{"id":"https://openalex.org/W4412082064","doi":"https://doi.org/10.1109/tifs.2025.3586491","title":"Poisoning Attacks to Knowledge Distillation-Based Federated Learning Under Robust Aggregation Rules","display_name":"Poisoning Attacks to Knowledge Distillation-Based Federated Learning Under Robust Aggregation Rules","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4412082064","doi":"https://doi.org/10.1109/tifs.2025.3586491"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3586491","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3586491","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083836256","display_name":"Xiaoyi Pang","orcid":"https://orcid.org/0000-0002-2763-2695"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaoyi Pang","raw_affiliation_strings":["State Key Laboratory of Blockchain and Data Security and the School of Cyber Science and Technology, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-2763-2695","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security and the School of Cyber Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100422345","display_name":"Zhibo Wang","orcid":"https://orcid.org/0000-0002-5804-3279"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhibo Wang","raw_affiliation_strings":["State Key Laboratory of Blockchain and Data Security and the School of Cyber Science and Technology, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-5804-3279","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security and the School of Cyber Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108999805","display_name":"Defang Liu","orcid":"https://orcid.org/0000-0002-6981-1755"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Defang Liu","raw_affiliation_strings":["School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100702750","display_name":"Jiahui Hu","orcid":"https://orcid.org/0000-0001-8771-7474"},"institutions":[{"id":"https://openalex.org/I141649914","display_name":"Nanchang University","ror":"https://ror.org/042v6xz23","country_code":"CN","type":"education","lineage":["https://openalex.org/I141649914"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiahui Hu","raw_affiliation_strings":["School of Mathematics and Computer Sciences, Nanchang University, Nanchang, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Mathematics and Computer Sciences, Nanchang University, Nanchang, China","institution_ids":["https://openalex.org/I141649914"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089450416","display_name":"Peng Sun","orcid":"https://orcid.org/0000-0001-6221-8142"},"institutions":[{"id":"https://openalex.org/I16609230","display_name":"Hunan University","ror":"https://ror.org/05htk5m33","country_code":"CN","type":"education","lineage":["https://openalex.org/I16609230"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peng Sun","raw_affiliation_strings":["College of Computer Science and Electronic Engineering, Hunan University, Changsha, China"],"raw_orcid":"https://orcid.org/0000-0001-6221-8142","affiliations":[{"raw_affiliation_string":"College of Computer Science and Electronic Engineering, Hunan University, Changsha, China","institution_ids":["https://openalex.org/I16609230"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Meng Luo","orcid":"https://orcid.org/0009-0008-3432-3445"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Meng Luo","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0008-3432-3445","affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5105297718","display_name":"Kui Ren","orcid":"https://orcid.org/0000-0002-1969-2591"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kui Ren","raw_affiliation_strings":["State Key Laboratory of Blockchain and Data Security and the School of Cyber Science and Technology, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-1969-2591","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security and the School of Cyber Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5083836256"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":6.5198,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.96285523,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"20","issue":null,"first_page":"7061","last_page":"7076"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8139247298240662},{"id":"https://openalex.org/keywords/distillation","display_name":"Distillation","score":0.5659850239753723},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5094636082649231}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8139247298240662},{"id":"https://openalex.org/C204030448","wikidata":"https://www.wikidata.org/wiki/Q101017","display_name":"Distillation","level":2,"score":0.5659850239753723},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5094636082649231},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3586491","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3586491","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Zero hunger","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/2"}],"awards":[{"id":"https://openalex.org/G1056004441","display_name":null,"funder_award_id":"62122066","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1364758715","display_name":null,"funder_award_id":"62102337","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4356286270","display_name":null,"funder_award_id":"2023JJ40174","funder_id":"https://openalex.org/F4320322843","funder_display_name":"Natural Science Foundation of\u00a0Hunan Province"},{"id":"https://openalex.org/G7739433689","display_name":null,"funder_award_id":"62472158","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8999494135","display_name":null,"funder_award_id":"U24B20182","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322843","display_name":"Natural Science Foundation of\u00a0Hunan Province","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":51,"referenced_works":["https://openalex.org/W1821462560","https://openalex.org/W2788308444","https://openalex.org/W2788816110","https://openalex.org/W2955213239","https://openalex.org/W2962763344","https://openalex.org/W2972594657","https://openalex.org/W2980216952","https://openalex.org/W3018464563","https://openalex.org/W3021026170","https://openalex.org/W3033686777","https://openalex.org/W3037913917","https://openalex.org/W3042871071","https://openalex.org/W3045674654","https://openalex.org/W3087391814","https://openalex.org/W3138153888","https://openalex.org/W3152624284","https://openalex.org/W3206985409","https://openalex.org/W4213446860","https://openalex.org/W4224227775","https://openalex.org/W4226101686","https://openalex.org/W4229455429","https://openalex.org/W4285203327","https://openalex.org/W4313042326","https://openalex.org/W4320481068","https://openalex.org/W4366815236","https://openalex.org/W4368232849","https://openalex.org/W4386767075","https://openalex.org/W4387068389","https://openalex.org/W4390492902","https://openalex.org/W4390664235","https://openalex.org/W4391305466","https://openalex.org/W4391463760","https://openalex.org/W4401039016","https://openalex.org/W4403052635","https://openalex.org/W6725794477","https://openalex.org/W6728757088","https://openalex.org/W6743821447","https://openalex.org/W6748268456","https://openalex.org/W6748786018","https://openalex.org/W6752600739","https://openalex.org/W6756840679","https://openalex.org/W6757643485","https://openalex.org/W6758201434","https://openalex.org/W6765541894","https://openalex.org/W6768632158","https://openalex.org/W6770634426","https://openalex.org/W6780640148","https://openalex.org/W6788876066","https://openalex.org/W6796484261","https://openalex.org/W6848309167","https://openalex.org/W6861707932"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Federated":[0],"learning":[1,48],"(FL)":[2],"is":[3],"susceptible":[4],"to":[5,23,45,83,122,134,167,176],"poisoning":[6,72,119],"attacks.":[7,217],"To":[8,89,143],"defend":[9],"against":[10],"such":[11,94],"threats,":[12],"robust":[13,109,126,196,200],"aggregation":[14],"rules":[15],"(AGRs)":[16],"are":[17,164],"typically":[18],"deployed":[19],"on":[20,32],"the":[21,66,85,102,106,116,140,182,188,202],"server":[22],"identify":[24],"or":[25],"filter":[26],"clients\u2019":[27],"potentially":[28],"malicious":[29,137,161],"submissions":[30],"based":[31],"statistical":[33],"similarity.":[34],"Recently,":[35],"knowledge":[36],"distillation":[37],"(KD)":[38],"has":[39],"been":[40],"widely":[41],"used":[42],"in":[43,105,111],"FL":[44,124],"facilitate":[46],"collaborative":[47],"among":[49],"clients":[50,133],"that":[51,163,214],"have":[52],"heterogeneous":[53],"model":[54,61,80,87,104,204],"architectures":[55],"by":[56,208],"aggregating":[57],"and":[58,92,99,147,180,195],"distilling":[59],"architecture-independent":[60],"outputs":[62],"(i.e.,":[63],"logits).":[64],"However,":[65],"KD":[67,141],"process":[68],"introduces":[69],"a":[70,95],"novel":[71],"attack":[73,120,145],"surface,":[74],"where":[75],"adversaries":[76],"can":[77,171,211],"manipulate":[78],"local":[79],"output":[81],"logits":[82,138,162,169,175],"ruin":[84],"global":[86,103,183,203],"performance.":[88],"fully":[90],"reveal":[91],"explore":[93],"new":[96],"security":[97],"vulnerability":[98],"effectively":[100],"poison":[101],"existence":[107],"of":[108,190,215],"AGRs,":[110,127,201],"this":[112],"paper,":[113],"we":[114],"propose":[115],"first":[117],"untargeted":[118],"scheme":[121],"KD-based":[123],"under":[125,192,199],"named":[128],"ManipulatingKD.":[129],"It":[130],"manipulates":[131],"compromised":[132],"send":[135],"well-designed":[136],"during":[139],"process.":[142],"ensure":[144],"effectiveness":[146,189],"stealthiness,":[148],"ManipulatingKD":[149,191],"models":[150],"attacks":[151,210],"as":[152],"constrained":[153],"optimization":[154],"problems.":[155],"This":[156],"allows":[157],"for":[158],"crafting":[159],"satisfactory":[160],"statistically":[165],"similar":[166],"benign":[168],"but":[170],"generate":[172],"poisoned":[173],"aggregated":[174],"provide":[177],"deviated":[178],"supervision":[179],"mislead":[181],"model.":[184],"Extensive":[185],"experiments":[186],"demonstrate":[187],"both":[193],"non-robust":[194],"AGRs.":[197],"Particularly,":[198],"accuracy":[205],"degradation":[206],"caused":[207],"our":[209],"exceed":[212],"2\u00d7":[213],"state-of-the-art":[216]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}