{"id":"https://openalex.org/W4312761046","doi":"https://doi.org/10.1109/ijcnn55064.2022.9891990","title":"Semi-Targeted Model Poisoning Attack on Federated Learning via Backward Error Analysis","display_name":"Semi-Targeted Model Poisoning Attack on Federated Learning via Backward Error Analysis","publication_year":2022,"publication_date":"2022-07-18","ids":{"openalex":"https://openalex.org/W4312761046","doi":"https://doi.org/10.1109/ijcnn55064.2022.9891990"},"language":"en","primary_location":{"id":"doi:10.1109/ijcnn55064.2022.9891990","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn55064.2022.9891990","pdf_url":null,"source":{"id":"https://openalex.org/S4363607707","display_name":"2022 International Joint Conference on Neural Networks (IJCNN)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041151881","display_name":"Yuwei Sun","orcid":"https://orcid.org/0000-0001-7315-8034"},"institutions":[{"id":"https://openalex.org/I4210126580","display_name":"RIKEN Center for Advanced Intelligence Project","ror":"https://ror.org/03ckxwf91","country_code":"JP","type":"facility","lineage":["https://openalex.org/I4210110652","https://openalex.org/I4210126580"]},{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Yuwei Sun","raw_affiliation_strings":["The University of Tokyo","RIKEN AIP"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]},{"raw_affiliation_string":"RIKEN AIP","institution_ids":["https://openalex.org/I4210126580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045456657","display_name":"Hideya Ochiai","orcid":"https://orcid.org/0000-0002-4568-6726"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Hideya Ochiai","raw_affiliation_strings":["The University of Tokyo"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022139141","display_name":"Jun Sakuma","orcid":"https://orcid.org/0000-0001-5015-3812"},"institutions":[{"id":"https://openalex.org/I146399215","display_name":"University of Tsukuba","ror":"https://ror.org/02956yf07","country_code":"JP","type":"education","lineage":["https://openalex.org/I146399215"]},{"id":"https://openalex.org/I4210126580","display_name":"RIKEN Center for Advanced Intelligence Project","ror":"https://ror.org/03ckxwf91","country_code":"JP","type":"facility","lineage":["https://openalex.org/I4210110652","https://openalex.org/I4210126580"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Jun Sakuma","raw_affiliation_strings":["RIKEN AIP","University of Tsukuba"],"affiliations":[{"raw_affiliation_string":"RIKEN AIP","institution_ids":["https://openalex.org/I4210126580"]},{"raw_affiliation_string":"University of Tsukuba","institution_ids":["https://openalex.org/I146399215"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5041151881"],"corresponding_institution_ids":["https://openalex.org/I4210126580","https://openalex.org/I74801974"],"apc_list":null,"apc_paid":null,"fwci":2.5268,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.9141706,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11307","display_name":"Domain Adaptation and Few-Shot Learning","score":0.9399999976158142,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9325000047683716,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8363523483276367},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7384127378463745},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.6785158514976501},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5899948477745056},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5501747727394104},{"id":"https://openalex.org/keywords/enhanced-data-rates-for-gsm-evolution","display_name":"Enhanced Data Rates for GSM Evolution","score":0.5490187406539917},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.5043660402297974},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4750549793243408},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.47261619567871094},{"id":"https://openalex.org/keywords/feature-vector","display_name":"Feature vector","score":0.4698718190193176},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4256898760795593},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.32760781049728394}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8363523483276367},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7384127378463745},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.6785158514976501},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5899948477745056},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5501747727394104},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.5490187406539917},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.5043660402297974},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4750549793243408},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.47261619567871094},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.4698718190193176},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4256898760795593},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.32760781049728394},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ijcnn55064.2022.9891990","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn55064.2022.9891990","pdf_url":null,"source":{"id":"https://openalex.org/S4363607707","display_name":"2022 International Joint Conference on Neural Networks (IJCNN)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1444988414","display_name":null,"funder_award_id":"JP22J12681,JP19H04164","funder_id":"https://openalex.org/F4320334764","funder_display_name":"Japan Society for the Promotion of Science"},{"id":"https://openalex.org/G4826549480","display_name":null,"funder_award_id":"JPMJCR21D3","funder_id":"https://openalex.org/F4320338075","funder_display_name":"Core Research for Evolutional Science and Technology"}],"funders":[{"id":"https://openalex.org/F4320334764","display_name":"Japan Society for the Promotion of Science","ror":"https://ror.org/00hhkn466"},{"id":"https://openalex.org/F4320338075","display_name":"Core Research for Evolutional Science and Technology","ror":"https://ror.org/00097mb19"},{"id":"https://openalex.org/F4320338087","display_name":"Advanced Science Institute","ror":"https://ror.org/01sjwvz98"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W2112796928","https://openalex.org/W2399587145","https://openalex.org/W2535838896","https://openalex.org/W2591882872","https://openalex.org/W2750384547","https://openalex.org/W2752689052","https://openalex.org/W2774423163","https://openalex.org/W2788816110","https://openalex.org/W2810065831","https://openalex.org/W2897865027","https://openalex.org/W2903356604","https://openalex.org/W2963209464","https://openalex.org/W3106047871","https://openalex.org/W3106646114","https://openalex.org/W3118608800","https://openalex.org/W3195462295","https://openalex.org/W4205903454","https://openalex.org/W4297687186","https://openalex.org/W4298140072","https://openalex.org/W4318619660","https://openalex.org/W6712837096","https://openalex.org/W6728757088","https://openalex.org/W6743688258","https://openalex.org/W6743821447","https://openalex.org/W6746897123","https://openalex.org/W6748805329","https://openalex.org/W6750462152","https://openalex.org/W6752600739","https://openalex.org/W6756840679","https://openalex.org/W6776469819","https://openalex.org/W6780640148"],"related_works":["https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W4237162029","https://openalex.org/W2367268135","https://openalex.org/W1480190076","https://openalex.org/W4387796593","https://openalex.org/W2604394466","https://openalex.org/W2952603690","https://openalex.org/W2941205169","https://openalex.org/W4328053081"],"abstract_inverted_index":{"Model":[0],"poisoning":[1,127],"attacks":[2],"on":[3,178,188],"federated":[4,81],"learning":[5,21],"intrude":[6],"in":[7,17,135,168,197,208,216],"the":[8,41,47,57,64,119,131,136,169,179,192,210,217],"entire":[9],"system":[10],"via":[11],"compromising":[12],"an":[13,100,147,222],"edge":[14],"model,":[15],"resulting":[16],"malfunctioning":[18],"of":[19,63,194,225],"machine":[20],"models.":[22],"Such":[23],"compromised":[24],"models":[25],"are":[26,90],"tampered":[27],"with":[28,94,221],"to":[29,55,60,76,108,124],"perform":[30],"adversary-desired":[31],"behaviors.":[32],"In":[33],"particular,":[34],"we":[35,117,140],"considered":[36],"a":[37,109,126,142,154,204],"semi-targeted":[38],"situation":[39,145],"where":[40,146],"source":[42,65],"class":[43,49,134],"is":[44,50,54],"predetermined":[45],"however":[46],"target":[48,96,111,133],"not.":[51],"The":[52],"goal":[53],"cause":[56],"global":[58],"classifier":[59],"misclassify":[61],"data":[62],"class.":[66,112],"Though":[67],"approaches":[68],"such":[69],"as":[70],"label":[71],"flipping":[72],"have":[73],"been":[74,85],"adopted":[75],"inject":[77],"poisoned":[78],"parameters":[79,176],"into":[80],"learning,":[82],"it":[83],"has":[84],"shown":[86],"that":[87],"their":[88],"performances":[89],"usually":[91],"class-sensitive":[92],"varying":[93,191],"different":[95,110,166,199],"classes":[97,167],"applied.":[98],"Typically,":[99],"attack":[101,128,211],"can":[102],"become":[103],"less":[104],"effective":[105],"when":[106],"shifting":[107],"To":[113,157],"overcome":[114],"this":[115,159],"challenge,":[116],"propose":[118],"Attacking":[120],"Distance-aware":[121],"Attack":[122],"(ADA)":[123],"enhance":[125],"by":[129,190,213],"finding":[130],"optimized":[132],"feature":[137,171],"space.":[138],"Moreover,":[139],"studied":[141],"more":[143],"challenging":[144,219],"adversary":[148],"had":[149],"limited":[150],"prior":[151],"knowledge":[152],"about":[153],"client's":[155],"data.":[156],"tackle":[158],"problem,":[160],"ADA":[161,189,206],"deduces":[162],"pair-wise":[163],"distances":[164],"between":[165],"latent":[170],"space":[172],"from":[173],"shared":[174],"model":[175],"based":[177],"backward":[180],"error":[181],"analysis.":[182],"We":[183],"performed":[184],"extensive":[185],"empirical":[186],"evaluations":[187],"factor":[193],"attacking":[195,223],"frequency":[196,224],"three":[198],"image":[200],"classification":[201],"tasks.":[202],"As":[203],"result,":[205],"succeeded":[207],"increasing":[209],"performance":[212],"1.8":[214],"times":[215],"most":[218],"case":[220],"0.01.":[226]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2}],"updated_date":"2026-03-04T09:10:02.777135","created_date":"2025-10-10T00:00:00"}