{"id":"https://openalex.org/W3211470872","doi":"https://doi.org/10.1109/tdsc.2021.3128679","title":"Secure Aggregation is Insecure: Category Inference Attack on Federated Learning","display_name":"Secure Aggregation is Insecure: Category Inference Attack on Federated Learning","publication_year":2021,"publication_date":"2021-11-17","ids":{"openalex":"https://openalex.org/W3211470872","doi":"https://doi.org/10.1109/tdsc.2021.3128679","mag":"3211470872"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2021.3128679","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3128679","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044345050","display_name":"Jiqiang Gao","orcid":"https://orcid.org/0000-0002-7850-3869"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiqiang Gao","raw_affiliation_strings":["Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0002-7850-3869","affiliations":[{"raw_affiliation_string":"Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102822996","display_name":"Boyu Hou","orcid":"https://orcid.org/0000-0001-8793-7880"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Boyu Hou","raw_affiliation_strings":["Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0001-8793-7880","affiliations":[{"raw_affiliation_string":"Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001758369","display_name":"Xiaojie Guo","orcid":"https://orcid.org/0000-0001-5295-2781"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaojie Guo","raw_affiliation_strings":["Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0001-5295-2781","affiliations":[{"raw_affiliation_string":"Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060212061","display_name":"Zheli Liu","orcid":"https://orcid.org/0000-0002-2984-2661"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zheli Liu","raw_affiliation_strings":["Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0002-2984-2661","affiliations":[{"raw_affiliation_string":"Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100386273","display_name":"Ying Zhang","orcid":"https://orcid.org/0000-0003-4906-5828"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ying Zhang","raw_affiliation_strings":["Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0003-4906-5828","affiliations":[{"raw_affiliation_string":"Tianjin Key Laboratory of Network and Data Security Technology, College of Cyber Science, College of Computer Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100437976","display_name":"Kai Chen","orcid":"https://orcid.org/0000-0002-5624-2987"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Chen","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-5624-2987","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100364819","display_name":"Jin Li","orcid":"https://orcid.org/0000-0003-0385-8793"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]},{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jin Li","raw_affiliation_strings":["School of Computer Science, Guangzhou University, Guangzhou, China","College of Cyber Science, Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0003-0385-8793","affiliations":[{"raw_affiliation_string":"School of Computer Science, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]},{"raw_affiliation_string":"College of Cyber Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5044345050"],"corresponding_institution_ids":["https://openalex.org/I205237279"],"apc_list":null,"apc_paid":null,"fwci":4.4795,"has_fulltext":false,"cited_by_count":62,"citation_normalized_percentile":{"value":0.95428072,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"20","issue":"1","first_page":"147","last_page":"160"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9833999872207642,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11704","display_name":"Mobile Crowdsensing and Crowdsourcing","score":0.9491000175476074,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8446651697158813},{"id":"https://openalex.org/keywords/independent-and-identically-distributed-random-variables","display_name":"Independent and identically distributed random variables","score":0.6463104486465454},{"id":"https://openalex.org/keywords/federated-learning","display_name":"Federated learning","score":0.6244760155677795},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5830584764480591},{"id":"https://openalex.org/keywords/notation","display_name":"Notation","score":0.5705313682556152},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.5615799427032471},{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.5573769211769104},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.4822831451892853},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.33958205580711365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3364272713661194},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.32090944051742554},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.307378351688385},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.30693140625953674},{"id":"https://openalex.org/keywords/random-variable","display_name":"Random variable","score":0.10683625936508179}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8446651697158813},{"id":"https://openalex.org/C141513077","wikidata":"https://www.wikidata.org/wiki/Q378542","display_name":"Independent and identically distributed random variables","level":3,"score":0.6463104486465454},{"id":"https://openalex.org/C2992525071","wikidata":"https://www.wikidata.org/wiki/Q50818671","display_name":"Federated learning","level":2,"score":0.6244760155677795},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5830584764480591},{"id":"https://openalex.org/C45357846","wikidata":"https://www.wikidata.org/wiki/Q2001982","display_name":"Notation","level":2,"score":0.5705313682556152},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.5615799427032471},{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.5573769211769104},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.4822831451892853},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.33958205580711365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3364272713661194},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.32090944051742554},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.307378351688385},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.30693140625953674},{"id":"https://openalex.org/C122123141","wikidata":"https://www.wikidata.org/wiki/Q176623","display_name":"Random variable","level":2,"score":0.10683625936508179},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2021.3128679","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3128679","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7246928032","display_name":null,"funder_award_id":"62032012","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W2060300932","https://openalex.org/W2133510502","https://openalex.org/W2319637375","https://openalex.org/W2473418344","https://openalex.org/W2526910689","https://openalex.org/W2535690855","https://openalex.org/W2582825155","https://openalex.org/W2591882872","https://openalex.org/W2607683755","https://openalex.org/W2767079719","https://openalex.org/W2774423163","https://openalex.org/W2791827614","https://openalex.org/W2884943453","https://openalex.org/W2887995258","https://openalex.org/W2897830718","https://openalex.org/W2912023992","https://openalex.org/W2912213068","https://openalex.org/W2963456518","https://openalex.org/W2963540401","https://openalex.org/W2964151798","https://openalex.org/W2964162474","https://openalex.org/W2990595670","https://openalex.org/W2995221956","https://openalex.org/W3016632787","https://openalex.org/W3040384242","https://openalex.org/W3042006926","https://openalex.org/W3082558286","https://openalex.org/W3083185154","https://openalex.org/W3095593352","https://openalex.org/W3109504587","https://openalex.org/W3110845456","https://openalex.org/W4205228770","https://openalex.org/W4232706428","https://openalex.org/W6640425456","https://openalex.org/W6684859321","https://openalex.org/W6728757088","https://openalex.org/W6746897123","https://openalex.org/W6752600739","https://openalex.org/W6763736615","https://openalex.org/W6770634426"],"related_works":["https://openalex.org/W4286971788","https://openalex.org/W3196405711","https://openalex.org/W3199340467","https://openalex.org/W4392303055","https://openalex.org/W3157608626","https://openalex.org/W3132132958","https://openalex.org/W3187232590","https://openalex.org/W4321612632","https://openalex.org/W4322580403","https://openalex.org/W4399147128"],"abstract_inverted_index":{"Federated":[0],"learning":[1,78,90,144],"allows":[2],"a":[3,11,24,63,120,171],"large":[4],"number":[5],"of":[6,28,50,61,96],"resource-constrained":[7],"clients":[8,20],"to":[9,57,91,128,141,179],"train":[10],"globally-shared":[12],"model":[13],"together":[14],"without":[15],"sharing":[16],"local":[17],"data.":[18,81],"These":[19],"usually":[21],"have":[22],"only":[23],"few":[25],"classes":[26,60],"(categories)":[27],"data":[29,34,62],"for":[30,53,88],"training,":[31],"where":[32],"the":[33,48,54,76,93,100,130,139,181],"distribution":[35],"is":[36,68],"non-iid":[37,80,142],"(not":[38],"independent":[39],"identically":[40],"distributed).":[41],"In":[42,134],"this":[43],"article,":[44],"we":[45,98,137],"put":[46],"forward":[47],"concept":[49],"<i>category":[51,105],"privacy</i>":[52],"first":[55,101],"time":[56],"indicate":[58],"<i>which":[59],"client":[64],"has</i>":[65],",":[66],"which":[67],"an":[69],"important":[70],"but":[71],"ignored":[72],"privacy":[73,95],"goal":[74,132],"in":[75,163,165],"federated":[77,89,143],"with":[79,146],"Although":[82],"secure":[83],"aggregation":[84],"protocols":[85,112],"are":[86],"designed":[87],"protect":[92,115],"input":[94],"clients,":[97],"perform":[99],"systematic":[102],"study":[103],"on":[104],"inference":[106],"attack</i>":[107],"and":[108,124,153,175],"demonstrate":[109],"that":[110],"these":[111],"cannot":[113],"fully":[114],"category":[116],"privacy.":[117],"We":[118,168],"design":[119],"differential":[121],"selection":[122],"strategy":[123],"two":[125,177],"de-noising":[126],"approaches":[127],"achieve":[129],"attack":[131,140,157,182],"successfully.":[133],"our":[135,156],"evaluation,":[136],"apply":[138],"settings":[145],"various":[147],"datasets.":[148],"On":[149],"MNIST,":[150],"CIFAR-10,":[151],"AG_news,":[152],"DBPedia":[154],"dataset,":[155],"achieves":[158],"<inline-formula><tex-math":[159],"notation=\"LaTeX\">$&gt;90\\%$</tex-math></inline-formula>":[160],"accuracy":[161],"measured":[162],"F1-score":[164],"most":[166],"cases.":[167],"further":[169],"consider":[170],"possible":[172],"detection":[173],"method":[174],"propose":[176],"strategies":[178],"make":[180],"more":[183],"inconspicuous.":[184]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":28},{"year":2024,"cited_by_count":17},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":4}],"updated_date":"2026-04-24T08:23:43.765630","created_date":"2025-10-10T00:00:00"}