{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T04:39:53Z","timestamp":1777351193686,"version":"3.51.4"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T00:00:00Z","timestamp":1777334400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T00:00:00Z","timestamp":1777334400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004761","name":"the Natural Science Foundation of Henan Province","doi-asserted-by":"crossref","award":["No. 242300420700"],"award-info":[{"award-number":["No. 242300420700"]}],"id":[{"id":"10.13039\/501100004761","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"the National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["No. 12201639"],"award-info":[{"award-number":["No. 12201639"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"the National Social Science Fund of China","award":["No. 21BXW057"],"award-info":[{"award-number":["No. 21BXW057"]}]},{"name":"the Scientific Research Foundation of Information Engineering University","award":["No. f8304"],"award-info":[{"award-number":["No. f8304"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Federated Learning (FL) has been widely used in Internet of Things (IoT) environments as a promising decentralized framework capable of collaborative model training without exposing local data. Despite its advantages, FL still encounters significant security challenges. In particular, semi-honest servers can potentially infer private information from the gradients shared by clients. Additionally, FL\u2019s distributed nature opens up vulnerabilities to adversarial behavior, where malicious clients may submit manipulated gradients to degrade the global model\u2019s accuracy or hinder its convergence. Addressing privacy and robustness simultaneously is an enormous challenge, as most privacy-preserving approaches focus on securing gradients through encryption or noise injection, which obstructs the identification of malicious clients\u2013an essential step in poisoning defense. To resolve this conflict, this work introduces AP-PPFL, a federated learning framework that integrates both privacy protection and poisoning defense. The proposed approach incorporates a voting-based parameter importance evaluation strategy and a cosine similarity-based mechanism to filter out harmful gradients. Furthermore, it leverages Paillier homomorphic encryption within a dual-server setup to maintain gradient confidentiality while enabling secure computation directly over encrypted data. Compared with conventional methods, AP-PPFL achieves a balanced improvement in both privacy-preserving and attack resilience, with comprehensive security analysis provided.<\/jats:p>","DOI":"10.1186\/s42400-026-00583-6","type":"journal-article","created":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T04:04:52Z","timestamp":1777349092000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["AP-PPFL: an anti-poisoning privacy-preserving federated learning method"],"prefix":"10.1186","volume":"9","author":[{"given":"Yongfei","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chen","family":"Fang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chaowen","family":"Chang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuanbo","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haodong","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yaohui","family":"Hao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,28]]},"reference":[{"key":"583_CR1","unstructured":"Blanchard P, Mhamdi EME, Guerraoui R, Stainer J. Machine learning with adversaries: Byzantine tolerant gradient descent. In: Guyon I, Luxburg U, Bengio S, Wallach HM, Fergus R, Vishwanathan SVN, Garnett R. (eds.) Advances in Neural Information Processing Systems 30: Annual Conference on Neural Information Processing Systems 2017, December 4-9, 2017, Long Beach, CA, USA, pp. 119\u2013129 (2017). https:\/\/proceedings.neurips.cc\/paper\/2017\/hash\/f4b9ec30ad9f68f89b29639786cb62ef-Abstract.html"},{"key":"583_CR2","doi-asserted-by":"publisher","first-page":"5749","DOI":"10.1109\/TIFS.2023.3315125","volume":"18","author":"X Chen","year":"2023","unstructured":"Chen X, Yu H, Jia X, Yu X (2023) Apfed: anti-poisoning attacks in privacy-preserving heterogeneous federated learning. IEEE Trans Inf Forensics Secur 18:5749\u20135761. https:\/\/doi.org\/10.1109\/TIFS.2023.3315125","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"583_CR3","doi-asserted-by":"publisher","first-page":"10141","DOI":"10.1109\/TIFS.2024.3486611","volume":"19","author":"L Chen","year":"2024","unstructured":"Chen L, Xiao D, Xiao X, Zhang Y (2024) Secure and efficient federated learning via novel authenticable multi-party computation and compressed sensing. IEEE Trans Inf Forensics Secur 19:10141\u201310156. https:\/\/doi.org\/10.1109\/TIFS.2024.3486611","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"583_CR4","unstructured":"Fang M, Cao X, Jia J, Gong NZ (2020) Local model poisoning attacks to byzantine-robust federated learning. In: Capkun, S., Roesner, F. (eds.) 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, pp. 1605\u20131622. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/fang"},{"key":"583_CR5","unstructured":"Fung C, Yoon CJM, Beschastnikh I (2020) The limitations of federated learning in sybil settings. In: Egele, M., Bilge, L. (eds.) 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020, San Sebastian, Spain, October 14-15, pp. 301\u2013316. USENIX Association. https:\/\/www.usenix.org\/conference\/raid2020\/presentation\/fung"},{"key":"583_CR6","unstructured":"Gu T, Dolan-Gavitt B, Garg S (2017) Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733"},{"key":"583_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/J.ESWA.2024.125359","volume":"259","author":"Z Gu","year":"2025","unstructured":"Gu Z, Shi J, Yang Y (2025) ANODYNE: mitigating backdoor attacks in federated learning. Expert Syst Appl 259:125359. https:\/\/doi.org\/10.1016\/J.ESWA.2024.125359","journal-title":"Expert Syst Appl"},{"key":"583_CR8","doi-asserted-by":"publisher","unstructured":"Gupta, A., Luo, T., Ngo, M.V., Das, S.K.: Long-short history of gradients is all you need: Detecting malicious and unreliable clients in federated learning. In: Atluri, V., Pietro, R.D., Jensen, C.D., Meng, W. (eds.) Computer Security - ESORICS 2022 - 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26-30, 2022, Proceedings, Part III. Lecture Notes in Computer Science, vol. 13556, pp. 445\u2013465. Springer. https:\/\/doi.org\/10.1007\/978-3-031-17143-7_22","DOI":"10.1007\/978-3-031-17143-7_22"},{"issue":"5","key":"583_CR9","doi-asserted-by":"publisher","first-page":"3562","DOI":"10.1109\/TII.2021.3112100","volume":"18","author":"B Hou","year":"2022","unstructured":"Hou B, Gao J, Guo X, Baker T, Zhang Y, Wen Y, Liu Z (2022) Mitigating the backdoor attack by federated filters for industrial iot applications. IEEE Trans Ind Informatics 18(5):3562\u20133571. https:\/\/doi.org\/10.1109\/TII.2021.3112100","journal-title":"IEEE Trans Ind Informatics"},{"issue":"1","key":"583_CR10","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1109\/TDSC.2024.3392424","volume":"22","author":"C Hu","year":"2025","unstructured":"Hu C, Li B (2025) Maskcrypt: federated learning with selective homomorphic encryption. IEEE Trans Dependable Secur Comput 22(1):221\u2013233. https:\/\/doi.org\/10.1109\/TDSC.2024.3392424","journal-title":"IEEE Trans Dependable Secur Comput"},{"issue":"2","key":"583_CR11","doi-asserted-by":"publisher","first-page":"1407","DOI":"10.1109\/TNET.2023.3317870","volume":"32","author":"J Hu","year":"2024","unstructured":"Hu J, Wang Z, Shen Y, Lin B, Sun P, Pang X, Liu J, Ren K (2024) Shield against gradient leakage attacks: adaptive privacy-preserving federated learning. IEEE ACM Trans Netw 32(2):1407\u20131422. https:\/\/doi.org\/10.1109\/TNET.2023.3317870","journal-title":"IEEE ACM Trans Netw"},{"key":"583_CR12","doi-asserted-by":"crossref","unstructured":"Huber, P.J.: Robust statistics. In: International Encyclopedia of Statistical Science, pp. 1248\u20131251. Springer, ??? (2011)","DOI":"10.1007\/978-3-642-04898-2_594"},{"key":"583_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/J.KNOSYS.2022.110178","volume":"260","author":"NM Jebreel","year":"2023","unstructured":"Jebreel NM, Domingo-Ferrer J (2023) Fl-defender: combating targeted attacks in federated learning. Knowl Based Syst 260:110178. https:\/\/doi.org\/10.1016\/J.KNOSYS.2022.110178","journal-title":"Knowl Based Syst"},{"key":"583_CR14","unstructured":"Krizhevsky A, Hinton G, et al. (2009) Learning multiple layers of features from tiny images"},{"issue":"11","key":"583_CR15","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278\u20132324. https:\/\/doi.org\/10.1109\/5.726791","journal-title":"Proc IEEE"},{"key":"583_CR16","unstructured":"Lee G, Jeong M, Shin Y, Bae S, Yun S. (2022) Preservation of the global knowledge by not-true distillation in federated learning. In: Koyejo S, Mohamed S, Agarwal A, Belgrave D, Cho K, Oh A. (eds.) Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, NeurIPS 2022, New Orleans, LA, USA, November 28 - December 9. http:\/\/papers.nips.cc\/paper_files\/paper\/2022\/hash\/fadec8f2e65f181d777507d1df69b92f-Abstract-Conference.html"},{"key":"583_CR17","doi-asserted-by":"publisher","first-page":"4358","DOI":"10.1109\/TIFS.2024.3378006","volume":"19","author":"X Li","year":"2024","unstructured":"Li X, Yang X, Zhou Z, Lu R (2024) Efficiently achieving privacy preservation and poisoning attack resistance in federated learning. IEEE Trans Inf Forensics Secur 19:4358\u20134373. https:\/\/doi.org\/10.1109\/TIFS.2024.3378006","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"10","key":"583_CR18","doi-asserted-by":"publisher","first-page":"13027","DOI":"10.1109\/TITS.2024.3429533","volume":"25","author":"Q Liu","year":"2024","unstructured":"Liu Q, Sun S, Liu M, Wang Y, Gao B (2024) Online spatio-temporal correlation-based federated learning for traffic flow forecasting. IEEE Trans Intell Transp Syst 25(10):13027\u201313039. https:\/\/doi.org\/10.1109\/TITS.2024.3429533","journal-title":"IEEE Trans Intell Transp Syst"},{"key":"583_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/J.NEUCOM.2024.128653","volume":"611","author":"X Liu","year":"2025","unstructured":"Liu X, Wang J, Xiong X, Sun H (2025) Federated learning data protection scheme based on personalized differential privacy in psychological evaluation. Neurocomputing 611:128653. https:\/\/doi.org\/10.1016\/J.NEUCOM.2024.128653","journal-title":"Neurocomputing"},{"key":"583_CR20","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/TIFS.2022.3169918","volume":"17","author":"Z Ma","year":"2022","unstructured":"Ma Z, Ma J, Miao Y, Li Y, Deng RH (2022) Shieldfl: mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Trans Inf Forensics Secur 17:1639\u20131654. https:\/\/doi.org\/10.1109\/TIFS.2022.3169918","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"583_CR21","unstructured":"McMahan B, Moore E, Ramage D, Hampson S, Arcas BA. (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273\u20131282. PMLR"},{"key":"583_CR22","doi-asserted-by":"publisher","first-page":"5814","DOI":"10.1109\/TIFS.2024.3402113","volume":"19","author":"Y Miao","year":"2024","unstructured":"Miao Y, Yan X, Li X, Xu S, Liu X, Li H, Deng RH (2024) Rfed: robustness-enhanced privacy-preserving federated learning against poisoning attack. IEEE Trans Inf Forensics Secur 19:5814\u20135827","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"583_CR23","doi-asserted-by":"publisher","unstructured":"Paillier P, Pointcheval D (1999) Efficient public-key cryptosystems provably secure against active adversaries. In: Lam, K., Okamoto, E., Xing, C. (eds.) Advances in Cryptology - ASIACRYPT \u201999, International Conference on the Theory and Applications of Cryptology and Information Security, Singapore, November 14-18, Proceedings. Lecture Notes in Computer Science, vol. 1716, pp. 165\u2013179. Springer. https:\/\/doi.org\/10.1007\/978-3-540-48000-6_14","DOI":"10.1007\/978-3-540-48000-6_14"},{"key":"583_CR24","doi-asserted-by":"publisher","unstructured":"Paillier P. (1999) Public-key cryptosystems based on composite degree residuosity classes. In: Stern J. (ed.) Advances in Cryptology - EUROCRYPT \u201999, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, Proceeding. Lecture Notes in Computer Science, vol. 1592, pp. 223\u2013238. Springer. https:\/\/doi.org\/10.1007\/3-540-48910-X_16","DOI":"10.1007\/3-540-48910-X_16"},{"key":"583_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/J.INFFUS.2024.102807","volume":"117","author":"NH Quyen","year":"2025","unstructured":"Quyen NH, Duy PT, Nguyen NT, Khoa NH, Pham V (2025) Fedkd-ids: a robust intrusion detection system using knowledge distillation-based semi-supervised federated learning and anti-poisoning attack mechanism. Inf Fusion 117:102807. https:\/\/doi.org\/10.1016\/J.INFFUS.2024.102807","journal-title":"Inf Fusion"},{"issue":"3","key":"583_CR26","doi-asserted-by":"publisher","first-page":"6131","DOI":"10.1109\/TCE.2024.3460469","volume":"70","author":"AK Selvaraj","year":"2024","unstructured":"Selvaraj AK, Prathiba SB, Anandhan DK, Dhanalakshmi R, Gadekallu TR, Srivastava G (2024) Co-training-based personalized federated learning with generative adversarial networks for enhanced mobile smart healthcare diagnosis. IEEE Trans Consumer Electron 70(3):6131\u20136139. https:\/\/doi.org\/10.1109\/TCE.2024.3460469","journal-title":"IEEE Trans Consumer Electron"},{"issue":"11","key":"583_CR27","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1145\/359168.359176","volume":"22","author":"A Shamir","year":"1979","unstructured":"Shamir A (1979) How to share a secret. Commun ACM 22(11):612\u2013613. https:\/\/doi.org\/10.1145\/359168.359176","journal-title":"Commun ACM"},{"issue":"1","key":"583_CR28","doi-asserted-by":"publisher","first-page":"1241","DOI":"10.1109\/JIOT.2023.3288886","volume":"11","author":"X Shen","year":"2023","unstructured":"Shen X, Liu Y, Li F, Li C (2023) Privacy-preserving federated learning against label-flipping attacks on non-iid data. IEEE Internet Things J 11(1):1241\u20131255","journal-title":"IEEE Internet Things J"},{"issue":"15","key":"583_CR29","doi-asserted-by":"publisher","first-page":"26430","DOI":"10.1109\/JIOT.2024.3396217","volume":"11","author":"X Sun","year":"2024","unstructured":"Sun X, Yuan Z, Kong X, Xue L, He L, Lin Y (2024) Communication-efficient and privacy-preserving aggregation in federated learning with adaptability. IEEE Internet Things J 11(15):26430\u201326443. https:\/\/doi.org\/10.1109\/JIOT.2024.3396217","journal-title":"IEEE Internet Things J"},{"key":"583_CR30","unstructured":"Wang H, Sreenivasan K, Rajput S, Vishwakarma H, Agarwal S, Sohn J, Lee K, Papailiopoulos DS (2020) Attack of the tails: Yes, you really can backdoor federated learning. In: Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M., Lin, H. (eds.) Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6-12, 2020, Virtual. https:\/\/proceedings.neurips.cc\/paper\/2020\/hash\/b8ffa41d4e492f0fad2f13e29e1762eb-Abstract.html"},{"key":"583_CR31","doi-asserted-by":"publisher","DOI":"10.1016\/J.INFFUS.2024.102796","volume":"116","author":"D Wang","year":"2025","unstructured":"Wang D, Guan S (2025) Fedfr-adp: adaptive differential privacy with feedback regulation for robust model performance in federated learning. Inf Fusion 116:102796. https:\/\/doi.org\/10.1016\/J.INFFUS.2024.102796","journal-title":"Inf Fusion"},{"key":"583_CR32","doi-asserted-by":"publisher","first-page":"1015","DOI":"10.1109\/TIFS.2023.3322328","volume":"19","author":"T Wang","year":"2023","unstructured":"Wang T, Yang Q, Zhu K, Wang J, Su C, Sato K (2023) Lds-fl: loss differential strategy based federated learning for privacy preserving. IEEE Trans Inf Forensics Secur 19:1015\u20131030","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"13","key":"583_CR33","doi-asserted-by":"publisher","first-page":"23268","DOI":"10.1109\/JIOT.2024.3385479","volume":"11","author":"G Wang","year":"2024","unstructured":"Wang G, Zhou L, Li Q, Yan X, Liu X, Wu Y (2024) FVFL: a flexible and verifiable privacy-preserving federated learning scheme. IEEE Internet Things J 11(13):23268\u201323281. https:\/\/doi.org\/10.1109\/JIOT.2024.3385479","journal-title":"IEEE Internet Things J"},{"key":"583_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/J.INFFUS.2023.102029","volume":"102","author":"R Wang","year":"2024","unstructured":"Wang R, Yuan X, Yang Z, Wan Y, Luo M, Wu D (2024) RFLPV: a robust federated learning scheme with privacy preservation and verifiable aggregation in iomt. Inf Fusion 102:102029. https:\/\/doi.org\/10.1016\/J.INFFUS.2023.102029","journal-title":"Inf Fusion"},{"key":"583_CR35","doi-asserted-by":"publisher","DOI":"10.1016\/J.DSS.2023.114084","volume":"177","author":"Z Wang","year":"2024","unstructured":"Wang Z, Xiao J, Wang L, Yao J (2024) A novel federated learning approach with knowledge transfer for credit scoring. Decis Support Syst 177:114084. https:\/\/doi.org\/10.1016\/J.DSS.2023.114084","journal-title":"Decis Support Syst"},{"key":"583_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/J.PATCOG.2023.110234","volume":"149","author":"S Wang","year":"2024","unstructured":"Wang S, Tao H, Li J, Ji X, Gao Y, Gong M (2024) Towards fair and personalized federated recommendation. Pattern Recognit 149:110234. https:\/\/doi.org\/10.1016\/J.PATCOG.2023.110234","journal-title":"Pattern Recognit"},{"key":"583_CR37","doi-asserted-by":"publisher","first-page":"3454","DOI":"10.1109\/TIFS.2020.2988575","volume":"15","author":"K Wei","year":"2020","unstructured":"Wei K, Li J, Ding M, Ma C, Yang HH, Farokhi F, Jin S, Quek TQ, Poor HV (2020) Federated learning with differential privacy: algorithms and performance analysis. IEEE Trans Inf Forensics Secur 15:3454\u20133469","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"583_CR38","unstructured":"Xiao H, Rasul K, Vollgraf R (2017) Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. CoRR abs\/1708.07747 arXiv:1708.07747"},{"key":"583_CR39","doi-asserted-by":"publisher","unstructured":"Yang X, Huang W, Ye M (2024) Fedas: Bridging inconsistency in personalized federated learning. In: IEEE\/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2024, Seattle, WA, USA, June 16-22, pp. 11986\u201311995. IEEE. https:\/\/doi.org\/10.1109\/CVPR52733.2024.01139","DOI":"10.1109\/CVPR52733.2024.01139"},{"key":"583_CR40","unstructured":"Yang Y, Hui B, Yuan H, Gong NZ, Cao Y (2023) Privatefl: Accurate, differentially private federated learning via personalized data transformation. In: Calandrino, J.A., Troncoso, C. (eds.) 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, pp. 1595\u20131612. USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/yang-yuchen"},{"key":"583_CR41","unstructured":"Yin D, Chen Y, Kannan R, Bartlett P (2018) Byzantine-robust distributed learning: Towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650\u20135659. Pmlr"},{"key":"583_CR42","unstructured":"Yin D, Chen Y, Ramchandran K, Bartlett PL. (2018) Byzantine-robust distributed learning: Towards optimal statistical rates. In: Dy JG, Krause A. (eds.) Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15. Proceedings of Machine Learning Research, vol. 80, pp. 5636\u20135645. PMLR. http:\/\/proceedings.mlr.press\/v80\/yin18a.html"},{"key":"583_CR43","unstructured":"Zhang C, Li S, Xia J, Wang W, Yan F, Liu Y (2020) $$\\{$$BatchCrypt$$\\}$$: Efficient homomorphic encryption for $$\\{$$Cross-Silo$$\\}$$ federated learning. In: 2020 USENIX Annual Technical Conference (USENIX ATC 20), pp. 493\u2013506"},{"key":"583_CR44","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1109\/TIFS.2022.3221899","volume":"18","author":"Z Zhang","year":"2023","unstructured":"Zhang Z, Wu L, Ma C, Li J, Wang J, Wang Q, Yu S (2023) LSFL: a lightweight and secure federated learning scheme for edge computing. IEEE Trans Inf Forensics Secur 18:365\u2013379. https:\/\/doi.org\/10.1109\/TIFS.2022.3221899","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"583_CR45","doi-asserted-by":"publisher","unstructured":"Zhang R, Guo S, Li P (2024) Gradfilt: Class-wise targeted data reconstruction from gradients in federated learning. In: Chua T, Ngo C, Lee RK, Kumar R, Lauw HW. (eds.) Companion Proceedings of the ACM on Web Conference 2024, WWW 2024, Singapore, Singapore, May 13-17, pp. 698\u2013701. ACM. https:\/\/doi.org\/10.1145\/3589335.3651514","DOI":"10.1145\/3589335.3651514"},{"key":"583_CR46","doi-asserted-by":"publisher","unstructured":"Zhang J, Hua Y, Wang H, Song T, Xue Z, Ma R, Guan H. Fedala: Adaptive local aggregation for personalized federated learning. In: Williams B, Chen Y, Neville J. (eds.) Thirty-Seventh AAAI Conference on Artificial Intelligence, AAAI 2023, Thirty-Fifth Conference on Innovative Applications of Artificial Intelligence, IAAI 2023, Thirteenth Symposium on Educational Advances in Artificial Intelligence, EAAI 2023, Washington, DC, USA, February 7-14, 2023, pp. 11237\u201311244. AAAI Press. https:\/\/doi.org\/10.1609\/AAAI.V37I9.26330","DOI":"10.1609\/AAAI.V37I9.26330"},{"key":"583_CR47","unstructured":"Zhu L, Liu Z, Han S (2019) Deep leakage from gradients. Advances in neural information processing systems 32"},{"key":"583_CR48","doi-asserted-by":"publisher","first-page":"991","DOI":"10.1109\/TIFS.2022.3233190","volume":"18","author":"T Zhu","year":"2023","unstructured":"Zhu T, Ye D, Zhou S, Liu B, Zhou W (2023) Label-only model inversion attacks: attack with the least information. IEEE Trans Inf Forensics Secur 18:991\u20131005. https:\/\/doi.org\/10.1109\/TIFS.2022.3233190","journal-title":"IEEE Trans Inf Forensics Secur"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00583-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-026-00583-6","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00583-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T04:05:31Z","timestamp":1777349131000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-026-00583-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,28]]},"references-count":48,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["583"],"URL":"https:\/\/doi.org\/10.1186\/s42400-026-00583-6","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,28]]},"assertion":[{"value":"22 October 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 March 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 April 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"160"}}