{"id":"https://openalex.org/W7127142378","doi":"https://doi.org/10.1109/trustcom66490.2025.00205","title":"Exploring Subtle Manipulation Vulnerabilities in Federated Distillation","display_name":"Exploring Subtle Manipulation Vulnerabilities in Federated Distillation","publication_year":2025,"publication_date":"2025-11-14","ids":{"openalex":"https://openalex.org/W7127142378","doi":"https://doi.org/10.1109/trustcom66490.2025.00205"},"language":null,"primary_location":{"id":"doi:10.1109/trustcom66490.2025.00205","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00205","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Peiyan Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peiyan Chen","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Changsheng Wan","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Changsheng Wan","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053200432","display_name":"Hao Zou","orcid":"https://orcid.org/0000-0001-8416-3664"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hao Zou","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056851061","display_name":"Wen Tian","orcid":"https://orcid.org/0000-0002-4708-2459"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210090176","display_name":"Institute of Computing Technology","ror":"https://ror.org/0090r4d87","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210090176"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tian Wen","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Computing Technology,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Computing Technology,Beijing,China","institution_ids":["https://openalex.org/I4210090176","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124770309","display_name":"Zhiyuan Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210090176","display_name":"Institute of Computing Technology","ror":"https://ror.org/0090r4d87","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210090176"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhiyuan Wu","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Computing Technology,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Computing Technology,Beijing,China","institution_ids":["https://openalex.org/I4210090176","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.80840593,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1765","last_page":"1774"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.6858000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.6858000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.08950000256299973,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.018799999728798866,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7728000283241272},{"id":"https://openalex.org/keywords/federated-learning","display_name":"Federated learning","score":0.5575000047683716},{"id":"https://openalex.org/keywords/cosine-similarity","display_name":"Cosine similarity","score":0.49050000309944153},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.37369999289512634},{"id":"https://openalex.org/keywords/distillation","display_name":"Distillation","score":0.3513000011444092},{"id":"https://openalex.org/keywords/scaling","display_name":"Scaling","score":0.33079999685287476},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.32170000672340393}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8065999746322632},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7728000283241272},{"id":"https://openalex.org/C2992525071","wikidata":"https://www.wikidata.org/wiki/Q50818671","display_name":"Federated learning","level":2,"score":0.5575000047683716},{"id":"https://openalex.org/C2780762811","wikidata":"https://www.wikidata.org/wiki/Q1784941","display_name":"Cosine similarity","level":3,"score":0.49050000309944153},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4041000008583069},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.37369999289512634},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3637000024318695},{"id":"https://openalex.org/C204030448","wikidata":"https://www.wikidata.org/wiki/Q101017","display_name":"Distillation","level":2,"score":0.3513000011444092},{"id":"https://openalex.org/C99844830","wikidata":"https://www.wikidata.org/wiki/Q102441924","display_name":"Scaling","level":2,"score":0.33079999685287476},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.32170000672340393},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.32109999656677246},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.31150001287460327},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.31119999289512634},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3077999949455261},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.30730000138282776},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3018999993801117},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2833000123500824},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26429998874664307},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2565999925136566},{"id":"https://openalex.org/C140331021","wikidata":"https://www.wikidata.org/wiki/Q1868104","display_name":"Logit","level":2,"score":0.25380000472068787},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.25270000100135803}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/trustcom66490.2025.00205","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00205","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.8081451654434204}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W3015636663","https://openalex.org/W3138597937","https://openalex.org/W3141518839","https://openalex.org/W3212941463","https://openalex.org/W4288057793","https://openalex.org/W4290948380","https://openalex.org/W4293791267","https://openalex.org/W4382119217","https://openalex.org/W4384948726","https://openalex.org/W4385299238","https://openalex.org/W4388857039","https://openalex.org/W4390399890","https://openalex.org/W4390664235","https://openalex.org/W4391528168","https://openalex.org/W4401039016","https://openalex.org/W4401508321","https://openalex.org/W4402040190","https://openalex.org/W4402264021","https://openalex.org/W4403582721"],"related_works":[],"abstract_inverted_index":{"Federated":[0,8,86],"Distillation":[1,87],"(FD)":[2],"offers":[3],"significant":[4],"advantages":[5],"over":[6],"conventional":[7],"Learning":[9],"(FL)":[10],"by":[11,52],"transmitting":[12],"model":[13,18,26,155],"outputs":[14],"(logits)":[15],"instead":[16],"of":[17,115,169],"parameters,":[19],"reducing":[20,154],"communication":[21],"costs":[22],"and":[23,74,99,125,143],"supporting":[24],"heterogeneous":[25],"architectures.":[27],"However,":[28,62],"FD":[29],"systems":[30],"remain":[31],"vulnerable":[32],"to":[33,41,55,70,107,135],"poisoning":[34],"attacks,":[35],"where":[36],"local":[37],"logits":[38,106],"are":[39],"manipulated":[40],"corrupt":[42],"the":[43,85,113],"global":[44],"aggregation":[45],"process.":[46],"The":[47,166],"current":[48],"defense":[49],"mechanism,":[50],"represented":[51],"SVAFD,":[53],"attempts":[54],"counter":[56],"malicious":[57,138],"updates":[58],"using":[59],"cosine":[60,133],"similarity.":[61],"we":[63,83],"find":[64],"that":[65,146],"such":[66],"a":[67,91],"method":[68],"fails":[69],"detect":[71],"subtle":[72],"perturbations":[73],"scale":[75],"variations":[76],"in":[77,153],"logits.":[78],"To":[79],"expose":[80],"these":[81],"weaknesses,":[82],"propose":[84],"Similarity-Based":[88],"Attack":[89],"(FDSA),":[90],"three-stage":[92],"attack":[93],"comprising":[94],"peak":[95],"shuffle,":[96],"mean":[97],"regression,":[98],"dynamic":[100],"scaling.":[101],"FDSA":[102,130,147],"subtly":[103],"manipulates":[104],"client":[105],"evade":[108],"detection":[109],"while":[110],"significantly":[111],"degrading":[112],"robustness":[114,162],"server-side":[116],"aggregation.":[117],"By":[118],"altering":[119],"class":[120],"priorities,":[121],"increasing":[122],"logit":[123],"entropy,":[124],"dynamically":[126],"adjusting":[127],"scaling":[128],"factors,":[129],"maintains":[131],"high":[132],"similarity":[134],"mask":[136],"its":[137,161],"intent.":[139],"Experiments":[140],"on":[141],"FMNIST":[142],"SVHN":[144],"show":[145],"surpasses":[148],"five":[149],"state-of-the-art":[150],"baseline":[151],"attacks":[152],"accuracy,":[156],"with":[157],"ablation":[158],"studies":[159],"confirming":[160],"across":[163],"diverse":[164],"settings.":[165],"source":[167],"code":[168],"this":[170],"paper":[171],"is":[172],"available":[173],"at":[174],"https://github.com/SHOWY118/FDSA.":[175]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-02-03T00:00:00"}