1_25_1","volume-title":"Byzantine-robust federated machine learning through adaptive model averaging. arXiv preprint arXiv:1909.05125","author":"Gonz\u00e1lez Luis Mu","year":"2019","unstructured":"Luis Mu noz-Gonz\u00e1lez, Kenneth T Co, and Emil C Lupu. 2019. Byzantine-robust federated machine learning through adaptive model averaging. arXiv preprint arXiv:1909.05125 (2019)."},{"key":"e_1_3_2_1_26_1","volume-title":"FLAME: Taming Backdoors in Federated Learning. In 31st USENIX Security Symposium.","author":"Nguyen Thien Duc","year":"2022","unstructured":"Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen M\u00f6llering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, et al. 2022. FLAME: Taming Backdoors in Federated Learning. In 31st USENIX Security Symposium."},{"key":"e_1_3_2_1_27_1","volume-title":"Flguard: Secure and private federated learning. arXiv preprint arXiv:2101.02281","author":"Nguyen Thien Duc","year":"2021","unstructured":"Thien Duc Nguyen, Phillip Rieger, Hossein Yalame, Helen M\u00f6llering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Ahmad-Reza Sadeghi, Thomas Schneider, et al. 2021. Flguard: Secure and private federated learning. arXiv preprint arXiv:2101.02281 (2021)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i10.17118"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2022.3153135"},{"key":"e_1_3_2_1_30_1","volume-title":"DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. In 29th Annual Network and Distributed System Security Symposium, NDSS","author":"Rieger Phillip","year":"2022","unstructured":"Phillip Rieger, Thien Duc Nguyen, Markus Miettinen, and Ahmad-Reza Sadeghi. [n.,d.]. DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i07.6871"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Virat Shejwalkar and Amir Houmansadr. 2021. Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning. In NDSS.","DOI":"10.14722\/ndss.2021.24498"},{"key":"e_1_3_2_1_33_1","volume-title":"Stroke and Traumatic Brain Injuries: 4th International Workshop, BrainLes 2018, Held in Conjunction with MICCAI 2018","author":"Sheller Micah J","year":"2019","unstructured":"Micah J Sheller, G Anthony Reina, Brandon Edwards, Jason Martin, and Spyridon Bakas. 2019. Multi-institutional deep learning modeling without sharing patient data: A feasibility study on brain tumor segmentation. In Brainlesion: Glioma, Multiple Sclerosis, Stroke and Traumatic Brain Injuries: 4th International Workshop, BrainLes 2018, Held in Conjunction with MICCAI 2018, Granada, Spain, September 16, 2018, Revised Selected Papers, Part I 4. Springer, 92--104."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3260027"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1111\/1467-9868.00293"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM54844.2022.00060"},{"key":"e_1_3_2_1_38_1","first-page":"16070","article-title":"Attack of the tails: Yes, you really can backdoor federated learning","volume":"33","author":"Wang Hongyi","year":"2020","unstructured":"Hongyi Wang, Kartik Sreenivasan, Shashank Rajput, Harit Vishwakarma, Saurabh Agarwal, Jy-yong Sohn, Kangwook Lee, and Dimitris Papailiopoulos. 2020. Attack of the tails: Yes, you really can backdoor federated learning. Advances in Neural Information Processing Systems, Vol. 33 (2020), 16070--16084.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2020.3012952"},{"key":"e_1_3_2_1_40_1","volume-title":"International conference on learning representations.","author":"Xie Chulin","year":"2020","unstructured":"Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2020. Dba: Distributed backdoor attacks against federated learning. In International conference on learning representations."},{"key":"e_1_3_2_1_41_1","volume-title":"Generalized byzantine-tolerant sgd. arXiv preprint arXiv:1802.10116","author":"Xie Cong","year":"2018","unstructured":"Cong Xie, Oluwasanmi Koyejo, and Indranil Gupta. 2018. Generalized byzantine-tolerant sgd. arXiv preprint arXiv:1802.10116 (2018)."},{"key":"e_1_3_2_1_42_1","volume-title":"International Conference on Machine Learning. PMLR, 6893--6901","author":"Xie Cong","year":"2019","unstructured":"Cong Xie, Sanmi Koyejo, and Indranil Gupta. 2019. Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance. In International Conference on Machine Learning. PMLR, 6893--6901."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security.","author":"Yang Yuxin","year":"2024","unstructured":"Yuxin Yang, Qiang Li, Jinyuan Jia, Yuan Hong, and Binghui Wang. 2024. Distributed Backdoor Attacks on Federated Graph Learning and Certified Defenses. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_44_1","volume-title":"International Conference on Machine Learning. PMLR, 5650--5659","author":"Yin Dong","year":"2018","unstructured":"Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning. PMLR, 5650--5659."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3534678.3539231"},{"key":"e_1_3_2_1_46_1","volume-title":"International Conference on Machine Learning. PMLR, 26429--26446","author":"Zhang Zhengming","year":"2022","unstructured":"Zhengming Zhang, Ashwinee Panda, Linyue Song, Yaoqing Yang, Michael Mahoney, Prateek Mittal, Ramchandran Kannan, and Joseph Gonzalez. 2022. Neurotoxin: Durable backdoors in federated learning. In International Conference on Machine Learning. PMLR, 26429--26446."}],"event":{"name":"CIKM '24: The 33rd ACM International Conference on Information and Knowledge Management","location":"Boise ID USA","acronym":"CIKM '24","sponsor":["SIGIR ACM Special Interest Group on Information Retrieval"]},"container-title":["Proceedings of the 33rd ACM International Conference on Information and Knowledge Management"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627673.3679566","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3627673.3679566","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:58:22Z","timestamp":1750294702000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627673.3679566"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,21]]},"references-count":46,"alternative-id":["10.1145\/3627673.3679566","10.1145\/3627673"],"URL":"https:\/\/doi.org\/10.1145\/3627673.3679566","relation":{},"subject":[],"published":{"date-parts":[[2024,10,21]]},"assertion":[{"value":"2024-10-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}