{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T17:54:45Z","timestamp":1776362085918,"version":"3.51.2"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2025,4,3]],"date-time":"2025-04-03T00:00:00Z","timestamp":1743638400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Key Research and Development Projects of Jilin Province","award":["20240302090GX"],"award-info":[{"award-number":["20240302090GX"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62072208"],"award-info":[{"award-number":["62072208"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Science Foundation","award":["ECCS-2216926, CNS-2241713, CNS-2331302 and CNS-2339686"],"award-info":[{"award-number":["ECCS-2216926, CNS-2241713, CNS-2331302 and CNS-2339686"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,5,31]]},"abstract":"\n Federated Learning (FL) is vulnerable to backdoor attacks\u2014especially distributed backdoor attacks (DBA) that are more persistent and stealthy than centralized backdoor attacks. However, we observe that the attack effectiveness of DBA can be largely reduced when encountering rebels, i.e., the agents promising to perform the attack but do not do so. To robustify DBAs, we present\n SSRDBA<\/jats:sc>\n , a secret sharing-inspired robust DBA to FL. To be specific, given a same global trigger as DBA,\n SSRDBA<\/jats:sc>\n carefully divides it into different shares based on secret sharing and exploits these shares to poison local data on malicious devices, respectively.\n SSRDBA<\/jats:sc>\n enjoys several merits, e.g., only partial malicious agents guarantee the reconstruction of the global trigger. Extensive experimental results show that\n SSRDBA<\/jats:sc>\n is more robust to rebels than DBA and can evade the state-of-the-art FL defenses mainly for centralized backdoor attacks. To mitigate\n SSRDBA<\/jats:sc>\n , we further design a novel defense mechanism, termed NFDR, which shows great potential against\n SSRDBA<\/jats:sc>\n on certain independent identically distributed datasets.\n <\/jats:p>","DOI":"10.1145\/3725814","type":"journal-article","created":{"date-parts":[[2025,3,22]],"date-time":"2025-03-22T09:43:39Z","timestamp":1742636619000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["A Secret Sharing-Inspired Robust Distributed Backdoor Attack to Federated Learning"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9907-9980","authenticated-orcid":false,"given":"Yuxin","family":"Yang","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Jilin University, Changchun, China and Department of Computer Science, Illinois Institute of Technology, Chicago, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7510-4718","authenticated-orcid":false,"given":"Qiang","family":"Li","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Jilin University, Changchun, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2419-6592","authenticated-orcid":false,"given":"Yuede","family":"Ji","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5616-060X","authenticated-orcid":false,"given":"Binghui","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Illinois Institute of Technology, Chicago, United States"}]}],"member":"320","published-online":{"date-parts":[[2025,4,3]]},"reference":[{"key":"e_1_3_1_2_2","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence","author":"Arevalo Caridad Arroyo","year":"2024","unstructured":"Caridad Arroyo Arevalo, Sayedeh Leila Noorbakhsh, Yun Dong, Yuan Hong, and Binghui Wang. 2024. Task-agnostic privacy-preserving representation learning for federated learning against attribute inference attacks. In Proceedings of the AAAI Conference on Artificial Intelligence."},{"key":"e_1_3_1_3_2","doi-asserted-by":"crossref","unstructured":"Eugene Bagdasarian and Vitaly Shmatikov. 2024. Mithridates: Auditing and boosting backdoor resistance of machine learning pipelines. Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security.","DOI":"10.1145\/3658644.3690337"},{"key":"e_1_3_1_4_2","first-page":"2938","volume-title":"Proceedings of the International Conference on Artificial Intelligence and Statistics","author":"Bagdasaryan Eugene","year":"2020","unstructured":"Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In Proceedings of the International Conference on Artificial Intelligence and Statistics. PMLR, 2938\u20132948."},{"key":"e_1_3_1_5_2","first-page":"634","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Bhagoji Arjun Nitin","year":"2019","unstructured":"Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin Calo. 2019. Analyzing federated learning through an adversarial lens. In Proceedings of the International Conference on Machine Learning. PMLR, 634\u2013643."},{"key":"e_1_3_1_6_2","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume":"30","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems, Vol. 30 (2017).","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_1_7_2","volume-title":"Proceedings of the Workshop on Federated Learning for Data Privacy and Confidentiality","author":"Caldas Sebastian","year":"2019","unstructured":"Sebastian Caldas, Peter Wu, Tian Li, Jakub Kone\u010dn\u00fd, H. Brendan McMahan, Virginia Smith, and Ameet Talwalkar. 2019. LEAF: A benchmark for federated settings. In Proceedings of the Workshop on Federated Learning for Data Privacy and Confidentiality."},{"key":"e_1_3_1_8_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201921)","author":"Cao Xiaoyu","year":"2021","unstructured":"Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong. 2021. FLTrust: Byzantine-robust federated learning via trust bootstrapping. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201921)."},{"key":"e_1_3_1_9_2","first-page":"3396","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Cao Xiaoyu","year":"2022","unstructured":"Xiaoyu Cao and Neil Zhenqiang Gong. 2022. Mpaf: Model poisoning attacks to federated learning based on fake clients. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 3396\u20133404."},{"key":"e_1_3_1_10_2","volume-title":"Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY\u201925)","author":"Feng Shuya","year":"2025","unstructured":"Shuya Feng, Meisam Mohammady, Hanbin Hong, Shenao Yan, Ashish Kundu, Binghui Wang, and Yuan Hong. 2025. Universally harmonizing differential privacy mechanisms for federated learning: Boosting accuracy and convergence. In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY\u201925)."},{"key":"e_1_3_1_11_2","first-page":"301","volume-title":"Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201920)","author":"Fung Clement","year":"2020","unstructured":"Clement Fung, Chris JM Yoon, and Ivan Beschastnikh. 2020. The limitations of federated learning in sybil settings. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201920). 301\u2013316."},{"key":"e_1_3_1_12_2","doi-asserted-by":"crossref","unstructured":"Xueluan Gong Yanjiao Chen Qian Wang and Weihan Kong. 2022. Backdoor attacks and defenses in federated learning: State-of-the-art taxonomy and future directions. IEEE Wireless Communications 30 2 (2022) 114\u2013121.","DOI":"10.1109\/MWC.017.2100714"},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","first-page":"102814","DOI":"10.1016\/j.cose.2022.102814","article-title":"Backdoor smoothing: Demystifying backdoor attacks on deep neural networks","volume":"120","author":"Grosse Kathrin","year":"2022","unstructured":"Kathrin Grosse, Taesung Lee, Battista Biggio, Youngja Park, Michael Backes, and Ian Molloy. 2022. Backdoor smoothing: Demystifying backdoor attacks on deep neural networks. Comput. Secur. 120 (2022), 102814.","journal-title":"Comput. Secur."},{"key":"e_1_3_1_14_2","first-page":"1172","volume-title":"Proceedings of the IEEE International Conference on Big Data (Big Data\u201921)","author":"Guo Yifan","year":"2021","unstructured":"Yifan Guo, Qianlong Wang, Tianxi Ji, Xufei Wang, and Pan Li. 2021. Resisting distributed backdoor attacks in federated learning: A dynamic norm clipping approach. In Proceedings of the IEEE International Conference on Big Data (Big Data\u201921). IEEE, 1172\u20131182."},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3503161.3548171"},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3192645"},{"key":"e_1_3_1_17_2","article-title":"FedGame: A game-theoretic defense against backdoor attacks in federated learning","volume":"36","author":"Jia Jinyuan","year":"2024","unstructured":"Jinyuan Jia, Zhuowen Yuan, Dinuka Sahabandu, Luyao Niu, Arezoo Rajabi, Bhaskar Ramasubramanian, Bo Li, and Radha Poovendran. 2024. FedGame: A game-theoretic defense against backdoor attacks in federated learning. In Advances in Neural Information Processing Systems, Vol. 36 (2024).","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_1_18_2","first-page":"5311","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Karimireddy Sai Praneeth","year":"2021","unstructured":"Sai Praneeth Karimireddy, Lie He, and Martin Jaggi. 2021. Learning from history for byzantine robust optimization. In Proceedings of the International Conference on Machine Learning. PMLR, 5311\u20135319."},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.07.023"},{"key":"e_1_3_1_20_2","first-page":"1273","volume-title":"Artificial Intelligence and Statistics","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273\u20131282."},{"key":"e_1_3_1_21_2","article-title":"Byzantine-robust federated machine learning through adaptive model averaging","author":"Mu\u00f1oz-Gonz\u00e1lez Luis","year":"2019","unstructured":"Luis Mu\u00f1oz-Gonz\u00e1lez, Kenneth T. Co, and Emil C. Lupu. 2019. Byzantine-robust federated machine learning through adaptive model averaging. arXiv:1909.05125. Retrieved from https:\/\/arxiv.org\/abs\/1909.05125","journal-title":"arXiv:1909.05125"},{"key":"e_1_3_1_22_2","volume-title":"Proceedings of the 31st USENIX Security Symposium","author":"Nguyen Thien Duc","year":"2022","unstructured":"Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen M\u00f6llering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, et\u00a0al. 2022. FLAME: Taming backdoors in federated learning. In Proceedings of the 31st USENIX Security Symposium."},{"key":"e_1_3_1_23_2","unstructured":"Thien Duc Nguyen Phillip Rieger Hossein Yalame Helen M\u00f6llering Hossein Fereidooni Samuel Marchal Markus Miettinen et\u00a0al. 2021. FLGUARD: Secure and private federated learning. IACR Cryptol. ePrint Arch. 2021 (2021) 25."},{"key":"e_1_3_1_24_2","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence","author":"Pang Meng","year":"2025","unstructured":"Meng Pang, Houwei Xu, Zheng Huang, Yintao Zhou, Wei Huang, and Binghui Wang. 2025. Breaking data silos in Parkinson\u2019s disease diagnosis: An adaptive federated learning approach for privacy-preserving facial expression analysis. In Proceedings of the AAAI Conference on Artificial Intelligence."},{"key":"e_1_3_1_25_2","doi-asserted-by":"crossref","unstructured":"Krishna Pillutla Sham M. Kakade and Zaid Harchaoui. 2022. Robust aggregation for federated learning. IEEE Transactions on Signal Processing 70 (2022) 1142\u20131154.","DOI":"10.1109\/TSP.2022.3153135"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01299"},{"key":"e_1_3_1_27_2","volume-title":"Proceedings of the Network and Distributed Systems Security Symposium (NDSS\u201922)","author":"Rieger Phillip","year":"2022","unstructured":"Phillip Rieger, Thien Duc Nguyen, Markus Miettinen, and Ahmad-Reza Sadeghi. 2022. DeepSight: Mitigating backdoor attacks in federated learning through deep model inspection. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS\u201922)."},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"key":"e_1_3_1_29_2","article-title":"Federated multi-task learning","volume":"30","author":"Smith Virginia","year":"2017","unstructured":"Virginia Smith, Chao-Kai Chiang, Maziar Sanjabi, and Ameet S. Talwalkar. 2017. Federated multi-task learning. In Advances in Neural Information Processing Systems, Vol. 30 (2017).","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_1_30_2","doi-asserted-by":"crossref","unstructured":"Yuxin Yang Qiang Li Jinyuan Jia Yuan Hong and Binghui Wang. 2024. Distributed backdoor attacks on federated graph learning and certified defenses. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2829\u20132843.","DOI":"10.1145\/3658644.3690187"},{"key":"e_1_3_1_31_2","article-title":"Can you really backdoor federated learning?","author":"Sun Ziteng","year":"2019","unstructured":"Ziteng Sun, Peter Kairouz, Ananda Theertha Suresh, and H. Brendan McMahan. 2019. Can you really backdoor federated learning? arXiv:1911.07963. Retrieved from https:\/\/arxiv.org\/abs\/1911.07963","journal-title":"arXiv:1911.07963"},{"key":"e_1_3_1_32_2","doi-asserted-by":"crossref","unstructured":"Sakshi Udeshi Shanshan Peng Gerald Woo Lionell Loh Louth Rawshan and Sudipta Chattopadhyay. 2022. Model agnostic defence against backdoor attacks in machine learning. IEEE Transactions on Reliability 71 2 (2022) 880\u2013895.","DOI":"10.1109\/TR.2022.3159784"},{"key":"e_1_3_1_33_2","volume-title":"Proceedings of the IEEE International Conference on Data Mining (ICDM\u201922)","author":"Wang Binghui","year":"2022","unstructured":"Binghui Wang, Ang Li, Meng Pang, Hai Li, and Yiran Chen. 2022. Graphfl: A federated learning framework for semi-supervised node classification on graphs. In Proceedings of the IEEE International Conference on Data Mining (ICDM\u201922)."},{"key":"e_1_3_1_34_2","volume-title":"Advances in Neural Information Processing Systems","author":"Wang Hongyi","year":"2020","unstructured":"Hongyi Wang, Kartik Sreenivasan, Shashank Rajput, Harit Vishwakarma, Saurabh Agarwal, Jy-yong Sohn, Kangwook Lee, and Dimitris S. Papailiopoulos. 2020. Attack of the tails: Yes, you really can backdoor federated learning. In Advances in Neural Information Processing Systems."},{"key":"e_1_3_1_35_2","doi-asserted-by":"crossref","unstructured":"Shuai Wang Chengyang Li Derrick Wing Kwan Ng Yonina C. Eldar H. Vincent Poor Qi Hao and Chengzhong Xu. 2022. Federated deep learning meets autonomous vehicle perception: Design and verification. IEEE Network 37 3 (2022) 16\u201325.","DOI":"10.1109\/MNET.104.2100403"},{"key":"e_1_3_1_36_2","unstructured":"Han Xiao Kashif Rasul and Roland Vollgraf. 2017. Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms. arXiv:1708.07747. Retrieved http:\/\/arxiv.org\/abs\/1708.07747"},{"key":"e_1_3_1_37_2","first-page":"11372","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Xie Chulin","year":"2021","unstructured":"Chulin Xie, Minghao Chen, Pin-Yu Chen, and Bo Li. 2021. Crfl: Certifiably robust federated learning against backdoor attacks. In Proceedings of the International Conference on Machine Learning. PMLR, 11372\u201311382."},{"key":"e_1_3_1_38_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Xie Chulin","year":"2020","unstructured":"Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2020. Dba: Distributed backdoor attacks against federated learning. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3298981"},{"key":"e_1_3_1_40_2","volume-title":"Advances in Neural Information Processing Systems","author":"Yang Yuxin","year":"2024","unstructured":"Yuxin Yang, Qiang Li, Yuan Hong, and Binghui Wang. 2024. FedGMark: Certifiably robust watermarking for federated graph learning. In Advances in Neural Information Processing Systems."},{"key":"e_1_3_1_41_2","doi-asserted-by":"crossref","unstructured":"Yuxin Yang Qiang Li Jinyuan Jia Yuan Hong and Binghui Wang. 2024. Distributed backdoor attacks on federated graph learning and certified defenses. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2829\u20132843.","DOI":"10.1145\/3658644.3690187"},{"key":"e_1_3_1_42_2","first-page":"2930","volume-title":"Proceedings of the ACM International Conference on Information and Knowledge Management","author":"Yang Yuxin","year":"2024","unstructured":"Yuxin Yang, Qiang Li, Chenfei Nie, Yuan Hong, and Binghui Wang. 2024. Breaking state-of-the-art poisoning defenses to federated learning: An optimization-based attack framework. In Proceedings of the ACM International Conference on Information and Knowledge Management. 2930\u20132939."},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3183224"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3534678.3539231"},{"key":"e_1_3_1_45_2","first-page":"26429","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Zhang Zhengming","year":"2022","unstructured":"Zhengming Zhang, Ashwinee Panda, Linyue Song, Yaoqing Yang, Michael Mahoney, Prateek Mittal, Ramchandran Kannan, and Joseph Gonzalez. 2022. Neurotoxin: Durable backdoors in federated learning. In Proceedings of the International Conference on Machine Learning. PMLR, 26429\u201326446."},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3034602"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3725814","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3725814","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:57:04Z","timestamp":1750298224000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3725814"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,3]]},"references-count":45,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,5,31]]}},"alternative-id":["10.1145\/3725814"],"URL":"https:\/\/doi.org\/10.1145\/3725814","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,3]]},"assertion":[{"value":"2024-06-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-18","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-04-03","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}