{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T02:33:40Z","timestamp":1755225220104,"version":"3.43.0"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,25]]},"DOI":"10.1145\/3708821.3736188","type":"proceedings-article","created":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T06:33:18Z","timestamp":1755066798000},"page":"473-487","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Nosy Layers, Noisy Fixes: Tackling DRAs in Federated Learning Systems using Explainable AI"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-3799-3469","authenticated-orcid":false,"given":"Meghali","family":"Nandi","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, The University of New South Wales (UNSW), Sydney, New South Wales, Australia and CSIRO's Data61, Sydney, New South Wales, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6630-9519","authenticated-orcid":false,"given":"Arash","family":"Shaghaghi","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, The University of New South Wales (UNSW), Sydney, New South Wales, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4076-5553","authenticated-orcid":false,"given":"Nazatul Haque","family":"Sultan","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, New South Wales, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3482-8442","authenticated-orcid":false,"given":"Gustavo","family":"Batista","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, The University of New South Wales (UNSW), Sydney, New South Wales, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1257-9147","authenticated-orcid":false,"given":"Raymond K.","family":"Zhao","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, New South Wales, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1844-1520","authenticated-orcid":false,"given":"Sanjay","family":"Jha","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, The University of New South Wales (UNSW), Sydney, New South Wales, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,8,24]]},"reference":[{"key":"e_1_3_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_3_1_3_2","unstructured":"Naman Agarwal Ananda\u00a0Theertha Suresh Felix Xinnan\u00a0X Yu Sanjiv Kumar and Brendan McMahan. 2018. cpSGD: Communication-efficient and differentially-private distributed SGD. Advances in Neural Information Processing Systems 31 (2018)."},{"key":"e_1_3_3_1_4_2","unstructured":"Galen Andrew Om Thakkar Brendan McMahan and Swaroop Ramaswamy. 2021. Differentially private learning with adaptive clipping. Advances in Neural Information Processing Systems 34 (2021) 17455\u201317466."},{"key":"e_1_3_3_1_5_2","doi-asserted-by":"crossref","unstructured":"Sebastian Bach Alexander Binder Gr\u00e9goire Montavon Frederick Klauschen Klaus-Robert M\u00fcller and Wojciech Samek. 2015. On pixel-wise explanations for non-linear classifier decisions by layer-wise relevance propagation. PloS one 10 7 (2015) e0130140.","DOI":"10.1371\/journal.pone.0130140"},{"key":"e_1_3_3_1_6_2","unstructured":"Mislav Balunovic Dimitar Dimitrov Nikola Jovanovi\u0107 and Martin Vechev. 2022. Lamp: Extracting text from gradients with language model priors. Advances in Neural Information Processing Systems 35 (2022) 7641\u20137654."},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2011.20"},{"key":"e_1_3_3_1_8_2","unstructured":"Daniel\u00a0J Beutel Taner Topal Akhil Mathur Xinchi Qiu Javier Fernandez-Marques Yan Gao Lorenzo Sani Kwing\u00a0Hei Li Titouan Parcollet Pedro Porto\u00a0Buarque de Gusm\u00e3o et\u00a0al. 2020. Flower: A friendly federated learning research framework. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2007.14390 (2020)."},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00020"},{"key":"e_1_3_3_1_10_2","unstructured":"Zhiqi Bu Yu-Xiang Wang Sheng Zha and George Karypis. 2024. Automatic clipping: Differentially private deep learning made easier and stronger. Advances in Neural Information Processing Systems 36 (2024)."},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"crossref","unstructured":"Jingxue Chen Hang Yan Zhiyuan Liu Min Zhang Hu Xiong and Shui Yu. 2024. When federated learning meets privacy-preserving computation. Comput. Surveys 56 12 (2024) 1\u201336.","DOI":"10.1145\/3679013"},{"key":"e_1_3_3_1_12_2","first-page":"1964","volume-title":"International conference on machine learning","author":"Choquette-Choo Christopher\u00a0A","year":"2021","unstructured":"Christopher\u00a0A Choquette-Choo, Florian Tramer, Nicholas Carlini, and Nicolas Papernot. 2021. Label-only membership inference attacks. In International conference on machine learning. PMLR, 1964\u20131974."},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020598"},{"key":"e_1_3_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978308"},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"crossref","unstructured":"Li Deng. 2012. The mnist database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine 29 6 (2012) 141\u2013142.","DOI":"10.1109\/MSP.2012.2211477"},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"crossref","unstructured":"Travis Dick Cynthia Dwork Michael Kearns Terrance Liu Aaron Roth Giuseppe Vietri and Zhiwei\u00a0Steven Wu. 2023. Confidence-ranked reconstruction of census microdata from published statistics. Proceedings of the National Academy of Sciences 120 8 (2023) e2218605120.","DOI":"10.1073\/pnas.2218605120"},{"key":"e_1_3_3_1_18_2","unstructured":"Dimitar\u00a0Iliev Dimitrov Mislav Balunovic Nikola Konstantinov and Martin Vechev. 2022. Data leakage in federated averaging. Transactions on Machine Learning Research (2022)."},{"key":"e_1_3_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1007\/11787006_1"},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"crossref","unstructured":"Ahmed El\u00a0Ouadrhiri and Ahmed Abdelhadi. 2022. Differential privacy for deep and federated learning: A survey. IEEE access 10 (2022) 22359\u201322380.","DOI":"10.1109\/ACCESS.2022.3151670"},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3616855.3635758"},{"key":"e_1_3_3_1_22_2","unstructured":"Liam Fowl Jonas Geiping Wojtek Czaja Micah Goldblum and Tom Goldstein. 2021. Robbing the fed: Directly obtaining private data in federated learning with modified models. ICLR 2022 (2021)."},{"key":"e_1_3_3_1_23_2","first-page":"760","volume-title":"Uncertainty in Artificial Intelligence","author":"Hannun Awni","year":"2021","unstructured":"Awni Hannun, Chuan Guo, and Laurens van\u00a0der Maaten. 2021. Measuring data leakage in machine-learning models with fisher information. In Uncertainty in Artificial Intelligence. PMLR, 760\u2013770."},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_3_1_25_2","first-page":"1895","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Jayaraman Bargav","year":"2019","unstructured":"Bargav Jayaraman and David Evans. 2019. Evaluating differentially private machine learning in practice. In 28th USENIX Security Symposium (USENIX Security 19). 1895\u20131912."},{"key":"e_1_3_3_1_26_2","first-page":"15884","volume-title":"International Conference on Machine Learning","author":"Kariyappa Sanjay","year":"2023","unstructured":"Sanjay Kariyappa, Chuan Guo, Kiwan Maeng, Wenjie Xiong, G\u00a0Edward Suh, Moinuddin\u00a0K Qureshi, and Hsien-Hsin\u00a0S Lee. 2023. Cocktail party attack: Breaking aggregation-based privacy in federated learning using independent component analysis. In International Conference on Machine Learning. PMLR, 15884\u201315899."},{"key":"e_1_3_3_1_27_2","doi-asserted-by":"crossref","unstructured":"Jong\u00a0Wook Kim Kennedy Edemacu Jong\u00a0Seon Kim Yon\u00a0Dohn Chung and Beakcheol Jang. 2021. A survey of differential privacy-based techniques and their applicability to location-based services. Computers & Security 111 (2021) 102464.","DOI":"10.1016\/j.cose.2021.102464"},{"key":"e_1_3_3_1_28_2","unstructured":"Alex Krizhevsky Geoffrey Hinton et\u00a0al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_3_1_29_2","unstructured":"Daniel Levy Ziteng Sun Kareem Amin Satyen Kale Alex Kulesza Mehryar Mohri and Ananda\u00a0Theertha Suresh. 2021. Learning with user-level privacy. Advances in Neural Information Processing Systems 34 (2021) 12466\u201312479."},{"key":"e_1_3_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3394486.3403125"},{"key":"e_1_3_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00023"},{"key":"e_1_3_3_1_32_2","first-page":"1273","volume-title":"Artificial intelligence and statistics","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise\u00a0Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics. PMLR, 1273\u20131282."},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2017.11"},{"key":"e_1_3_3_1_35_2","doi-asserted-by":"crossref","unstructured":"Gr\u00e9goire Montavon Sebastian Lapuschkin Alexander Binder Wojciech Samek and Klaus-Robert M\u00fcller. 2017. Explaining nonlinear classification decisions with deep taylor decomposition. Pattern recognition 65 (2017) 211\u2013222.","DOI":"10.1016\/j.patcog.2016.11.008"},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"crossref","unstructured":"Viraaji Mothukuri Prachi Khare Reza\u00a0M Parizi Seyedamin Pouriyeh Ali Dehghantanha and Gautam Srivastava. 2021. Federated-learning-based anomaly detection for IoT security attacks. IEEE Internet of Things Journal 9 4 (2021) 2545\u20132554.","DOI":"10.1109\/JIOT.2021.3077803"},{"key":"e_1_3_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_3_1_38_2","doi-asserted-by":"crossref","unstructured":"Seyed\u00a0Ali Osia Ali Taheri Ali\u00a0Shahin Shamsabadi Kleomenis Katevas Hamed Haddadi and Hamid\u00a0R Rabiee. 2018. Deep private-feature extraction. IEEE Transactions on Knowledge and Data Engineering 32 1 (2018) 54\u201366.","DOI":"10.1109\/TKDE.2018.2878698"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2012.6248092"},{"key":"e_1_3_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560557"},{"key":"e_1_3_3_1_41_2","first-page":"1","volume-title":"CVPR workshops","author":"Qi Zhongang","year":"2019","unstructured":"Zhongang Qi, Saeed Khorram, and Fuxin Li. 2019. Visualizing Deep Networks by Optimizing with Integrated Gradients.. In CVPR workshops , Vol.\u00a02. 1\u20134."},{"key":"e_1_3_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"},{"key":"e_1_3_3_1_43_2","doi-asserted-by":"crossref","unstructured":"Nuria Rodr\u00edguez-Barroso Daniel Jim\u00e9nez-L\u00f3pez M\u00a0Victoria Luz\u00f3n Francisco Herrera and Eugenio Mart\u00ednez-C\u00e1mara. 2023. Survey on federated learning threats: Concepts taxonomy on attacks and defences experimental study and challenges. Information Fusion 90 (2023) 148\u2013173.","DOI":"10.1016\/j.inffus.2022.09.011"},{"key":"e_1_3_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.74"},{"key":"e_1_3_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_3_1_46_2","doi-asserted-by":"crossref","unstructured":"Jinhyun So Ba\u015fak G\u00fcler and A\u00a0Salman Avestimehr. 2020. Byzantine-resilient secure federated learning. IEEE Journal on Selected Areas in Communications 39 7 (2020) 2168\u20132181.","DOI":"10.1109\/JSAC.2020.3041404"},{"key":"e_1_3_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00919"},{"key":"e_1_3_3_1_48_2","unstructured":"Qi Tan Qi Li Yi Zhao Zhuotao Liu Xiaobing Guo and Ke Xu. 2024. Defending Against Data Reconstruction Attacks in Federated Learning: An Information Theory Approach. Proceedings of the 33rd USENIX Conference on Security Symposium 24 (2024)."},{"key":"e_1_3_3_1_49_2","unstructured":"Md\u00a0Palash Uddin Yong Xiang Xuequan Lu John Yearwood and Longxiang Gao. 2020. Mutual information driven federated learning. IEEE Transactions on Parallel and Distributed Systems 32 7 (2020) 1526\u20131538."},{"key":"e_1_3_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"e_1_3_3_1_51_2","doi-asserted-by":"crossref","unstructured":"Kang Wei Jun Li Ming Ding Chuan Ma Howard\u00a0H Yang Farhad Farokhi Shi Jin Tony\u00a0QS Quek and H\u00a0Vincent Poor. 2020. Federated learning with differential privacy: Algorithms and performance analysis. IEEE transactions on information forensics and security 15 (2020) 3454\u20133469.","DOI":"10.1109\/TIFS.2020.2988575"},{"key":"e_1_3_3_1_52_2","unstructured":"Yuxin Wen Jonas Geiping Liam Fowl Micah Goldblum and Tom Goldstein. 2022. Fishing for user data in large-batch federated learning via gradient magnification. International Conference on Machine Learning (2022)."},{"key":"e_1_3_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v37i9.26242"},{"key":"e_1_3_3_1_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.01607"},{"key":"e_1_3_3_1_55_2","volume-title":"International Conference on Machine Learning, ICML 2022","author":"Zhang Xinwei","year":"2022","unstructured":"Xinwei Zhang, Xiangyi Chen, Mingyi Hong, Zhiwei\u00a0Steven Wu, and Jinfeng Yi. 2022. Understanding clipping for federated learning: Convergence and client-level differential privacy. In International Conference on Machine Learning, ICML 2022."},{"key":"e_1_3_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00030"},{"key":"e_1_3_3_1_57_2","doi-asserted-by":"crossref","unstructured":"Lingchen Zhao Jianlin Jiang Bo Feng Qian Wang Chao Shen and Qi Li. 2021. Sear: Secure and efficient aggregation for byzantine-robust federated learning. IEEE Transactions on Dependable and Secure Computing 19 5 (2021) 3329\u20133342.","DOI":"10.1109\/TDSC.2021.3093711"}],"event":{"name":"ASIA CCS '25: 20th ACM Asia Conference on Computer and Communications Security","location":"Hanoi Vietnam","acronym":"ASIA CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 20th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3708821.3736188","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T07:27:22Z","timestamp":1755070042000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3708821.3736188"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,24]]},"references-count":56,"alternative-id":["10.1145\/3708821.3736188","10.1145\/3708821"],"URL":"https:\/\/doi.org\/10.1145\/3708821.3736188","relation":{},"subject":[],"published":{"date-parts":[[2025,8,24]]},"assertion":[{"value":"2025-08-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}