{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:37:27Z","timestamp":1773513447779,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2025,5,6]],"date-time":"2025-05-06T00:00:00Z","timestamp":1746489600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The study investigates how adversarial training techniques can be used to introduce backdoors into deep learning models by an insider with privileged access to training data. The research demonstrates an insider-driven poison-label backdoor approach in which triggers are introduced into the training dataset. These triggers misclassify poisoned inputs while maintaining standard classification on clean data. An adversary can improve the stealth and effectiveness of such attacks by utilizing XAI techniques, which makes the detection of such attacks more difficult. The study uses publicly available datasets to evaluate the robustness of the deep learning models in this situation. Our experiments show that adversarial training considerably reduces backdoor attacks. These results are verified using various performance metrics, revealing model vulnerabilities and possible countermeasures. The findings demonstrate the importance of robust training techniques and effective adversarial defenses to improve the security of deep learning models against insider-driven backdoor attacks.<\/jats:p>","DOI":"10.3390\/fi17050209","type":"journal-article","created":{"date-parts":[[2025,5,6]],"date-time":"2025-05-06T09:08:56Z","timestamp":1746522536000},"page":"209","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Adversarial Training for Mitigating Insider-Driven XAI-Based Backdoor Attacks"],"prefix":"10.3390","volume":"17","author":[{"given":"R. G.","family":"Gayathri","sequence":"first","affiliation":[{"name":"School of Information Technology, Deakin University, Geelong, VIC 3217, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0445-0573","authenticated-orcid":false,"given":"Atul","family":"Sajjanhar","sequence":"additional","affiliation":[{"name":"School of Information Technology, Deakin University, Geelong, VIC 3217, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yong","family":"Xiang","sequence":"additional","affiliation":[{"name":"School of Information Technology, Deakin University, Geelong, VIC 3217, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,6]]},"reference":[{"key":"ref_1","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., and Vladu, A. (2017). Towards Deep Learning Models Resistant to Adversarial Attacks. arXiv."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., and Swami, A. (2017, January 2\u20136). Practical Black-Box Attacks against Machine Learning. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security\u2014ASIA CCS\u201917, Saadiyat Island, Abu Dhabi.","DOI":"10.1145\/3052973.3053009"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Lin, Y.-S., Lee, W.-C., and Celik, Z.B. (2020). What Do You See? Evaluation of Explainable Artificial Intelligence (XAI) Interpretability through Neural Backdoors. arXiv.","DOI":"10.1145\/3447548.3467213"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TNNLS.2022.3182979","article-title":"Backdoor Learning: A Survey","volume":"35","author":"Li","year":"2022","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","article-title":"BadNets: Evaluating Backdooring Attacks on Deep Neural Networks","volume":"7","author":"Gu","year":"2019","journal-title":"IEEE Access"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"102791","DOI":"10.1016\/j.cose.2022.102791","article-title":"Tamp-X: Attacking Explainable Natural Language Classifiers through Tampered Activations","volume":"120","author":"Ali","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Gayathri, R., Sajjanhar, A., and Xiang, Y. (2022, January 18\u201323). Adversarial Training for Robust Insider Threat Detection. Proceedings of the 2022 International Joint Conference on Neural Networks (IJCNN), Padua, Italy.","DOI":"10.1109\/IJCNN55064.2022.9892059"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Yan, Z., Li, G., TIan, Y., Wu, J., Li, S., Chen, M., and Poor, H.V. (2021, January 2\u20139). DeHiB: Deep Hidden Backdoor Attack on Semi-Supervised Learning via Adversarial Perturbation. Proceedings of the AAAI Conference on Artificial Intelligence, Online.","DOI":"10.1609\/aaai.v35i12.17266"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"110570","DOI":"10.1016\/j.ress.2024.110570","article-title":"A novel reinforcement learning agent for rotating machinery fault diagnosis with data augmentation","volume":"253","author":"Li","year":"2021","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"\u0160v\u00e1bensk\u00fd, V., Borchers, C., Cloude, E.B., and Shimada, A. (2025, January 3\u20137). Evaluating the impact of data augmentation on predictive model performance. Proceedings of the 15th International Learning Analytics and Knowledge Conference, Dublin, Ireland.","DOI":"10.1145\/3706468.3706485"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"112223","DOI":"10.1016\/j.asoc.2024.112223","article-title":"Challenges and opportunities of generative models on tabular data","volume":"166","author":"Wang","year":"2024","journal-title":"Appl. Soft Comput."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Kang, H.Y.J., Ko, M., and Ryu, K.S. (2025). Tabular transformer generative adversarial network for heterogeneous distribution in healthcare. Sci. Rep., 15.","DOI":"10.1038\/s41598-025-93077-3"},{"key":"ref_13","unstructured":"Lei, X., Skoularidou, M., Cuesta-Infante, A., and Veeramachaneni, K. (2019, January 8\u201314). Modeling tabular data using conditional gan. Proceedings of the 33rd Conference on Neural Information Processing Systems (NeurIPS 2019), Vancouver, BC, Canada."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Dou, H., Chen, C., Hu, X., Xuan, Z., Hu, Z., and Peng, S. (2020, January 12\u201316). PCA-SRGAN: Incremental orthogonal projection discrimination for face super-resolution. Proceedings of the 28th ACM International Conference on Multimedia, Seattle, WA, USA.","DOI":"10.1145\/3394171.3413590"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1016\/j.neucom.2020.07.044","article-title":"Asymmetric CycleGAN for image-to-image translations with uneven complexities","volume":"415","author":"Dou","year":"2020","journal-title":"Neurocomputing"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Khazane, H., Ridouani, M., Salahdine, F., and Kaabouch, N. (2024). A Holistic Review of Machine Learning Adversarial Attacks in IoT Networks. Future Internet, 16.","DOI":"10.3390\/fi16010032"},{"key":"ref_17","unstructured":"Gao, Y., Doan, B.G., Zhang, Z., Ma, S., Zhang, J., Fu, A., Nepal, S., and Kim, H. (2020). Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review. arXiv."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"136361","DOI":"10.1109\/ACCESS.2023.3337638","article-title":"Data Poisoning Attacks with Hybrid Particle Swarm Optimization Algorithms against Federated Learning in Connected and Autonomous Vehicles","volume":"11","author":"Cui","year":"2023","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Borgnia, E., Cherepanova, V., Fowl, L., Ghiasi, A., Geiping, J., Goldblum, M., Goldstein, T., and Gupta, A.K. (2021, January 6\u201311). Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks without an Accuracy Tradeoff. Proceedings of the ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Toronto, ON, Canada.","DOI":"10.1109\/ICASSP39728.2021.9414862"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Qiu, H., Zeng, Y., Guo, S., Zhang, T., Qiu, M., and Thuraisingham, B. (2021, January 7\u201311). DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks Using Data Augmentation. Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, Hong Kong, China.","DOI":"10.1145\/3433210.3453108"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"132","DOI":"10.48175\/IJARSCT-23624","article-title":"Explainable AI (XAI) for Cyber Defense: Enhancing Transparency and Trust in AI-Driven Security Solutions","volume":"5","author":"Agarwal","year":"2025","journal-title":"Int. J. Adv. Res. Sci. Commun. Technol."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"135392","DOI":"10.1109\/ACCESS.2021.3116481","article-title":"Explainable Artificial Intelligence for Tabular Data: A Survey","volume":"9","author":"Sahakyan","year":"2021","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"2098537","DOI":"10.1080\/17517575.2022.2098537","article-title":"Explainable and Secure Artificial Intelligence: Taxonomy, Cases of Study, Learned Lessons, Challenges and Future Directions","volume":"17","author":"Eldrandaly","year":"2022","journal-title":"Enterp. Inf. Syst."},{"key":"ref_24","first-page":"4791","article-title":"Please Tell Me More: Privacy Impact of Explainability through the Lens of Membership Inference Attack","volume":"31","author":"Liu","year":"2024","journal-title":"IEEE Symp. Secur. Priv."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Baniecki, H., and Biecek, P. (2023). Adversarial Attacks and Defenses in Explainable Artificial Intelligence: A Survey. arXiv.","DOI":"10.1016\/j.inffus.2024.102303"},{"key":"ref_26","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., and Song, D. (2017). Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Saha, A., Subramanya, A., and Pirsiavash, H. (2020, January 9\u201311). Hidden Trigger Backdoor Attacks. Proceedings of the AAAI Conference on Artificial Intelligence, New York, NY, USA.","DOI":"10.1609\/aaai.v34i07.6871"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Ning, R., Li, J., Xin, C., and Wu, H. (2021, January 10\u201313). Invisible Poison: A Blackbox Clean Label Backdoor Attack to Deep Neural Networks. Proceedings of the IEEE INFOCOM 2021\u2014IEEE Conference on Computer Communications, Vancouver, BC, Canada.","DOI":"10.1109\/INFOCOM42981.2021.9488902"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"402","DOI":"10.1109\/JPROC.2020.2970615","article-title":"Adversarial Learning Targeting Deep Neural Network Classification: A Comprehensive Review of Defenses against Attacks","volume":"108","author":"Miller","year":"2020","journal-title":"Proc. IEEE"},{"key":"ref_30","unstructured":"Gu, T., Dolan-Gavitt, B., and Garg, S. (2017). BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ning, R., Xin, C., and Wu, H. (2022, January 2\u20135). TrojanFlow: A Neural Backdoor Attack to Deep Learning-Based Network Traffic Classifiers. Proceedings of the IEEE INFOCOM 2022\u2014IEEE Conference on Computer Communications, Virtual.","DOI":"10.1109\/INFOCOM48880.2022.9796878"},{"key":"ref_32","first-page":"4768","article-title":"A Unified Approach to Interpreting Model Predictions","volume":"30","author":"Lundberg","year":"2017","journal-title":"Neural Inf. Process. Syst."},{"key":"ref_33","unstructured":"Lundberg, S.M., Erion, G.G., and Lee, S.-I. (2018). Consistent Individualized Feature Attribution for Tree Ensembles. arXiv."},{"key":"ref_34","unstructured":"Kadra, A., Lindauer, M., Hutter, F., and Grabocka, J. (2021). Well-Tuned Simple Nets Excel on Tabular Datasets. arXiv."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Arik, S.\u00d6., and Pfister, T. (2021, January 2\u20139). TabNet: Attentive Interpretable Tabular Learning. Proceedings of the AAAI Conference on Artificial Intelligence, Virtual.","DOI":"10.1609\/aaai.v35i8.16826"},{"key":"ref_36","unstructured":"Klambauer, G., Unterthiner, T., Mayr, A., and Hochreiter, S. (2017, January 4\u20139). Self-normalizing neural networks. Proceedings of the 31st Conference on Neural Information Processing Systems (NIPS 2017), Long Beach, CA, USA."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"165710","DOI":"10.1109\/ACCESS.2019.2953490","article-title":"Fault Diagnosis of Rotating Machinery Based on Combination of Deep Belief Network and One-Dimensional Convolutional Neural Network","volume":"7","author":"Li","year":"2019","journal-title":"IEEE Access"},{"key":"ref_38","unstructured":"(2025, March 28). Cmu.edu. Insider Threat Test Dataset. Available online: https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=508099."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"103665","DOI":"10.1016\/j.cose.2023.103665","article-title":"Unveiling shadows: A comprehensive framework for insider threat detection based on statistical and sequential analysis","volume":"138","author":"Xiao","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_40","first-page":"108","article-title":"Deep temporal graph infomax for imbalanced insider threat detection","volume":"65","author":"Gao","year":"2025","journal-title":"J. Comput. Inf. Syst."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Gayathri, R.G., Sajjanhar, A., Xiang, Y., and Ma, X. (2021, January 20\u201322). Anomaly Detection for Scenario-Based Insider Activities Using CGAN Augmented Data. Proceedings of the 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China.","DOI":"10.1109\/TrustCom53373.2021.00105"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/5\/209\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:27:53Z","timestamp":1760030873000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/5\/209"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,6]]},"references-count":41,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2025,5]]}},"alternative-id":["fi17050209"],"URL":"https:\/\/doi.org\/10.3390\/fi17050209","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,6]]}}}