{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T10:49:41Z","timestamp":1772794181641,"version":"3.50.1"},"reference-count":74,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T00:00:00Z","timestamp":1733875200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004731","name":"Zhejiang Provincial Natural Science Foundation","doi-asserted-by":"crossref","award":["LDQ23F020001"],"award-info":[{"award-number":["LDQ23F020001"]}],"id":[{"id":"10.13039\/501100004731","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"NSFC","doi-asserted-by":"crossref","award":["62072406 and 62406286"],"award-info":[{"award-number":["62072406 and 62406286"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,2,28]]},"abstract":"<jats:p>\n            Federated learning (FL) enables resource-constrained node devices to learn a shared model while keeping the training data local. Since recent research has demonstrated multiple privacy leakage attacks in FL, e.g., gradient inference attacks and membership inference attacks, differential privacy (DP) is applied to serve as one of the most effective privacy protection mechanisms. Despite the benefit DP brings, we observe that the introduction of DP also brings random changes to client updates, which will affect the robust aggregation algorithms. We reveal a novel poisoning attack under the cover of DP, named the\n            <jats:italic>DP-Poison<\/jats:italic>\n            attack in FL. Specifically, the DP-Poison attack is designed to achieve four goals: (1) maintaining the main task performance; (2) launching a successful attack; (3) escaping the robust aggregation algorithms in FL; and (4)\u00a0keeping the effectiveness of DP privacy protection. To achieve these goals, we design multiple optimization goals to generate DP noise through a genetic algorithm. The optimization ensures that while the benign updates change randomly, the malicious updates can change toward the global model after adding the DP noise, so that it is easier to be accepted by the robust aggregation algorithms. Extensive experiments show that DP-Poison achieves a nearly 100% attack success rate while maintaining the proposed four goals.\n          <\/jats:p>\n          <jats:p\/>","DOI":"10.1145\/3702325","type":"journal-article","created":{"date-parts":[[2024,11,2]],"date-time":"2024-11-02T08:46:31Z","timestamp":1730537191000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["DP-Poison: Poisoning Federated Learning under the Cover of Differential Privacy"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8997-5343","authenticated-orcid":false,"given":"Haibin","family":"Zheng","sequence":"first","affiliation":[{"name":"Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7153-2755","authenticated-orcid":false,"given":"Jinyin","family":"Chen","sequence":"additional","affiliation":[{"name":"Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5756-5614","authenticated-orcid":false,"given":"Tao","family":"Liu","sequence":"additional","affiliation":[{"name":"Zhejiang University of Technology, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5781-5185","authenticated-orcid":false,"given":"Yao","family":"Cheng","sequence":"additional","affiliation":[{"name":"TUV SUD Asia Pacific Pte. Ltd., Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-2156-6043","authenticated-orcid":false,"given":"Zhao","family":"Wang","sequence":"additional","affiliation":[{"name":"Data Communication Science and Technology Research Institute, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-4480-8738","authenticated-orcid":false,"given":"Yun","family":"Wang","sequence":"additional","affiliation":[{"name":"Data Communication Science and Technology Research Institute, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6573-9848","authenticated-orcid":false,"given":"Lan","family":"Gao","sequence":"additional","affiliation":[{"name":"Hangzhou Normal University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4268-372X","authenticated-orcid":false,"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China and School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8571-9780","authenticated-orcid":false,"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,11]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_1_3_2","doi-asserted-by":"crossref","unstructured":"Le Trieu Phong Yoshinori Aono Takuya Hayashi Lihua Wang and Shiho Moriai. 2017. Privacy-preserving deep learning via additively homomorphic encryption. IEEE Transactions on Information Forensics and Security 13 5 (2017) 1333\u20131345.","DOI":"10.1109\/TIFS.2017.2787987"},{"key":"e_1_3_1_4_2","first-page":"2938","volume-title":"Proceedings of the International Conference on Artificial Intelligence and Statistics","author":"Bagdasaryan Eugene","year":"2020","unstructured":"Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In Proceedings of the International Conference on Artificial Intelligence and Statistics. PMLR, 2938\u20132948."},{"key":"e_1_3_1_5_2","first-page":"634","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Bhagoji Arjun Nitin","year":"2019","unstructured":"Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin Calo. 2019. Analyzing federated learning through an adversarial lens. In Proceedings of the International Conference on Machine Learning. PMLR, 634\u2013643."},{"key":"e_1_3_1_6_2","unstructured":"Abhishek Bhowmick John Duchi Julien Freudiger Gaurav Kapoor and Ryan Rogers. 2018. Protection against reconstruction and its applications in private federated learning. arXiv:1812.00984. Retrieved from https:\/\/arxiv.org\/abs\/1812.00984"},{"key":"e_1_3_1_7_2","first-page":"118","volume-title":"Proceedings of the 31st International Conference on Neural Information Processing Systems","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In Proceedings of the 31st International Conference on Neural Information Processing Systems. 118\u2013128."},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2014.04.003"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijmedinf.2018.01.007"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103504"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2024.120527"},{"issue":"2","key":"e_1_3_1_13_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3154503","article-title":"Distributed statistical machine learning in adversarial settings: Byzantine gradient descent","volume":"1","author":"Chen Yudong","year":"2017","unstructured":"Yudong Chen, Lili Su, and Jiaming Xu. 2017. Distributed statistical machine learning in adversarial settings: Byzantine gradient descent. Proceedings of the ACM on Measurement and Analysis of Computing Systems 1, 2 (2017), 1\u201325.","journal-title":"Proceedings of the ACM on Measurement and Analysis of Computing Systems"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.29012\/jpc.689"},{"key":"e_1_3_1_15_2","doi-asserted-by":"crossref","unstructured":"Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science 9 3-4 (2014) 211\u2013407.","DOI":"10.1561\/0400000042"},{"key":"e_1_3_1_16_2","unstructured":"Cynthia Dwork and Guy N. Rothblum. 2016. Concentrated differential privacy. arXiv:1603.01887. Retrieved from https:\/\/arxiv.org\/abs\/1603.01887"},{"key":"e_1_3_1_17_2","first-page":"301","volume-title":"Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID","author":"Fung Clement","year":"2020","unstructured":"Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh. 2020. The limitations of federated learning in sybil settings. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID. USENIX Association, 301\u2013316."},{"key":"e_1_3_1_18_2","unstructured":"Jonas Geiping Hartmut Bauermeister Hannah Dr\u00f6ge and Michael Moeller. 2020. Inverting gradients -how easy is it to break privacy in federated learning? In Proceedings of the 2020 Annual Conference on Neural Information Processing Systems. 16937\u201316947."},{"key":"e_1_3_1_19_2","unstructured":"Robin C. Geyer Tassilo Klein and Moin Nabi. 2017. Differentially private federated learning: A client level perspective. arXiv:1712.07557. Retrieved from https:\/\/arxiv.org\/abs\/1712.07557"},{"key":"e_1_3_1_20_2","unstructured":"Tianyu Gu Brendan Dolan-Gavitt and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv:1708.06733. Retrieved from https:\/\/arxiv.org\/abs\/1708.06733"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCSVT.2024.3358415"},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSMC.2022.3220260"},{"key":"e_1_3_1_24_2","unstructured":"Matthew Jagielski Jonathan Ullman and Alina Oprea. 2020. Auditing differentially private machine learning: How private is private SGD? In Proceedings of the 2020 Annual Conference on Neural Information Processing Systems. 22205\u201322216."},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2022.3223578"},{"key":"e_1_3_1_26_2","first-page":"2630","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Kilbertus Niki","year":"2018","unstructured":"Niki Kilbertus, Adri\u00e0 Gasc\u00f3n, Matt Kusner, Michael Veale, Krishna Gummadi, and Adrian Weller. 2018. Blind justice: Fairness with encrypted sensitive attributes. In Proceedings of the International Conference on Machine Learning. PMLR, 2630\u20132639."},{"key":"e_1_3_1_27_2","article-title":"ImageNet classification with deep convolutional neural networks","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky, Ilya Sutskever, and Geoffrey E. Hinton. 2012. ImageNet classification with deep convolutional neural networks. In Proceedings of the 25th International Conference on Neural Information Processing Systems.","journal-title":"Proceedings of the 25th International Conference on Neural Information Processing Systems"},{"key":"e_1_3_1_28_2","unstructured":"Yann LeCun. 2015. LeNet-5 convolutional neural networks. 20 5 (2015) 14. http:\/\/yann.lecun.com\/exdb\/lenet"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_1_30_2","unstructured":"Yi Li Yitao Duan and Wei Xu. 2018. PrivPy: Enabling scalable and general privacy-preserving computation. arXiv:1801.10117. Retrieved from https:\/\/arxiv.org\/abs\/1801.10117"},{"key":"e_1_3_1_31_2","first-page":"45","volume-title":"Computer Vision - ACCV 2022 Workshops - Proceedings of the 16th Asian Conference on Computer Vision","volume":"13848","author":"Li Yanli","year":"2022","unstructured":"Yanli Li, Abubakar Sadiq Sani, Dong Yuan, and Wei Bao. 2022. Enhancing federated learning robustness through clustering non-IID features. In Computer Vision - ACCV 2022 Workshops - Proceedings of the 16th Asian Conference on Computer Vision (December 4-8), Vol. 13848. Springer, Macao, China, 45\u201359."},{"key":"e_1_3_1_32_2","unstructured":"Zhaorui Li Zhicong Huang Chaochao Chen and Cheng Hong. 2019. Quantification of the leakage in federated learning. arXiv:1910.05467. Retrieved from https:\/\/arxiv.org\/abs\/1910.05467"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.physa.2011.12.004"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-59410-7_33"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3237370"},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.24963\/IJCAI.2022\/171"},{"key":"e_1_3_1_37_2","first-page":"1163","article-title":"Using fully homomorphic encryption for statistical analysis of categorical, ordinal and numerical data.","volume":"2016","author":"Lu Wenjie","year":"2016","unstructured":"Wenjie Lu, Shohei Kawasaki, and Jun Sakuma. 2016. Using fully homomorphic encryption for statistical analysis of categorical, ordinal and numerical data. IACR Cryptol. ePrint Arch. 2016, 1 (2016), 1163.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3397271.3401260"},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/657"},{"key":"e_1_3_1_40_2","unstructured":"Mohammad Malekzadeh Burak Hasircioglu Nitish Mital Kunal Katarya Mehmet Emre Ozfatura and Deniz G\u00fcnd\u00fcz. 2021. Dopamine: Differentially private federated learning on medical data. arXiv:2101.11693. Retrieved from https:\/\/arxiv.org\/abs\/2101.11693"},{"key":"e_1_3_1_41_2","first-page":"1273","volume-title":"Artificial Intelligence and Statistics","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics, Aarti Singh and Xiaojin Jerry Zhu (Eds.). PMLR, 1273\u20131282."},{"key":"e_1_3_1_42_2","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1109\/SP.2019.00029","volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP)","author":"Melis Luca","year":"2019","unstructured":"Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2019. Exploiting unintended feature leakage in collaborative learning. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 691\u2013706."},{"key":"e_1_3_1_43_2","unstructured":"El Mahdi El Mhamdi Rachid Guerraoui and S\u00e9bastien Rouault. 2018. The hidden vulnerability of distributed learning in byzantium. In Proceedings of the 2018 International Conference on Machine Learning. 3521\u20133530."},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/3927.001.0001"},{"key":"e_1_3_1_45_2","unstructured":"Luis Mu\u00f1oz-Gonz\u00e1lez Kenneth T. Co and Emil C. Lupu. 2019. Byzantine-robust federated machine learning through adaptive model averaging. arXiv:1909.05125. Retrieved from https:\/\/arxiv.org\/abs\/1909.05125"},{"key":"e_1_3_1_46_2","unstructured":"Mohammad Naseri Jamie Hayes and Emiliano De Cristofaro. 2020. Toward robustness and privacy in federated learning: Experimenting with local and central differential privacy. arXiv:2009.03561. Retrieved from https:\/\/arxiv.org\/abs\/2009.03561"},{"key":"e_1_3_1_47_2","first-page":"1","volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP)","author":"Nasr Milad","year":"2018","unstructured":"Milad Nasr, Reza Shokri, and Amir Houmansadr. 2018. Comprehensive privacy analysis of deep learning. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). 1\u201315."},{"key":"e_1_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_1_49_2","first-page":"9268","volume-title":"Proceedings of the 35th AAAI Conference on Artificial Intelligence, Virtual Event","author":"\u00d6zdayi Mustafa Safa","year":"2021","unstructured":"Mustafa Safa \u00d6zdayi, Murat Kantarcioglu, and Yulia R. Gel. 2021. Defending against backdoors in federated learning with robust learning rate. In Proceedings of the 35th AAAI Conference on Artificial Intelligence, Virtual Event. AAAI Press, 9268\u20139276."},{"key":"e_1_3_1_50_2","unstructured":"Krishna Pillutla Sham M. Kakade and Zaid Harchaoui. 2019. Robust aggregation for federated learning. arXiv:1912.13445. Retrieved from https:\/\/arxiv.org\/abs\/1912.13445"},{"key":"e_1_3_1_51_2","first-page":"10320","article-title":"DETOX: A redundancy-based framework for faster and more robust gradient aggregation","author":"Rajput Shashank","year":"2019","unstructured":"Shashank Rajput, Hongyi Wang, Zachary Charles, and Dimitris Papailiopoulos. 2019. DETOX: A redundancy-based framework for faster and more robust gradient aggregation. In Proceedings of the 33rd International Conference on Neural Information Processing Systems. 10320\u201310330.","journal-title":"Proceedings of the 33rd International Conference on Neural Information Processing Systems"},{"key":"e_1_3_1_52_2","unstructured":"Swaroop Ramaswamy Rajiv Mathews Kanishka Rao and Fran\u00e7oise Beaufays. 2019. Federated learning for emoji prediction in a mobile keyboard. arXiv:1906.04329. Retrieved from https:\/\/arxiv.org\/abs\/1906.04329"},{"key":"e_1_3_1_53_2","first-page":"92","volume-title":"Proceedings of the International MICCAI Brainlesion Workshop","author":"Sheller Micah J.","year":"2018","unstructured":"Micah J. Sheller, G. Anthony Reina, Brandon Edwards, Jason Martin, and Spyridon Bakas. 2018. Multi-institutional deep learning modeling without sharing patient data: A feasibility study on brain tumor segmentation. In Proceedings of the International MICCAI Brainlesion Workshop. Springer, 92\u2013104."},{"key":"e_1_3_1_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813687"},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/3581783.3612386"},{"key":"e_1_3_1_56_2","unstructured":"Gan Sun Yang Cong Jiahua Dong Qiang Wang and Ji Liu. 2020. Data poisoning attacks on federated machine learning. arXiv:2004.10020. Retrieved from https:\/\/arxiv.org\/abs\/2004.10020"},{"key":"e_1_3_1_57_2","first-page":"1571","volume-title":"Proceedings of the 30th International Joint Conference on Artificial Intelligence, IJCAI","author":"Sun Lichao","year":"2021","unstructured":"Lichao Sun, Jianwei Qian, and Xun Chen. 2021. LDP-FL: Practical private aggregation in federated learning with local differential privacy. In Proceedings of the 30th International Joint Conference on Artificial Intelligence, IJCAI. ijcai.org, 1571\u20131578."},{"key":"e_1_3_1_58_2","unstructured":"Ziteng Sun Peter Kairouz Ananda Theertha Suresh and H. Brendan McMahan. 2019. Can you really backdoor federated learning? arXiv:1911.07963. Retrieved from https:\/\/arxiv.org\/abs\/1911.07963"},{"key":"e_1_3_1_59_2","first-page":"8485","volume-title":"Proceedings of the 36th AAAI Conference on Artificial Intelligence","author":"Thapa Chandra","year":"2022","unstructured":"Chandra Thapa, Mahawaga Arachchige Pathum Chamikara, Seyit Camtepe, and Lichao Sun. 2022. SplitFed: When federated learning meets split learning. In Proceedings of the 36th AAAI Conference on Artificial Intelligence. AAAI Press, 8485\u20138493."},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338501.3357370"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3378679.3394533"},{"key":"e_1_3_1_62_2","first-page":"6283","volume-title":"Proceedings of the 34th AAAI Conference on Artificial Intelligence","author":"Wang Yansheng","year":"2020","unstructured":"Yansheng Wang, Yongxin Tong, and Dingyuan Shi. 2020. Federated latent dirichlet allocation: A local differential privacy based framework. In Proceedings of the 34th AAAI Conference on Artificial Intelligence. AAAI Press, 6283\u20136290."},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2988575"},{"key":"e_1_3_1_64_2","unstructured":"Chen Wu Xian Yang Sencun Zhu and Prasenjit Mitra. 2020. Mitigating backdoor attacks in federated learning. arXiv:2011.01767. Retrieved from https:\/\/arxiv.org\/abs\/2011.01767"},{"key":"e_1_3_1_65_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Xie Chulin","year":"2019","unstructured":"Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2019. DBA: Distributed backdoor attacks against federated learning. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_1_66_2","first-page":"6893","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Xie Cong","year":"2019","unstructured":"Cong Xie, Sanmi Koyejo, and Indranil Gupta. 2019. Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance. In Proceedings of the International Conference on Machine Learning. PMLR, 6893\u20136901."},{"key":"e_1_3_1_67_2","first-page":"1","volume-title":"Proceedings of the 10th International Conference on Learning Representations (ICLR)","author":"Xie Chulin","year":"2021","unstructured":"Chulin Xie, Yunhui Long, Pin-Yu Chen, Krishnaram Kenthapadi, and Bo Li. 2021. Certified robustness for free in differentially private federated learning. In Proceedings of the 10th International Conference on Learning Representations (ICLR). 1\u201330."},{"key":"e_1_3_1_68_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.trc.2020.102635"},{"key":"e_1_3_1_69_2","doi-asserted-by":"crossref","first-page":"5832","DOI":"10.1109\/CDC40024.2019.9029245","volume-title":"Proceedings of the 2019 IEEE 58th Conference on Decision and Control (CDC)","author":"Yang Haibo","year":"2019","unstructured":"Haibo Yang, Xin Zhang, Minghong Fang, and Jia Liu. 2019. Byzantine-resilient stochastic gradient descent for distributed learning: A lipschitz-inspired coordinate-wise median approach. In Proceedings of the 2019 IEEE 58th Conference on Decision and Control (CDC). IEEE, 5832\u20135837."},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1145\/3298981"},{"key":"e_1_3_1_71_2","first-page":"5650","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Yin Dong","year":"2018","unstructured":"Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In Proceedings of the International Conference on Machine Learning. PMLR, 5650\u20135659."},{"key":"e_1_3_1_72_2","unstructured":"Jure Zbontar and Yann LeCun. 2016. Stereo matching by training a convolutional neural network to compare image patches. Journal of Machine Learning Research 17 1 (2016) 2287\u20132318."},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.physa.2022.128179"},{"key":"e_1_3_1_74_2","unstructured":"Bo Zhao Konda Reddy Mopuri and Hakan Bilen. 2020. iDLG: Improved deep leakage from gradients. arXiv:2001.02610. Retrieved from https:\/\/arxiv.org\/abs\/2001.02610"},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63076-8_2"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3702325","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3702325","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:08Z","timestamp":1750295888000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3702325"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,11]]},"references-count":74,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2,28]]}},"alternative-id":["10.1145\/3702325"],"URL":"https:\/\/doi.org\/10.1145\/3702325","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,11]]},"assertion":[{"value":"2023-11-25","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-10-24","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}