{"id":"https://openalex.org/W4367046777","doi":"https://doi.org/10.1145/3543507.3583542","title":"AgrEvader: Poisoning Membership Inference against Byzantine-robust Federated Learning","display_name":"AgrEvader: Poisoning Membership Inference against Byzantine-robust Federated Learning","publication_year":2023,"publication_date":"2023-04-26","ids":{"openalex":"https://openalex.org/W4367046777","doi":"https://doi.org/10.1145/3543507.3583542"},"language":"en","primary_location":{"id":"doi:10.1145/3543507.3583542","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3543507.3583542","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2023","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/conference_contribution/AgrEvader_Poisoning_Membership_Inference_against_Byzantine-robust_Federated_Learning/23512236","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100449630","display_name":"Yanjun Zhang","orcid":"https://orcid.org/0000-0001-5611-3483"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Yanjun Zhang","raw_affiliation_strings":["Deakin University, Australia"],"affiliations":[{"raw_affiliation_string":"Deakin University, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015858067","display_name":"Guangdong Bai","orcid":"https://orcid.org/0000-0002-6390-9890"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Guangdong Bai","raw_affiliation_strings":["The University of Queensland, Australia"],"affiliations":[{"raw_affiliation_string":"The University of Queensland, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063839073","display_name":"M.A.P. Chamikara","orcid":"https://orcid.org/0000-0002-4286-3774"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mahawaga Arachchige Pathum Chamikara","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083683118","display_name":"Mengyao Ma","orcid":"https://orcid.org/0000-0002-5550-5845"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mengyao Ma","raw_affiliation_strings":["The University of Queensland, Australia"],"affiliations":[{"raw_affiliation_string":"The University of Queensland, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037232394","display_name":"Liyue Shen","orcid":"https://orcid.org/0000-0002-5874-8316"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Liyue Shen","raw_affiliation_strings":["The University of Queensland, Australia"],"affiliations":[{"raw_affiliation_string":"The University of Queensland, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079740424","display_name":"Jingwei Wang","orcid":"https://orcid.org/0000-0002-2301-7409"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jingwei Wang","raw_affiliation_strings":["The University of Queensland, Australia"],"affiliations":[{"raw_affiliation_string":"The University of Queensland, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060360009","display_name":"Minhui Xue","orcid":"https://orcid.org/0000-0001-5411-5039"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Minhui Xue","raw_affiliation_strings":["CSIRO's Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002221335","display_name":"Long Wang","orcid":"https://orcid.org/0000-0001-8304-0670"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Long Wang","raw_affiliation_strings":["Intelligent Engine Department, Ant Group, MYBank, China"],"affiliations":[{"raw_affiliation_string":"Intelligent Engine Department, Ant Group, MYBank, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023687478","display_name":"Joseph K. Liu","orcid":"https://orcid.org/0000-0001-6656-6240"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Joseph Liu","raw_affiliation_strings":["Monash University, Australia"],"affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5100449630"],"corresponding_institution_ids":["https://openalex.org/I149704539"],"apc_list":null,"apc_paid":null,"fwci":3.4743,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.93904876,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2371","last_page":"2382"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.9632999897003174,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7443511486053467},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7406842708587646},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6430456638336182},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6230250597000122},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6026782989501953},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5184175968170166},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.44531989097595215},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4422968029975891},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44132474064826965}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7443511486053467},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7406842708587646},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6430456638336182},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6230250597000122},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6026782989501953},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5184175968170166},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44531989097595215},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4422968029975891},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44132474064826965},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3543507.3583542","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3543507.3583542","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2023","raw_type":"proceedings-article"},{"id":"pmh:oai:figshare.com:article/23512236","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/AgrEvader_Poisoning_Membership_Inference_against_Byzantine-robust_Federated_Learning/23512236","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"pmh:oai:research-repository.griffith.edu.au:10072/424886","is_oa":true,"landing_page_url":"http://hdl.handle.net/10072/424886","pdf_url":null,"source":{"id":"https://openalex.org/S4306402548","display_name":"Griffith Research Online (Griffith University, Queensland, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11701301","host_organization_name":"Griffith University","host_organization_lineage":["https://openalex.org/I11701301"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/23512236","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/AgrEvader_Poisoning_Membership_Inference_against_Byzantine-robust_Federated_Learning/23512236","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[{"score":0.8199999928474426,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W2473418344","https://openalex.org/W2535690855","https://openalex.org/W2701059868","https://openalex.org/W2765200655","https://openalex.org/W2766831133","https://openalex.org/W2767079719","https://openalex.org/W2788388592","https://openalex.org/W2788816110","https://openalex.org/W2794624686","https://openalex.org/W2795435272","https://openalex.org/W2884943453","https://openalex.org/W2908294040","https://openalex.org/W2911495555","https://openalex.org/W2912083425","https://openalex.org/W2930926105","https://openalex.org/W2951059495","https://openalex.org/W2962763344","https://openalex.org/W2963456518","https://openalex.org/W2978662361","https://openalex.org/W2983140679","https://openalex.org/W2995191368","https://openalex.org/W2997200074","https://openalex.org/W3033511014","https://openalex.org/W3038398868","https://openalex.org/W3097371090","https://openalex.org/W3103245149","https://openalex.org/W3122816307","https://openalex.org/W3138153888","https://openalex.org/W3212600502","https://openalex.org/W3214437258","https://openalex.org/W4214858327","https://openalex.org/W4285240195","https://openalex.org/W4308643663","https://openalex.org/W4311165733","https://openalex.org/W6657138077"],"related_works":["https://openalex.org/W4320018150","https://openalex.org/W4239582170","https://openalex.org/W3048732067","https://openalex.org/W2918664383","https://openalex.org/W106056076","https://openalex.org/W4320855730","https://openalex.org/W4383468834","https://openalex.org/W2135200719","https://openalex.org/W4283221438","https://openalex.org/W2900159906"],"abstract_inverted_index":{"The":[0,47,245],"Poisoning":[1],"Membership":[2],"Inference":[3],"Attack":[4],"(PMIA)":[5],"is":[6,56,98,136,192,247],"a":[7,14,66,69,83,151,178,218],"newly":[8],"emerging":[9],"privacy":[10],"attack":[11,54,180],"that":[12,55,73,97,107,132,153],"poses":[13],"significant":[15],"threat":[16,222],"to":[17,33,86,101,114,125,187,200],"federated":[18],"learning":[19],"(FL).":[20],"An":[21],"adversary":[22],"conducts":[23],"data":[24,45],"poisoning":[25,53,103],"(i.e.,":[26],"performing":[27],"adversarial":[28,156],"manipulations":[29],"on":[30,59,158,211],"training":[31],"examples)":[32],"extract":[34],"membership":[35],"information":[36],"by":[37,145,166],"exploiting":[38],"the":[39,51,88,93,117,120,133,139,155,159,164,201,206],"changes":[40],"in":[41,128,205],"loss":[42],"resulting":[43],"from":[44],"poisoning.":[46],"PMIA":[48,91,152,203],"significantly":[49,170],"exacerbates":[50],"traditional":[52],"primarily":[57],"focused":[58],"model":[60],"corruption.":[61],"However,":[62],"there":[63],"has":[64],"been":[65],"lack":[67],"of":[68,90,182,197,221],"comprehensive":[70,219],"systematic":[71],"study":[72],"thoroughly":[74],"investigates":[75],"this":[76,79,146],"topic.":[77],"In":[78],"work,":[80],"we":[81,148],"conduct":[82],"benchmark":[84],"evaluation":[85],"assess":[87],"performance":[89],"against":[92,116,217],"Byzantine-robust":[94,167],"FL":[95],"setting":[96],"specifically":[99],"designed":[100],"mitigate":[102],"attacks.":[104],"We":[105,208],"find":[106],"all":[108,242],"existing":[109,172],"coordinate-wise":[110],"averaging":[111],"mechanisms":[112],"fail":[113],"defend":[115],"PMIA,":[118],"while":[119,162],"detect-then-drop":[121],"strategy":[122],"was":[123],"proven":[124],"be":[126],"effective":[127],"most":[129],"cases,":[130],"implying":[131],"poison":[134],"injection":[135],"memorized":[137],"and":[138,228,233],"poisonous":[140],"effect":[141],"rarely":[142],"dissipates.":[143],"Inspired":[144],"observation,":[147],"propose":[149],"AgrEvader,":[150],"maximizes":[154],"impact":[157],"victim":[160],"samples":[161],"circumventing":[163],"detection":[165],"mechanisms.":[168],"AgrEvader":[169,176,210,236],"outperforms":[171],"PMIAs.":[173],"For":[174],"instance,":[175],"achieved":[177],"high":[179,239],"accuracy":[181,195,240],"between":[183],"72.78%":[184],"(on":[185,189],"CIFAR-10)":[186],"97.80%":[188],"Texas100),":[190],"which":[191,224],"an":[193],"average":[194],"increase":[196],"13.89%":[198],"compared":[199],"strongest":[202],"reported":[204],"literature.":[207],"evaluated":[209],"five":[212],"datasets":[213],"across":[214,241],"different":[215],"domains,":[216],"list":[220],"models,":[223],"included":[225],"black-box,":[226],"gray-box":[227],"white-box":[229],"models":[230],"for":[231],"targeted":[232],"non-targeted":[234],"scenarios.":[235],"demonstrated":[237],"consistent":[238],"settings":[243],"tested.":[244],"code":[246],"available":[248],"at:":[249],"https://github.com/PrivSecML/AgrEvader.":[250]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}