{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:54:03Z","timestamp":1775667243690,"version":"3.50.1"},"reference-count":151,"publisher":"Association for Computing Machinery (ACM)","issue":"9","license":[{"start":{"date-parts":[[2025,4,3]],"date-time":"2025-04-03T00:00:00Z","timestamp":1743638400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Cisco Research, the DEVCOM ARL Army Research Office","award":["W911NF-2020-221"],"award-info":[{"award-number":["W911NF-2020-221"]}]},{"name":"National Science Foundation","award":["CNS-2333487 and CNS-2038986"],"award-info":[{"award-number":["CNS-2333487 and CNS-2038986"]}]},{"name":"Cisco Research and the National Science Foundation","award":["CNS-2247794 and CNS-2207204"],"award-info":[{"award-number":["CNS-2247794 and CNS-2207204"]}]},{"name":"DEVCOM ARL Army Research Office","award":["W911NF-2020-221"],"award-info":[{"award-number":["W911NF-2020-221"]}]},{"name":"NSF","award":["CNS-2146449 (NSF-CAREER) and CNS-2333487 (NSF-FRONTIER)"],"award-info":[{"award-number":["CNS-2146449 (NSF-CAREER) and CNS-2333487 (NSF-FRONTIER)"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2025,9,30]]},"abstract":"<jats:p>\n            Deep learning has shown incredible potential across a wide array of tasks, and accompanied by this growth has been an insatiable appetite for data. However, a large amount of data needed for enabling deep learning is stored on personal devices, and recent concerns on privacy have further highlighted challenges for accessing such data. As a result, federated learning (FL) has emerged as an important privacy-preserving technology that enables collaborative training of machine learning models without the need to send the raw, potentially sensitive, data to a central server. However, the fundamental premise that sending model updates to a server is privacy-preserving only holds if the updates cannot be \u201creverse engineered\u201d to infer information about the private training data. It has been shown under a wide variety of settings that this privacy premise does\n            <jats:italic>not<\/jats:italic>\n            hold.\n          <\/jats:p>\n          <jats:p>In this article we provide a comprehensive literature review of the different privacy attacks and defense methods in FL. We identify the current limitations of these attacks and highlight the settings in which the privacy of an FL client can be broken. We further dissect some of the successful industry applications of FL and draw lessons for future successful adoption. We survey the emerging landscape of privacy regulation for FL and conclude with future directions for taking FL toward the cherished goal of generating accurate models while preserving the privacy of the data from its participants.<\/jats:p>","DOI":"10.1145\/3724113","type":"journal-article","created":{"date-parts":[[2025,3,21]],"date-time":"2025-03-21T11:15:46Z","timestamp":1742555746000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["The Federation Strikes Back: A Survey of Federated Learning Privacy Attacks, Defenses, Applications, and Policy Landscape"],"prefix":"10.1145","volume":"57","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1868-0473","authenticated-orcid":false,"given":"Joshua","family":"Zhao","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4239-5632","authenticated-orcid":false,"given":"Saurabh","family":"Bagchi","sequence":"additional","affiliation":[{"name":"ECE, Purdue University System, West Lafayette, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3102-0867","authenticated-orcid":false,"given":"Salman","family":"Avestimehr","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6425-5403","authenticated-orcid":false,"given":"Kevin","family":"Chan","sequence":"additional","affiliation":[{"name":"US Army Research Laboratory, Adelphi, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3651-6362","authenticated-orcid":false,"given":"Somali","family":"Chaterji","sequence":"additional","affiliation":[{"name":"Purdue University System, West Lafayette, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8483-0105","authenticated-orcid":false,"given":"Dimitris","family":"Dimitriadis","sequence":"additional","affiliation":[{"name":"Amazon.com Inc, Seattle, United States"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-6467-2311","authenticated-orcid":false,"given":"Jiacheng","family":"Li","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8207-9717","authenticated-orcid":false,"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, United States"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4567-1021","authenticated-orcid":false,"given":"Arash","family":"Nourian","sequence":"additional","affiliation":[{"name":"Amazon.com Inc, Seattle, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3662-8743","authenticated-orcid":false,"given":"Holger","family":"Roth","sequence":"additional","affiliation":[{"name":"NVIDIA Corp, Santa Clara, United States"}]}],"member":"320","published-online":{"date-parts":[[2025,4,3]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"[n.d.]. AI foundation model transparency act. ([n.d.]). https:\/\/beyer.house.gov\/uploadedfiles\/ai_foundation_model_transparency_act_text_118.pdf"},{"key":"e_1_3_2_3_2","unstructured":"[n.d.]. Algorithmic accountability act. ([n.d.]). https:\/\/www.congress.gov\/bill\/116th-congress\/house-bill\/2231"},{"key":"e_1_3_2_4_2","unstructured":"[n.d.]. California consumer privacy act. ([n.d.]). https:\/\/oag.ca.gov\/privacy\/ccpa"},{"key":"e_1_3_2_5_2","unstructured":"[n.d.]. California privacy rights act. ([n.d.]). https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5"},{"key":"e_1_3_2_6_2","unstructured":"[n.d.]. EPIC project. ([n.d.]). https:\/\/epic.org\/the-state-of-state-ai-laws-2023\/#::text=Of%20the%20AI%2Drelated%20laws profiling%20and%20requiring%20impact%20assessments"},{"key":"e_1_3_2_7_2","unstructured":"[n.d.]. Federated learning may provide a solution for future digital health challenges howpublished = https:\/\/www.kcl.ac.uk\/news\/federated-learning-may-provide-a-solution-for-future-digital-health-challenges note = Accessed: 2025\/04\/03 12:51:17."},{"key":"e_1_3_2_8_2","unstructured":"[n.d.]. Federated Learning with Formal Differential Privacy Guarantees. https:\/\/blog.research.google\/2022\/02\/federated-learning-with-formal.html. Accessed: 2023-12-18."},{"key":"e_1_3_2_9_2","unstructured":"[n.d.]. The federated tumor segmentation (fets) initiative. https:\/\/www.med.upenn.edu\/cbica\/fets. Accessed: 2025\/04\/03 12:51:17."},{"key":"e_1_3_2_10_2","unstructured":"[n.d.]. FTC: AI companies: Uphold your privacy and confidentiality commitments. ([n.d.]). https:\/\/www.ftc.gov\/policy\/advocacy-research\/tech-at-ftc\/2024\/01\/ai-companies-uphold-your-privacy-confidentiality-commitments"},{"key":"e_1_3_2_11_2","unstructured":"[n.d.]. GDPR-general data protection regulation. ([n.d.]). https:\/\/gdpr-info.eu\/"},{"key":"e_1_3_2_12_2","unstructured":"[n.d.]. Gramm-leach-bliley act. ([n.d.]). https:\/\/www.ftc.gov\/business-guidance\/privacy-security\/gramm-leach-bliley-act"},{"key":"e_1_3_2_13_2","unstructured":"[n.d.]. Health insurance portability and accountability act. ([n.d.]). https:\/\/www.hhs.gov\/hipaa\/index.html"},{"key":"e_1_3_2_14_2","unstructured":"[n.d.]. HealthChain consortium howpublished = https:\/\/www.labelia.org\/en\/healthchain-project note = Accessed: 2025\/04\/03 12:51:17."},{"key":"e_1_3_2_15_2","unstructured":"[n.d.]. H.R.8152 - American data privacy and protection act. ([n.d.]). https:\/\/www.congress.gov\/bill\/117th-congress\/house-bill\/8152\/text"},{"key":"e_1_3_2_16_2","unstructured":"[n.d.]. Rhino Health and the American College of Radiology Enable Privacy-Preserving Artificial Intelligence. https:\/\/www.accesswire.com\/728071\/rhino-health-and-the-american-college-of-radiology-enable-privacy-preserving-artificial-intelligence. Accessed: 2025\/04\/03 12:51:17."},{"key":"e_1_3_2_17_2","unstructured":"[n.d.]. Texas data privacy and security act. ([n.d.]). https:\/\/capitol.texas.gov\/BillLookup\/Text.aspx?LegSess=88R&Bill=HB4"},{"key":"e_1_3_2_18_2","unstructured":"[n.d.]. Trustworthy Federated Data Analytics (TFDA). https:\/\/tfda.hmsp.center\/. Accessed: 2025\/04\/03 12:51:17."},{"key":"e_1_3_2_19_2","unstructured":"[n.d.]. United Nations money laundering overview. ([n.d.]). https:\/\/www.unodc.org\/unodc\/en\/money-laundering\/overview.html"},{"key":"e_1_3_2_20_2","unstructured":"2021. Application of federated learning in predictive maintenance to predict remaining useful life. (2021). https:\/\/ifoadatascienceresearch.github.io\/assets\/pdfs\/FL_predictive_maintenance.pdf"},{"key":"e_1_3_2_21_2","first-page":"8866","volume-title":"Proceedings of the ICASSP 2020-2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","author":"Abad Mehdi Salehi Heydar","year":"2020","unstructured":"Mehdi Salehi Heydar Abad, Emre Ozfatura, Deniz Gunduz, and Ozgur Ercetin. 2020. Hierarchical federated learning across heterogeneous cellular networks. In Proceedings of the ICASSP 2020-2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 8866\u20138870."},{"key":"e_1_3_2_22_2","doi-asserted-by":"crossref","first-page":"308","DOI":"10.1145\/2976749.2978318","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","author":"Abadi Mart\u00edn","year":"2016","unstructured":"Mart\u00edn Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 308\u2013318."},{"key":"e_1_3_2_23_2","unstructured":"Sean Augenstein Andrew Hard Lin Ning Karan Singhal Satyen Kale Kurt Partridge and Rajiv Mathews. 2022. Mixed Federated Learning: Joint Decentralized and Centralized Learning. arXiv:2205.13655"},{"key":"e_1_3_2_24_2","doi-asserted-by":"crossref","first-page":"1253","DOI":"10.1145\/3372297.3417885","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Bell James Henry","year":"2020","unstructured":"James Henry Bell, Kallista A. Bonawitz, Adri\u00e0 Gasc\u00f3n, Tancr\u00e8de Lepoint, and Mariana Raykova. 2020. Secure single-server aggregation with (poly) logarithmic overhead. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1253\u20131269."},{"key":"e_1_3_2_25_2","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1109\/EuroSP57164.2023.00023","volume-title":"Proceedings of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)","author":"Boenisch Franziska","year":"2023","unstructured":"Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2023. Reconstructing individual data points in federated learning hardened with differential privacy and secure aggregation. In Proceedings of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE, 241\u2013257."},{"key":"e_1_3_2_26_2","article-title":"When the curious abandon honesty: Federated learning is not private","author":"Boenisch Franziska","year":"2023","unstructured":"Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2023. When the curious abandon honesty: Federated learning is not private. Proceedings of the 8th IEEE European Symposium on Security and Privacy (IEEE Euro S&P) (2023).","journal-title":"Proceedings of the 8th IEEE European Symposium on Security and Privacy (IEEE Euro S&P)"},{"key":"e_1_3_2_27_2","doi-asserted-by":"crossref","first-page":"1175","DOI":"10.1145\/3133956.3133982","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","author":"Bonawitz Keith","year":"2017","unstructured":"Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. 2017. Practical secure aggregation for privacy-preserving machine learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1175\u20131191."},{"key":"e_1_3_2_28_2","doi-asserted-by":"crossref","first-page":"63229","DOI":"10.1109\/ACCESS.2021.3075203","article-title":"Vulnerabilities in federated learning","volume":"9","author":"Bouacida Nader","year":"2021","unstructured":"Nader Bouacida and Prasant Mohapatra. 2021. Vulnerabilities in federated learning. IEEE Access 9 (2021), 63229\u201363249.","journal-title":"IEEE Access"},{"key":"e_1_3_2_29_2","first-page":"1","volume-title":"Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN)","author":"Briggs Christopher","year":"2020","unstructured":"Christopher Briggs, Zhong Fan, and Peter Andras. 2020. Federated learning with hierarchical clustering of local updates to improve training on non-IID data. In Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN). IEEE, 1\u20139."},{"key":"e_1_3_2_30_2","doi-asserted-by":"crossref","first-page":"1897","DOI":"10.1109\/SP46214.2022.9833649","volume-title":"Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP)","author":"Carlini Nicholas","year":"2022","unstructured":"Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramer. 2022. Membership inference attacks from first principles. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 1897\u20131914."},{"issue":"1","key":"e_1_3_2_31_2","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1093\/bib\/bbx102","article-title":"Federation in genomics pipelines: Techniques and challenges","volume":"20","author":"Chaterji Somali","year":"2019","unstructured":"Somali Chaterji, Jinkyu Koo, Ninghui Li, Folker Meyer, Ananth Grama, and Saurabh Bagchi. 2019. Federation in genomics pipelines: Techniques and challenges. Briefings in Bioinformatics 20, 1 (2019), 235\u2013244.","journal-title":"Briefings in Bioinformatics"},{"key":"e_1_3_2_32_2","article-title":"Privacy and fairness in federated learning: On the perspective of trade-off","author":"Chen Huiqiang","year":"2023","unstructured":"Huiqiang Chen, Tianqing Zhu, Tao Zhang, Wanlei Zhou, and Philip S. Yu. 2023. Privacy and fairness in federated learning: On the perspective of trade-off. Comput. Surveys (2023).","journal-title":"Comput. Surveys"},{"key":"e_1_3_2_33_2","doi-asserted-by":"crossref","first-page":"785","DOI":"10.1145\/2939672.2939785","volume-title":"Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD \u201916)","author":"Chen Tianqi","year":"2016","unstructured":"Tianqi Chen and Carlos Guestrin. 2016. XGBoost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD \u201916) (San Francisco, CA) . ACM, New York, 785\u2013794. 10.1145\/2939672.2939785"},{"key":"e_1_3_2_34_2","first-page":"382","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP)","author":"Chen Yanjiao","year":"2023","unstructured":"Yanjiao Chen, Rui Guan, Xueluan Gong, Jianshuo Dong, and Meng Xue. 2023. D-dae: Defense-penetrating model extraction attacks. In Proceedings of the IEEE Symposium on Security and Privacy (SP). IEEE, 382\u2013399."},{"key":"e_1_3_2_35_2","first-page":"4256","volume-title":"Proceedings of the 2022 IEEE International Conference on Big Data (Big Data)","author":"Chen Yao","year":"2022","unstructured":"Yao Chen, Yijie Gui, Hong Lin, Wensheng Gan, and Yongdong Wu. 2022. Federated learning attacks and defenses: A survey. In Proceedings of the 2022 IEEE International Conference on Big Data (Big Data). IEEE, 4256\u20134265."},{"issue":"6","key":"e_1_3_2_36_2","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1109\/MIS.2021.3082561","article-title":"SecureBoost: A lossless federated learning framework","volume":"36","author":"Cheng Kewei","year":"2021","unstructured":"Kewei Cheng, Tao Fan, Yilun Jin, Yang Liu, Tianjian Chen, Dimitrios Papadopoulos, and Qiang Yang. 2021. SecureBoost: A lossless federated learning framework. IEEE Intelligent Systems 36, 6 (2021), 87\u201398.","journal-title":"IEEE Intelligent Systems"},{"key":"e_1_3_2_37_2","doi-asserted-by":"crossref","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","volume-title":"Advances in Cryptology\u2013ASIACRYPT 2017: Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security(Hong Kong, China, December 3-7, 2017), Part I 23","author":"Cheon Jung Hee","year":"2017","unstructured":"Jung Hee Cheon, Andrey Kim, Miran Kim, and Yongsoo Song. 2017. Homomorphic encryption for arithmetic of approximate numbers. In Advances in Cryptology\u2013ASIACRYPT 2017: Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security(Hong Kong, China, December 3-7, 2017), Part I 23. Springer, 409\u2013437."},{"key":"e_1_3_2_38_2","first-page":"17041","volume-title":"Proceedings of the 2023 IEEE\/CVF International Conference on Computer Vision (ICCV)","author":"Cho Yae Jee","year":"2023","unstructured":"Yae Jee Cho, Gauri Joshi, and Dimitrios Dimitriadis. 2023. Local or global: Selective knowledge assimilation for federated learning with limited labels. In Proceedings of the 2023 IEEE\/CVF International Conference on Computer Vision (ICCV). 17041\u201317050. 10.1109\/ICCV51070.2023.01567"},{"key":"e_1_3_2_39_2","first-page":"2881","volume-title":"Proceedings of the 31st International Joint Conference on Artificial Intelligence (IJCAI-22)","author":"Cho Yae Jee","year":"2022","unstructured":"Yae Jee Cho, Andre Manoel, Gauri Joshi, Robert Sim, and Dimitrios Dimitriadis. 2022. Heterogeneous ensemble knowledge transfer for training large models in federated learning. In Proceedings of the 31st International Joint Conference on Artificial Intelligence (IJCAI-22). International Joint Conferences on Artificial Intelligence Organization, 2881\u20132887."},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.2759\/346720"},{"key":"e_1_3_2_41_2","article-title":"Fed-BioMed: Open, transparent and trusted federated learning for real-world healthcare applications","author":"Cremonesi Francesco","year":"2023","unstructured":"Francesco Cremonesi, Marc Vesin, Sergen Cansiz, Yannick Bouillard, Irene Balelli, Lucia Innocenti, Santiago Silva, Samy-Safwan Ayed, Riccardo Taiello, Laetita Kameni, et\u00a0al. 2023. Fed-BioMed: Open, transparent and trusted federated learning for real-world healthcare applications. arXiv preprint arXiv:2304.12012 (2023).","journal-title":"arXiv preprint arXiv:2304.12012"},{"issue":"10","key":"e_1_3_2_42_2","doi-asserted-by":"crossref","first-page":"1735","DOI":"10.1038\/s41591-021-01506-3","article-title":"Federated learning for predicting clinical outcomes in patients with COVID-19","volume":"27","author":"Dayan Ittai","year":"2021","unstructured":"Ittai Dayan, Holger R. Roth, Aoxiao Zhong, Ahmed Harouni, Amilcare Gentili, Anas Z. Abidin, Andrew Liu, Anthony Beardsworth Costa, Bradford J.Wood, Chien-Sung Tsai, et\u00a0al. 2021. Federated learning for predicting clinical outcomes in patients with COVID-19. Nature Medicine 27, 10 (2021), 1735\u20131743.","journal-title":"Nature Medicine"},{"key":"e_1_3_2_43_2","article-title":"Unlocking high-accuracy differentially private image classification through scale","volume":"2204","author":"De Soham","year":"2022","unstructured":"Soham De, Leonard Berrada, Jamie Hayes, Samuel L. Smith, and Borja Balle. 2022. Unlocking high-accuracy differentially private image classification through scale. CoRR abs\/2204.13650 (2022).","journal-title":"CoRR"},{"key":"e_1_3_2_44_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Diao Enmao","year":"2021","unstructured":"Enmao Diao, Jie Ding, and Vahid Tarokh. 2021. Hetero{FL}: Computation and communication efficient federated learning for heterogeneous clients. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_2_45_2","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1109\/SaTML54575.2023.00017","volume-title":"Proceedings of the 2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)","author":"Dibbo Sayanton V.","year":"2023","unstructured":"Sayanton V. Dibbo, Dae Lim Chung, and Shagufta Mehnaz. 2023. Model inversion attack with least information and an in-depth analysis of its disparate vulnerability. In Proceedings of the 2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML). IEEE, 119\u2013135."},{"issue":"6","key":"e_1_3_2_46_2","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Diffie Whitfield","year":"1976","unstructured":"Whitfield Diffie and Martin Hellman. 1976. New directions in cryptography. IEEE Transactions on Information Theory 22, 6 (1976), 644\u2013654.","journal-title":"IEEE Transactions on Information Theory"},{"key":"e_1_3_2_47_2","article-title":"Gaussian differential privacy","author":"Dong Jinshuo","year":"2019","unstructured":"Jinshuo Dong, Aaron Roth, and Weijie J. Su. 2019. Gaussian differential privacy. arXiv preprint arXiv:1905.02383 (2019).","journal-title":"arXiv preprint arXiv:1905.02383"},{"key":"e_1_3_2_48_2","first-page":"1","volume-title":"Proceedings of the International Conference on Theory and Applications of Models of Computation","author":"Dwork Cynthia","year":"2008","unstructured":"Cynthia Dwork. 2008. Differential privacy: A survey of results. In Proceedings of the International Conference on Theory and Applications of Models of Computation. Springer, 1\u201319."},{"key":"e_1_3_2_49_2","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/11681878_14","volume-title":"Proceedings of the Theory of Cryptography Conference","author":"Dwork Cynthia","year":"2006","unstructured":"Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Proceedings of the Theory of Cryptography Conference. Springer, 265\u2013284."},{"key":"e_1_3_2_50_2","doi-asserted-by":"crossref","first-page":"22359","DOI":"10.1109\/ACCESS.2022.3151670","article-title":"Differential privacy for deep and federated learning: A survey","volume":"10","author":"Ouadrhiri Ahmed El","year":"2022","unstructured":"Ahmed El Ouadrhiri and Ahmed Abdelhadi. 2022. Differential privacy for deep and federated learning: A survey. IEEE Access 10 (2022), 22359\u201322380.","journal-title":"IEEE Access"},{"key":"e_1_3_2_51_2","article-title":"How much privacy does federated learning with secure aggregation guarantee?","author":"Elkordy Ahmed Roushdy","year":"2022","unstructured":"Ahmed Roushdy Elkordy, Jiang Zhang, Yahya H Ezzeldin, Konstantinos Psounis, and Salman Avestimehr. 2022. How much privacy does federated learning with secure aggregation guarantee? arXiv preprint arXiv:2208.02304 (2022).","journal-title":"arXiv preprint arXiv:2208.02304"},{"key":"e_1_3_2_52_2","first-page":"32","volume-title":"Federated Learning","author":"Fan Lixin","year":"2020","unstructured":"Lixin Fan, Kam Woh Ng, Ce Ju, Tianyu Zhang, Chang Liu, Chee Seng Chan, and Qiang Yang. 2020. Rethinking privacy preserving deep learning: How to evaluate and thwart privacy attacks. In Federated Learning. Springer, 32\u201350."},{"issue":"4","key":"e_1_3_2_53_2","doi-asserted-by":"crossref","first-page":"94","DOI":"10.3390\/fi13040094","article-title":"Privacy preserving machine learning with homomorphic encryption and federated learning","volume":"13","author":"Fang Haokun","year":"2021","unstructured":"Haokun Fang and Quan Qian. 2021. Privacy preserving machine learning with homomorphic encryption and federated learning. Future Internet 13, 4 (2021), 94.","journal-title":"Future Internet"},{"issue":"11","key":"e_1_3_2_54_2","first-page":"2687","article-title":"Min-max cost optimization for efficient hierarchical federated learning in wireless edge networks","volume":"33","author":"Feng Jie","year":"2021","unstructured":"Jie Feng, Lei Liu, Qingqi Pei, and Keqin Li. 2021. Min-max cost optimization for efficient hierarchical federated learning in wireless edge networks. IEEE Transactions on Parallel and Distributed Systems 33, 11 (2021), 2687\u20132700.","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"issue":"3","key":"e_1_3_2_55_2","doi-asserted-by":"crossref","first-page":"267","DOI":"10.24033\/asens.1013","article-title":"Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique","volume":"70","author":"Fortet Robert","year":"1953","unstructured":"Robert Fortet and Edith Mourier. 1953. Convergence de la r\u00e9partition empirique vers la r\u00e9partition th\u00e9orique. Annales Scientifiques de l\u2019\u00c9cole Normale Sup\u00e9rieure 70, 3 (1953), 267\u2013285.","journal-title":"Annales Scientifiques de l\u2019\u00c9cole Normale Sup\u00e9rieure"},{"key":"e_1_3_2_56_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Fowl Liam H.","year":"2022","unstructured":"Liam H. Fowl, Jonas Geiping, Wojciech Czaja, Micah Goldblum, and Tom Goldstein. 2022. Robbing the Fed: Directly obtaining private data in federated learning with modified models. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_2_57_2","doi-asserted-by":"crossref","first-page":"1322","DOI":"10.1145\/2810103.2813677","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","author":"Fredrikson Matt","year":"2015","unstructured":"Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1322\u20131333."},{"issue":"1","key":"e_1_3_2_58_2","doi-asserted-by":"crossref","first-page":"5910","DOI":"10.1038\/s41467-021-25972-y","article-title":"Truly privacy-preserving federated analytics for precision medicine with multiparty homomorphic encryption","volume":"12","author":"Froelicher David","year":"2021","unstructured":"David Froelicher, Juan R. Troncoso-Pastoriza, Jean Louis Raisaro, Michel A. Cuendet, Joao Sa Sousa, Hyunghoon Cho, Bonnie Berger, Jacques Fellay, and Jean-Pierre Hubaux. 2021. Truly privacy-preserving federated analytics for precision medicine with multiparty homomorphic encryption. Nature Communications 12, 1 (2021), 5910.","journal-title":"Nature Communications"},{"key":"e_1_3_2_59_2","first-page":"619","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","author":"Ganju Karan","year":"2018","unstructured":"Karan Ganju, Qi Wang, Wei Yang, Carl A Gunter, and Nikita Borisov. 2018. Property inference attacks on fully connected neural networks using permutation invariant representations. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 619\u2013633."},{"key":"e_1_3_2_60_2","first-page":"2277-2294","article-title":"Failure prediction in production line based on federated learning: An empirical study","volume":"33","author":"Ge Ning","year":"2021","unstructured":"Ning Ge, Guanghao Li, Li Zhang, and Yi Liu. 2021. Failure prediction in production line based on federated learning: An empirical study. Journal of Intelligent Manufacturing 33 (2021), 2277-2294. https:\/\/api.semanticscholar.org\/CorpusID:231719718","journal-title":"Journal of Intelligent Manufacturing"},{"key":"e_1_3_2_61_2","first-page":"16937","article-title":"Inverting gradients-how easy is it to break privacy in federated learning?","volume":"33","author":"Geiping Jonas","year":"2020","unstructured":"Jonas Geiping, Hartmut Bauermeister, Hannah Dr\u00f6ge, and Michael Moeller. 2020. Inverting gradients-how easy is it to break privacy in federated learning? Advances in Neural Information Processing Systems 33 (2020), 16937\u201316947.","journal-title":"Advances in Neural Information Processing Systems"},{"issue":"12","key":"e_1_3_2_62_2","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1109\/MCOM.001.2000196","article-title":"Model extraction attacks and defenses on cloud-based machine learning models","volume":"58","author":"Gong Xueluan","year":"2020","unstructured":"Xueluan Gong, Qian Wang, Yanjiao Chen, Wang Yang, and Xinchang Jiang. 2020. Model extraction attacks and defenses on cloud-based machine learning models. IEEE Communications Magazine 58, 12 (2020), 83\u201389.","journal-title":"IEEE Communications Magazine"},{"key":"e_1_3_2_63_2","unstructured":"Andrew Hard Chlo\u00e9 M Kiddon Daniel Ramage Francoise Beaufays Hubert Eichner Kanishka Rao Rajiv Mathews and Sean Augenstein. 2018. Federated Learning for Mobile Keyboard Prediction. https:\/\/arxiv.org\/abs\/1811.03604"},{"key":"e_1_3_2_64_2","doi-asserted-by":"crossref","unstructured":"Ali Hatamizadeh Hongxu Yin Pavlo Molchanov Andriy Myronenko Wenqi Li Prerna Dogra Andrew Feng Mona G. Flores Jan Kautz Daguang Xu and Holger R. Roth. 2023. Do gradient inversion attacks make federated learning unsafe? IEEE Transactions on Medical Imaging (2023).","DOI":"10.1109\/TMI.2023.3239391"},{"key":"e_1_3_2_65_2","first-page":"10021","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Hatamizadeh Ali","year":"2022","unstructured":"Ali Hatamizadeh, Hongxu Yin, Holger R. Roth, Wenqi Li, Jan Kautz, Daguang Xu, and Pavlo Molchanov. 2022. Gradvit: Gradient inversion of vision transformers. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 10021\u201310030."},{"key":"e_1_3_2_66_2","article-title":"Melloddy: Cross-pharma federated learning at unprecedented scale unlocks benefits in qsar without compromising proprietary information","author":"Heyndrickx Wouter","year":"2023","unstructured":"Wouter Heyndrickx, Lewis Mervin, Tobias Morawietz, No\u00e9 Sturm, Lukas Friedrich, Adam Zalewski, Anastasia Pentina, Lina Humbeck, Martijn Oldenhof, Ritsuya Niwayama, et\u00a0al. 2023. Melloddy: Cross-pharma federated learning at unprecedented scale unlocks benefits in qsar without compromising proprietary information. Journal of Chemical Information and Modeling (2023).","journal-title":"Journal of Chemical Information and Modeling"},{"key":"e_1_3_2_67_2","doi-asserted-by":"crossref","first-page":"603","DOI":"10.1145\/3133956.3134012","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","author":"Hitaj Briland","year":"2017","unstructured":"Briland Hitaj, Giuseppe Ateniese, and Fernando Perez-Cruz. 2017. Deep models under the GAN: Information leakage from collaborative deep learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 603\u2013618."},{"key":"e_1_3_2_68_2","first-page":"814","article-title":"Papaya: Practical, private, and scalable federated learning","volume":"4","author":"Huba Dzmitry","year":"2022","unstructured":"Dzmitry Huba, John Nguyen, Kshitiz Malik, Ruiyu Zhu, Mike Rabbat, Ashkan Yousefpour, Carole-Jean Wu, Hongyuan Zhan, Pavel Ustinov, Harish Srinivas, et\u00a0al. 2022. Papaya: Practical, private, and scalable federated learning. Proceedings of Machine Learning and Systems 4 (2022), 814\u2013832.","journal-title":"Proceedings of Machine Learning and Systems"},{"key":"e_1_3_2_69_2","volume-title":"Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)","author":"Hui Bo","year":"2021","unstructured":"Bo Hui, Yuchen Yang, Haolin Yuan, Philippe Burlina, Neil Zhenqiang Gong, and Yinzhi Cao. 2021. Practical blind membership inference attack via differential comparisons. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_70_2","article-title":"Swiftagg: Communication-efficient and dropout-resistant secure aggregation for federated learning with worst-case security guarantees","author":"Jahani-Nezhad Tayyebeh","year":"2022","unstructured":"Tayyebeh Jahani-Nezhad, Mohammad Ali Maddah-Ali, Songze Li, and Giuseppe Caire. 2022. Swiftagg: Communication-efficient and dropout-resistant secure aggregation for federated learning with worst-case security guarantees. arXiv preprint arXiv:2202.04169 (2022).","journal-title":"arXiv preprint arXiv:2202.04169"},{"key":"e_1_3_2_71_2","article-title":"Federated action recognition on heterogeneous embedded devices","author":"Jain Pranjal","year":"2021","unstructured":"Pranjal Jain, Shreyas Goenka, Saurabh Bagchi, Biplab Banerjee, and Somali Chaterji. 2021. Federated action recognition on heterogeneous embedded devices. arXiv preprint arXiv:2107.12147 (2021).","journal-title":"arXiv preprint arXiv:2107.12147"},{"issue":"2","key":"e_1_3_2_72_2","article-title":"Revisiting membership inference under realistic assumptions","volume":"2021","author":"Jayaraman Bargav","year":"2021","unstructured":"Bargav Jayaraman, Lingxiao Wang, Katherine Knipmeyer, Quanquan Gu, and David Evans. 2021. Revisiting membership inference under realistic assumptions. Proceedings on Privacy Enhancing Technologies 2021, 2 (2021).","journal-title":"Proceedings on Privacy Enhancing Technologies"},{"key":"e_1_3_2_73_2","article-title":"FedML-HE: An efficient homomorphic-encryption-based privacy-preserving federated learning system","author":"Jin Weizhao","year":"2023","unstructured":"Weizhao Jin, Yuhang Yao, Shanshan Han, Carlee Joe-Wong, Srivatsan Ravi, Salman Avestimehr, and Chaoyang He. 2023. FedML-HE: An efficient homomorphic-encryption-based privacy-preserving federated learning system. arXiv preprint arXiv:2303.10837 (2023).","journal-title":"arXiv preprint arXiv:2303.10837"},{"key":"e_1_3_2_74_2","article-title":"Fastsecagg: Scalable secure aggregation for privacy-preserving federated learning","author":"Kadhe Swanand","year":"2020","unstructured":"Swanand Kadhe, Nived Rajaraman, O. Ozan Koyluoglu, and Kannan Ramchandran. 2020. Fastsecagg: Scalable secure aggregation for privacy-preserving federated learning. arXiv preprint arXiv:2009.11248 (2020).","journal-title":"arXiv preprint arXiv:2009.11248"},{"key":"e_1_3_2_75_2","first-page":"15884","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Kariyappa Sanjay","year":"2023","unstructured":"Sanjay Kariyappa, Chuan Guo, Kiwan Maeng, Wenjie Xiong, G. Edward Suh, Moinuddin K. Qureshi, and Hsien-Hsin S. Lee. 2023. Cocktail party attack: Breaking aggregation-based privacy in federated learning using independent component analysis. In Proceedings of the International Conference on Machine Learning. PMLR, 15884\u201315899."},{"key":"e_1_3_2_76_2","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1016\/j.procs.2022.12.227","article-title":"Federated learning as a privacy solution-an overview","volume":"217","author":"Khan Mashal","year":"2023","unstructured":"Mashal Khan, Frank G. Glavin, and Matthias Nickles. 2023. Federated learning as a privacy solution-an overview. Procedia Computer Science 217 (2023), 316\u2013325.","journal-title":"Procedia Computer Science"},{"key":"e_1_3_2_77_2","first-page":"2650","volume-title":"Proceedings of the ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","author":"Kim Muah","year":"2021","unstructured":"Muah Kim, Onur G\u00fcnl\u00fc, and Rafael F. Schaefer. 2021. Federated learning with local differential privacy: Trade-offs between privacy, utility, and communication. In Proceedings of the ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2650\u20132654."},{"key":"e_1_3_2_78_2","first-page":"5381","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Koloskova Anastasia","year":"2020","unstructured":"Anastasia Koloskova, Nicolas Loizou, Sadra Boreiri, Martin Jaggi, and Sebastian Stich. 2020. A unified theory of decentralized SGD with changing topology and local updates. In Proceedings of the International Conference on Machine Learning. PMLR, 5381\u20135393."},{"key":"e_1_3_2_79_2","first-page":"239","volume-title":"Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems (SENSYS)","author":"Koo Jinkyu","year":"2009","unstructured":"Jinkyu Koo, Rajesh K Panta, Saurabh Bagchi, and Luis Montestruque. 2009. A tale of two synchronizing clocks. In Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems (SENSYS). 239\u2013252."},{"key":"e_1_3_2_80_2","first-page":"2560","volume-title":"Proceedings of the International Conference on Artificial Intelligence and Statistics","author":"Koskela Antti","year":"2020","unstructured":"Antti Koskela, Joonas J\u00e4lk\u00f6, and Antti Honkela. 2020. Computing tight differential privacy guarantees using FFT. In Proceedings of the International Conference on Artificial Intelligence and Statistics. PMLR, 2560\u20132569."},{"key":"e_1_3_2_81_2","first-page":"5959","volume-title":"International Conference on Machine Learning","author":"Lam Maximilian","year":"2021","unstructured":"Maximilian Lam, Gu-Yeon Wei, David Brooks, Vijay Janapa Reddi, and Michael Mitzenmacher. 2021. Gradient disaggregation: Breaking privacy in federated learning by reconstructing the user participant matrix. In Proceedings of theInternational Conference on Machine Learning. PMLR, 5959\u20135968."},{"key":"e_1_3_2_82_2","doi-asserted-by":"crossref","unstructured":"Joon-Woo Lee HyungChul Kang Yongwoo Lee Woosuk Choi Jieun Eom Maxim Deryabin Eunsang Lee Junghyun Lee Donghoon Yoo Young-Sik Kim and Jong-Seon No. 2022. Privacy-preserving machine learning with fully homomorphic encryption for deep neural network. IEEE Access 10 (2022) 30039\u201330054.","DOI":"10.1109\/ACCESS.2022.3159694"},{"key":"e_1_3_2_83_2","first-page":"5","volume-title":"Proceedings of the 11th ACM Conference on Data and Application Security and Privacy","author":"Li Jiacheng","year":"2021","unstructured":"Jiacheng Li, Ninghui Li, and Bruno Ribeiro. 2021. Membership inference attacks and defenses in classification models. In Proceedings of the 11th ACM Conference on Data and Application Security and Privacy. 5\u201316."},{"key":"e_1_3_2_84_2","volume-title":"Proceedings of the 11th International Conference on Learning Representations","author":"Li Jiacheng","year":"2022","unstructured":"Jiacheng Li, Ninghui Li, and Bruno Ribeiro. 2022. Effective passive membership inference attacks in federated learning against overparameterized models. In Proceedings of the 11th International Conference on Learning Representations."},{"key":"e_1_3_2_85_2","first-page":"9766","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Li Shuangtong","year":"2022","unstructured":"Shuangtong Li, Tianyi Zhou, Xinmei Tian, and Dacheng Tao. 2022. Learning to collaborate in decentralized learning of personalized models. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 9766\u20139775."},{"issue":"3","key":"e_1_3_2_86_2","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MSP.2020.2975749","article-title":"Federated learning: Challenges, methods, and future directions","volume":"37","author":"Li Tian","year":"2020","unstructured":"Tian Li, Anit Kumar Sahu, Ameet Talwalkar, and Virginia Smith. 2020. Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine 37, 3 (2020), 50\u201360.","journal-title":"IEEE Signal Processing Magazine"},{"key":"e_1_3_2_87_2","first-page":"1","volume-title":"Proceedings of the 2020 IEEE International Conference on Communications (ICC 2020)","author":"Liu Lumin","year":"2020","unstructured":"Lumin Liu, Jun Zhang, SH Song, and Khaled B Letaief. 2020. Client-edge-cloud hierarchical federated learning. In Proceedings of the 2020 IEEE International Conference on Communications (ICC 2020). IEEE, 1\u20136."},{"issue":"1","key":"e_1_3_2_88_2","first-page":"2","article-title":"Hierarchical federated learning with quantization: Convergence analysis and system design","volume":"22","author":"Liu Lumin","year":"2022","unstructured":"Lumin Liu, Jun Zhang, Shenghui Song, and Khaled B Letaief. 2022. Hierarchical federated learning with quantization: Convergence analysis and system design. IEEE Transactions on Wireless Communications 22, 1 (2022), 2\u201318.","journal-title":"IEEE Transactions on Wireless Communications"},{"issue":"1","key":"e_1_3_2_89_2","first-page":"1","article-title":"Threats, attacks and defenses to federated learning: Issues, taxonomy and perspectives","volume":"5","author":"Liu Pengrui","year":"2022","unstructured":"Pengrui Liu, Xiangrui Xu, and Wei Wang. 2022. Threats, attacks and defenses to federated learning: Issues, taxonomy and perspectives. Cybersecurity 5, 1 (2022), 1\u201319.","journal-title":"Cybersecurity"},{"key":"e_1_3_2_90_2","article-title":"Privacy and robustness in federated learning: Attacks and defenses","author":"Lyu Lingjuan","year":"2022","unstructured":"Lingjuan Lyu, Han Yu, Xingjun Ma, Chen Chen, Lichao Sun, Jun Zhao, Qiang Yang, and S. Yu Philip. 2022. Privacy and robustness in federated learning: Attacks and defenses. IEEE Transactions on Neural Networks and Learning Systems (2022).","journal-title":"IEEE Transactions on Neural Networks and Learning Systems"},{"key":"e_1_3_2_91_2","first-page":"223","volume-title":"Proceedings of the 2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Mahgoub Ashraf","year":"2019","unstructured":"Ashraf Mahgoub, Paul Wood, Alexander Medoff, Subrata Mitra, Folker Meyer, Somali Chaterji, and Saurabh Bagchi. 2019. \\(\\lbrace\\) SOPHIA \\(\\rbrace\\) : Online reconfiguration of clustered \\(\\lbrace\\) NoSQL \\(\\rbrace\\) databases for \\(\\lbrace\\) Time-Varying \\(\\rbrace\\) workloads. In Proceedings of the 2019 USENIX Annual Technical Conference (USENIX ATC 19). 223\u2013240."},{"key":"e_1_3_2_92_2","first-page":"1273","volume-title":"Proceedings of the Artificial Intelligence and Statistics","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proceedings of the Artificial Intelligence and Statistics. PMLR, 1273\u20131282."},{"key":"e_1_3_2_93_2","first-page":"4579","volume-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security 22)","year":"2022","unstructured":"Shagufta Mehnaz, Sayanton V. Dibbo, Ehsanul Kabir, Ninghui Li, and Elisa Bertino. 2022. Are your sensitive attributes private? Novel model inversion attribute inference attacks on classification models. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22). 4579\u20134596."},{"key":"e_1_3_2_94_2","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1109\/SP.2019.00029","volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP)","author":"Melis Luca","year":"2019","unstructured":"Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2019. Exploiting unintended feature leakage in collaborative learning. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 691\u2013706."},{"key":"e_1_3_2_95_2","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1109\/CSF.2017.11","volume-title":"Proceedings of the 2017 IEEE 30th Computer Security Foundations Symposium (CSF)","author":"Mironov Ilya","year":"2017","unstructured":"Ilya Mironov. 2017. R\u00e9nyi differential privacy. In Proceedings of the 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE, 263\u2013275."},{"key":"e_1_3_2_96_2","doi-asserted-by":"crossref","first-page":"619","DOI":"10.1016\/j.future.2020.10.007","article-title":"A survey on security and privacy of federated learning","volume":"115","author":"Mothukuri Viraaji","year":"2021","unstructured":"Viraaji Mothukuri, Reza M. Parizi, Seyedamin Pouriyeh, Yan Huang, Ali Dehghantanha, and Gautam Srivastava. 2021. A survey on security and privacy of federated learning. Future Generation Computer Systems 115 (2021), 619\u2013640.","journal-title":"Future Generation Computer Systems"},{"key":"e_1_3_2_97_2","article-title":"Local and central differential privacy for robustness and privacy in federated learning","author":"Naseri Mohammad","year":"2020","unstructured":"Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro. 2020. Local and central differential privacy for robustness and privacy in federated learning. arXiv preprint arXiv:2009.03561 (2020).","journal-title":"arXiv preprint arXiv:2009.03561"},{"key":"e_1_3_2_98_2","article-title":"Tight auditing of differentially private machine learning","author":"Nasr Milad","year":"2023","unstructured":"Milad Nasr, Jamie Hayes, Thomas Steinke, Borja Balle, Florian Tram\u00e8r, Matthew Jagielski, Nicholas Carlini, and Andreas Terzis. 2023. Tight auditing of differentially private machine learning. arXiv preprint arXiv:2302.07956 (2023).","journal-title":"arXiv preprint arXiv:2302.07956"},{"key":"e_1_3_2_99_2","doi-asserted-by":"crossref","first-page":"739","DOI":"10.1109\/SP.2019.00065","volume-title":"2019 IEEE Symposium on Security and Privacy (SP)","author":"Nasr Milad","year":"2019","unstructured":"Milad Nasr, Reza Shokri, and Amir Houmansadr. 2019. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 739\u2013753."},{"key":"e_1_3_2_100_2","first-page":"15576","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence","volume":"37","author":"Oldenhof Martijn","year":"2023","unstructured":"Martijn Oldenhof, Gergely \u00c1cs, Bal\u00e1zs Pej\u00f3, Ansgar Schuffenhauer, Nicholas Holway, No\u00e9 Sturm, Arne Dieckmann, Oliver Fortmeier, Eric Boniface, Cl\u00e9ment Mayer, et\u00a0al. 2023. Industry-scale orchestrated federated learning for drug discovery. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 37. 15576\u201315584."},{"issue":"14","key":"e_1_3_2_101_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3595292","article-title":"I know what you trained last summer: A survey on stealing machine learning models and defences","volume":"55","author":"Oliynyk Daryna","year":"2023","unstructured":"Daryna Oliynyk, Rudolf Mayer, and Andreas Rauber. 2023. I know what you trained last summer: A survey on stealing machine learning models and defences. Comput. Surveys 55, 14s (2023), 1\u201341.","journal-title":"Comput. Surveys"},{"key":"e_1_3_2_102_2","first-page":"4954","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Orekondy Tribhuvanesh","year":"2019","unstructured":"Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz. 2019. Knockoff nets: Stealing functionality of black-box models. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 4954\u20134963."},{"key":"e_1_3_2_103_2","doi-asserted-by":"crossref","first-page":"2429","DOI":"10.1145\/3548606.3560557","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","author":"Pasquini Dario","year":"2022","unstructured":"Dario Pasquini, Danilo Francati, and Giuseppe Ateniese. 2022. Eluding secure aggregation in federated learning via model inconsistency. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2429\u20132443."},{"key":"e_1_3_2_104_2","article-title":"The federated tumor segmentation (FETS) challenge","author":"Pati Sarthak","year":"2021","unstructured":"Sarthak Pati, Ujjwal Baid, Maximilian Zenk, Brandon Edwards, Micah Sheller, G Anthony Reina, Patrick Foley, Alexey Gruzdev, Jason Martin, Shadi Albarqouni, et\u00a0al. 2021. The federated tumor segmentation (FETS) challenge. arXiv preprint arXiv:2105.05874 (2021).","journal-title":"arXiv preprint arXiv:2105.05874"},{"key":"e_1_3_2_105_2","doi-asserted-by":"crossref","first-page":"1449","DOI":"10.1109\/INFOCOM48880.2022.9796818","volume-title":"Proceedings of the IEEE Conference on Computer Communications (IEEE INFOCOM 2022).","author":"Perazzone Jake","year":"2022","unstructured":"Jake Perazzone, Shiqiang Wang, Mingyue Ji, and Kevin S. Chan. 2022. Communication-efficient device scheduling for federated learning using stochastic optimization. In Proceedings of the IEEE Conference on Computer Communications (IEEE INFOCOM 2022).1449\u20131458. 10.1109\/INFOCOM48880.2022.9796818"},{"key":"e_1_3_2_106_2","first-page":"100","volume-title":"Proceedings of the International Conference on Applications and Techniques in Information Security","author":"Phong Le Trieu","year":"2017","unstructured":"Le Trieu Phong, Yoshinori Aono, Takuya Hayashi, Lihua Wang, and Shiho Moriai. 2017. Privacy-preserving deep learning: Revisited and enhanced. In Proceedings of the International Conference on Applications and Techniques in Information Security. Springer, 100\u2013110."},{"issue":"1150","key":"e_1_3_2_107_2","doi-asserted-by":"crossref","first-page":"20220890","DOI":"10.1259\/bjr.20220890","article-title":"Federated learning for medical imaging radiology","volume":"96","author":"Rehman Muhammad Habib ur","year":"2023","unstructured":"Muhammad Habib ur Rehman, Walter Hugo Lopez Pinaya, Parashkev Nachev, James T. Teo, Sebastin Ourselin, and M. Jorge Cardoso. 2023. Federated learning for medical imaging radiology. The British Journal of Radiology 96, 1150 (2023), 20220890.","journal-title":"The British Journal of Radiology"},{"issue":"1","key":"e_1_3_2_108_2","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1038\/s41746-020-00323-1","article-title":"The future of digital health with federated learning","volume":"3","author":"Rieke Nicola","year":"2020","unstructured":"Nicola Rieke, Jonny Hancox, Wenqi Li, Fausto Milletari, Holger R. Roth, Shadi Albarqouni, Spyridon Bakas, Mathieu N. Galtier, Bennett A. Landman, Klaus Maier-Hein, et\u00a0al. 2020. The future of digital health with federated learning. NPJ Digital Medicine 3, 1 (2020), 119.","journal-title":"NPJ Digital Medicine"},{"issue":"4","key":"e_1_3_2_109_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3624010","article-title":"A survey of privacy attacks in machine learning","volume":"56","author":"Rigaki Maria","year":"2023","unstructured":"Maria Rigaki and Sebastian Garcia. 2023. A survey of privacy attacks in machine learning. Comput. Surveys 56, 4 (2023), 1\u201334.","journal-title":"Comput. Surveys"},{"key":"e_1_3_2_110_2","first-page":"181","volume-title":"Proceedings of the Symposium on Domain Adaptation and Representation Transfer, and Distributed and Collaborative Learning: 2nd MICCAI Workshop (DART 2020) and 1st MICCAI Workshop (DCL 2020), (Held in Conjunction with MICCAI 2020, Lima, Peru, October 4\u20138, 2020) 2","author":"Roth Holger R.","year":"2020","unstructured":"Holger R. Roth, Ken Chang, Praveer Singh, Nir Neumark, Wenqi Li, Vikash Gupta, Sharut Gupta, Liangqiong Qu, Alvin Ihsani, Bernardo C. Bizzo, et\u00a0al. 2020. Federated learning for breast density classification: A real-world implementation. In Proceedings of the Symposium on Domain Adaptation and Representation Transfer, and Distributed and Collaborative Learning: 2nd MICCAI Workshop (DART 2020) and 1st MICCAI Workshop (DCL 2020), (Held in Conjunction with MICCAI 2020, Lima, Peru, October 4\u20138, 2020) 2. Springer, 181\u2013191."},{"key":"e_1_3_2_111_2","article-title":"NVIDIA FLARE: Federated learning from simulation to real-world","author":"Roth Holger R.","year":"2022","unstructured":"Holger R. Roth, Yan Cheng, Yuhong Wen, Isaac Yang, Ziyue Xu, Yuan-Ting Hsieh, Kristopher Kersten, Ahmed Harouni, Can Zhao, Kevin Lu, et\u00a0al. 2022. NVIDIA FLARE: Federated learning from simulation to real-world. arXiv preprint arXiv:2210.13291 (2022).","journal-title":"arXiv preprint arXiv:2210.13291"},{"key":"e_1_3_2_112_2","series-title":"Proceedings of Machine Learning Research","first-page":"29937","volume-title":"Proceedings of the International Conference on Machine Learning, (ICML 2023, 23-29 July 2023, Honolulu, Hawaii)","volume":"202","author":"Sander Tom","year":"2023","unstructured":"Tom Sander, Pierre Stock, and Alexandre Sablayrolles. 2023. TAN without a burn: Scaling laws of DP-SGD. In Proceedings of the International Conference on Machine Learning, (ICML 2023, 23-29 July 2023, Honolulu, Hawaii)(Proceedings of Machine Learning Research, Vol. 202), Andreas Krause, Emma Brunskill, Kyunghyun Cho, Barbara Engelhardt, Sivan Sabato, and Jonathan Scarlett (Eds.). PMLR, 29937\u201329949."},{"key":"e_1_3_2_113_2","doi-asserted-by":"crossref","first-page":"1027","DOI":"10.1200\/CCI.20.00045","article-title":"Joint imaging platform for federated clinical data analytics","volume":"4","author":"Scherer Jonas","year":"2020","unstructured":"Jonas Scherer, Marco Nolden, Jens Kleesiek, Jasmin Metzger, Klaus Kades, Verena Schneider, Michael Bach, Oliver Sedlaczek, Andreas M. Bucher, Thomas J. Vogl, et\u00a0al. 2020. Joint imaging platform for federated clinical data analytics. JCO Clinical Cancer Informatics 4 (2020), 1027\u20131038.","journal-title":"JCO Clinical Cancer Informatics"},{"key":"e_1_3_2_114_2","doi-asserted-by":"crossref","first-page":"553","DOI":"10.1145\/3579856.3582836","volume-title":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","author":"Sharma Atul","year":"2023","unstructured":"Atul Sharma, Wei Chen, Joshua Zhao, Qiang Qiu, Saurabh Bagchi, and Somali Chaterji. 2023. Flair: Defense against model poisoning attack in federated learning. In Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security. 553\u2013566."},{"key":"e_1_3_2_115_2","unstructured":"Atul Sharma Wei Chen Joshua Zhao Qiang Qiu Somali Chaterji and Saurabh Bagchi. 2021. TESSERACT: Gradient Flip Score to Secure Federated Learning Against Model Poisoning Attacks. arxiv:2110.10108 [cs.LG] https:\/\/arxiv.org\/abs\/2110.10108"},{"key":"e_1_3_2_116_2","first-page":"122","volume-title":"Proceedings of the 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)","author":"Sharma Atul","year":"2023","unstructured":"Atul Sharma, Joshua C. Zhao, Wei Chen, Qiang Qiu, Saurabh Bagchi, and Somali Chaterji. 2023. How to learn collaboratively-federated learning to peer-to-peer learning and what\u2019s at stake. In Proceedings of the 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). IEEE, 122\u2013126."},{"key":"e_1_3_2_117_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1109\/SP.2017.41","volume-title":"Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP)","author":"Shokri Reza","year":"2017","unstructured":"Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 3\u201318."},{"issue":"2","key":"e_1_3_2_118_2","doi-asserted-by":"crossref","first-page":"260","DOI":"10.3390\/electronics12020260","article-title":"A detailed survey on federated learning attacks and defenses","volume":"12","author":"Sikandar Hira Shahzadi","year":"2023","unstructured":"Hira Shahzadi Sikandar, Huda Waheed, Sibgha Tahir, Saif U. R. Malik, and Waqas Rafique. 2023. A detailed survey on federated learning attacks and defenses. Electronics 12, 2 (2023), 260.","journal-title":"Electronics"},{"key":"e_1_3_2_119_2","first-page":"9864","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence","volume":"37","author":"So Jinhyun","year":"2023","unstructured":"Jinhyun So, Ramy E. Ali, Ba\u015fak G\u00fcler, Jiantao Jiao, and A. Salman Avestimehr. 2023. Securing secure aggregation: Mitigating multi-round privacy leakage in federated learning. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 37. 9864\u20139873."},{"key":"e_1_3_2_120_2","article-title":"Securing secure aggregation: Mitigating multi-round privacy leakage in federated learning","author":"So Jinhyun","year":"2021","unstructured":"Jinhyun So, Ramy E. Ali, Basak Guler, Jiantao Jiao, and Salman Avestimehr. 2021. Securing secure aggregation: Mitigating multi-round privacy leakage in federated learning. arXiv preprint arXiv:2106.03328 (2021).","journal-title":"arXiv preprint arXiv:2106.03328"},{"issue":"1","key":"e_1_3_2_121_2","first-page":"479","article-title":"Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning","volume":"2","author":"So Jinhyun","year":"2021","unstructured":"Jinhyun So, Ba\u015fak G\u00fcler, and A. Salman Avestimehr. 2021. Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning. IEEE Journal on Selected Areas in Information Theory 2, 1 (2021), 479\u2013489.","journal-title":"IEEE Journal on Selected Areas in Information Theory"},{"key":"e_1_3_2_122_2","first-page":"694","article-title":"LightsecAGG: A lightweight and versatile design for secure aggregation in federated learning","volume":"4","author":"So Jinhyun","year":"2022","unstructured":"Jinhyun So, Corey J. Nolet, Chien-Sheng Yang, Songze Li, Qian Yu, Ramy E. Ali, Basak Guler, and Salman Avestimehr. 2022. LightsecAGG: A lightweight and versatile design for secure aggregation in federated learning. Proceedings of Machine Learning and Systems 4 (2022), 694\u2013720.","journal-title":"Proceedings of Machine Learning and Systems"},{"key":"e_1_3_2_123_2","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/SPW.2019.00021","volume-title":"Proceedings of the 2019 IEEE Security and Privacy Workshops (SPW)","author":"Song Liwei","year":"2019","unstructured":"Liwei Song, Reza Shokri, and Prateek Mittal. 2019. Membership inference attacks against adversarially robust deep learning models. In Proceedings of the 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 50\u201356."},{"key":"e_1_3_2_124_2","article-title":"Privacy auditing with one (1) training run","author":"Steinke Thomas","year":"2023","unstructured":"Thomas Steinke, Milad Nasr, and Matthew Jagielski. 2023. Privacy auditing with one (1) training run. arXiv preprint arXiv:2305.08846 (2023).","journal-title":"arXiv preprint arXiv:2305.08846"},{"issue":"21","key":"e_1_3_2_125_2","doi-asserted-by":"crossref","first-page":"22824","DOI":"10.1609\/aaai.v38i21.30317","article-title":"HiFi-gas: Hierarchical federated learning incentive mechanism enhanced gas usage estimation","volume":"38","author":"Sun Hao","year":"2024","unstructured":"Hao Sun, Xiaoli Tang, Chengyi Yang, Zhenpeng Yu, Xiuli Wang, Qijie Ding, Zengxiang Li, and Han Yu. 2024. HiFi-gas: Hierarchical federated learning incentive mechanism enhanced gas usage estimation. In Proceedings of the AAAI Conference on Artificial Intelligence 38, 21 (Mar.2024), 22824\u201322832. https:\/\/ojs.aaai.org\/index.php\/AAAI\/article\/view\/30317","journal-title":"In Proceedings of the AAAI Conference on Artificial Intelligence"},{"key":"e_1_3_2_126_2","first-page":"601","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security 16)","author":"Tram\u00e8r Florian","year":"2016","unstructured":"Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction \\(\\lbrace\\) APIs \\(\\rbrace\\) . In Proceedings of the 25th USENIX Security Symposium (USENIX Security 16). 601\u2013618."},{"issue":"3","key":"e_1_3_2_127_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3592800","article-title":"Beyond gradients: Exploiting adversarial priors in model inversion attacks","volume":"26","author":"Usynin Dmitrii","year":"2023","unstructured":"Dmitrii Usynin, Daniel Rueckert, and Georgios Kaissis. 2023. Beyond gradients: Exploiting adversarial priors in model inversion attacks. ACM Transactions on Privacy and Security 26, 3 (2023), 1\u201330.","journal-title":"ACM Transactions on Privacy and Security"},{"key":"e_1_3_2_128_2","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/SP.2018.00038","volume-title":"Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP)","author":"Wang Binghui","year":"2018","unstructured":"Binghui Wang and Neil Zhenqiang Gong. 2018. Stealing hyperparameters in machine learning. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 36\u201352."},{"key":"e_1_3_2_129_2","first-page":"1","volume-title":"- Proceedings of the IEEE Conference on Computer Communications","author":"Wang Shiqiang","year":"2023","unstructured":"Shiqiang Wang, Jake Perazzone, Mingyue Ji, and Kevin S. Chan. 2023. Federated learning with flexible control. In - Proceedings of the IEEE Conference on Computer Communications(IEEE INFOCOM 2023).1\u201310. 10.1109\/INFOCOM53939.2023.10229070"},{"key":"e_1_3_2_130_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2019.2904348"},{"key":"e_1_3_2_131_2","first-page":"1924","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Wang Xiaosen","year":"2021","unstructured":"Xiaosen Wang and Kun He. 2021. Enhancing the transferability of adversarial attacks through variance tuning. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 1924\u20131933."},{"key":"e_1_3_2_132_2","doi-asserted-by":"crossref","first-page":"2512","DOI":"10.1109\/INFOCOM.2019.8737416","volume-title":"Proceedings of the IEEE Conference on Computer Communications (IEEE INFOCOM 2019)","author":"Wang Zhibo","year":"2019","unstructured":"Zhibo Wang, Mengkai Song, Zhifei Zhang, Yang Song, Qian Wang, and Hairong Qi. 2019. Beyond inferring class representatives: User-level privacy leakage from federated learning. In Proceedings of the IEEE Conference on Computer Communications (IEEE INFOCOM 2019). IEEE, 2512\u20132520."},{"key":"e_1_3_2_133_2","article-title":"Federated semi-supervised learning with class distribution mismatch","volume":"2111","author":"Wang Zhiguo","year":"2021","unstructured":"Zhiguo Wang, Xintong Wang, Ruoyu Sun, and Tsung-Hui Chang. 2021. Federated semi-supervised learning with class distribution mismatch. CoRR abs\/2111.00010 (2021).","journal-title":"CoRR"},{"key":"e_1_3_2_134_2","doi-asserted-by":"crossref","first-page":"3454","DOI":"10.1109\/TIFS.2020.2988575","article-title":"Federated learning with differential privacy: Algorithms and performance analysis","volume":"15","author":"Wei Kang","year":"2020","unstructured":"Kang Wei, Jun Li, Ming Ding, Chuan Ma, Howard H Yang, Farhad Farokhi, Shi Jin, Tony QS Quek, and H Vincent Poor. 2020. Federated learning with differential privacy: Algorithms and performance analysis. IEEE Transactions on Information Forensics and Security 15 (2020), 3454\u20133469.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_2_135_2","article-title":"Fishing for user data in large-batch federated learning via gradient magnification","author":"Wen Yuxin","year":"2022","unstructured":"Yuxin Wen, Jonas Geiping, Liam Fowl, Micah Goldblum, and Tom Goldstein. 2022. Fishing for user data in large-batch federated learning via gradient magnification. In Proceedings of theInternational Conference on Machine Learning (2022).","journal-title":"International Conference on Machine Learning"},{"key":"e_1_3_2_136_2","article-title":"Federated learning priorities under the European Union artificial intelligence act","author":"Woisetschl\u00e4ger Herbert","year":"2024","unstructured":"Herbert Woisetschl\u00e4ger, Alexander Erben, Bill Marino, Shiqiang Wang, Nicholas D. Lane, Ruben Mayer, and Hans-Arno Jacobsen. 2024. Federated learning priorities under the European Union artificial intelligence act. arXiv preprint arXiv:2402.05968 (2024).","journal-title":"arXiv preprint arXiv:2402.05968"},{"key":"e_1_3_2_137_2","article-title":"Federated learning of gboard language models with differential privacy","author":"Xu Zheng","year":"2023","unstructured":"Zheng Xu, Yanxiang Zhang, Galen Andrew, Christopher A Choquette-Choo, Peter Kairouz, H Brendan McMahan, Jesse Rosenstock, and Yuanbo Zhang. 2023. Federated learning of gboard language models with differential privacy. arXiv preprint arXiv:2305.18465 (2023).","journal-title":"arXiv preprint arXiv:2305.18465"},{"key":"e_1_3_2_138_2","doi-asserted-by":"crossref","first-page":"268","DOI":"10.1109\/CSF.2018.00027","volume-title":"Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium (CSF)","author":"Yeom Samuel","year":"2018","unstructured":"Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, 268\u2013282."},{"key":"e_1_3_2_139_2","first-page":"16337","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Yin Hongxu","year":"2021","unstructured":"Hongxu Yin, Arun Mallya, Arash Vahdat, Jose M Alvarez, Jan Kautz, and Pavlo Molchanov. 2021. See through gradients: Image batch recovery via gradinversion. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 16337\u201316346."},{"issue":"6","key":"e_1_3_2_140_2","first-page":"1","article-title":"A comprehensive survey of privacy-preserving federated learning: A taxonomy, review, and future directions","volume":"54","author":"Yin Xuefei","year":"2021","unstructured":"Xuefei Yin, Yanming Zhu, and Jiankun Hu. 2021. A comprehensive survey of privacy-preserving federated learning: A taxonomy, review, and future directions. ACM Computing Surveys (CSUR) 54, 6 (2021), 1\u201336.","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"e_1_3_2_141_2","first-page":"1215","volume-title":"Proceedings of the 22nd International Conference on Artificial Intelligence and Statistics","author":"Yu Qian","year":"2019","unstructured":"Qian Yu, Songze Li, Netanel Raviv, Seyed Mohammadreza Mousavi Kalan, Mahdi Soltanolkotabi, and Salman A Avestimehr. 2019. Lagrange coded computing: Optimal design for resiliency, security, and privacy. In Proceedings of the 22nd International Conference on Artificial Intelligence and Statistics. PMLR, 1215\u20131225."},{"key":"e_1_3_2_142_2","volume-title":"Proceedings of NeurIPS PriML 2021-workshop Privacy in Machine Learning","author":"Zari Oualid","year":"2021","unstructured":"Oualid Zari, Chuan Xu, and Giovanni Neglia. 2021. Efficient passive membership inference attack in federated learning. In Proceedings of NeurIPS PriML 2021-workshop Privacy in Machine Learning."},{"key":"e_1_3_2_143_2","first-page":"493","volume-title":"Procedings of the 2020 USENIX Annual Technical Conference (USENIX ATC 20)","author":"Zhang Chengliang","year":"2020","unstructured":"Chengliang Zhang, Suyi Li, Junzhe Xia, Wei Wang, Feng Yan, and Yang Liu. 2020. \\(\\lbrace\\) BatchCrypt \\(\\rbrace\\) : Efficient homomorphic encryption for \\(\\lbrace\\) Cross-Silo \\(\\rbrace\\) federated learning. In Procedings of the 2020 USENIX Annual Technical Conference (USENIX ATC 20). 493\u2013506."},{"key":"e_1_3_2_144_2","first-page":"459","volume-title":"Proceedings of the 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)","author":"Zhang Hongyi","year":"2021","unstructured":"Hongyi Zhang, Jan Bosch, and Helena Holmstr\u00f6m Olsson. 2021. Real-time end-to-end federated learning: An automotive case study. In Proceedings of the 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). 459\u2013468. 10.1109\/COMPSAC51774.2021.00070"},{"key":"e_1_3_2_145_2","first-page":"1","article-title":"Challenges and future directions of secure federated learning: A survey","volume":"16","author":"Zhang Kaiyue","year":"2022","unstructured":"Kaiyue Zhang, Xuan Song, Chenhan Zhang, and Shui Yu. 2022. Challenges and future directions of secure federated learning: A survey. Frontiers of Computer Science 16 (2022), 1\u20138.","journal-title":"Frontiers of Computer Science"},{"key":"e_1_3_2_146_2","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1145\/3485730.3493444","volume-title":"Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems (SenSys \u201921)","author":"Zhang Tuo","year":"2021","unstructured":"Tuo Zhang, Chaoyang He, Tianhao Ma, Lei Gao, Mark Ma, and Salman Avestimehr. 2021. Federated learning for internet of things. In Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems (SenSys \u201921) (Coimbra, Portugal). ACM, New York, 413\u2013419. 10.1145\/3485730.3493444"},{"key":"e_1_3_2_147_2","article-title":"IDLG: Improved deep leakage from gradients","author":"Zhao Bo","year":"2020","unstructured":"Bo Zhao, Konda Reddy Mopuri, and Hakan Bilen. 2020. IDLG: Improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020).","journal-title":"arXiv preprint arXiv:2001.02610"},{"key":"e_1_3_2_148_2","first-page":"12247","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Zhao Joshua C.","year":"2024","unstructured":"Joshua C. Zhao, Ahaan Dabholkar, Atul Sharma, and Saurabh Bagchi. 2024. Leak and learn: An attacker\u2019s cookbook to train using leaked data from federated learning. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 12247\u201312256."},{"key":"e_1_3_2_149_2","first-page":"3974","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Zhao Joshua C.","year":"2023","unstructured":"Joshua C. Zhao, Ahmed Roushdy Elkordy, Atul Sharma, Yahya H. Ezzeldin, Salman Avestimehr, and Saurabh Bagchi. 2023. The resource problem of using linear layer leakage attack in federated learning. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 3974\u20133983."},{"key":"e_1_3_2_150_2","first-page":"30","volume-title":"Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP)","author":"Zhao Joshua Christian","year":"2023","unstructured":"Joshua Christian Zhao, Atul Sharma, Ahmed Roushdy Elkordy, Yahya H Ezzeldin, Salman Avestimehr, and Saurabh Bagchi. 2023. LOKI: Large-scale data reconstruction attack against federated learning through model manipulation. In Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 30\u201330."},{"issue":"11","key":"e_1_3_2_151_2","doi-asserted-by":"crossref","first-page":"7471","DOI":"10.1109\/TIT.2022.3192874","article-title":"Information theoretic secure aggregation with user dropouts","volume":"68","author":"Zhao Yizhou","year":"2022","unstructured":"Yizhou Zhao and Hua Sun. 2022. Information theoretic secure aggregation with user dropouts. IEEE Transactions on Information Theory 68, 11 (2022), 7471\u20137484.","journal-title":"IEEE Transactions on Information Theory"},{"key":"e_1_3_2_152_2","article-title":"Deep leakage from gradients","volume":"32","author":"Zhu Ligeng","year":"2019","unstructured":"Ligeng Zhu, Zhijian Liu, and Song Han. 2019. Deep leakage from gradients. Advances in Neural Information Processing Systems 32 (2019).","journal-title":"Advances in Neural Information Processing Systems"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3724113","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3724113","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:58Z","timestamp":1750295938000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3724113"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,3]]},"references-count":151,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2025,9,30]]}},"alternative-id":["10.1145\/3724113"],"URL":"https:\/\/doi.org\/10.1145\/3724113","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,3]]},"assertion":[{"value":"2024-05-06","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-04","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-04-03","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}