{"id":"https://openalex.org/W4389215104","doi":"https://doi.org/10.1145/3617574.3617858","title":"FedDefender: Backdoor Attack Defense in Federated Learning","display_name":"FedDefender: Backdoor Attack Defense in Federated Learning","publication_year":2023,"publication_date":"2023-12-01","ids":{"openalex":"https://openalex.org/W4389215104","doi":"https://doi.org/10.1145/3617574.3617858"},"language":"en","primary_location":{"id":"doi:10.1145/3617574.3617858","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617574.3617858","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3617574.3617858","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st International Workshop on Dependability and Trustworthiness of Safety-Critical Systems with Machine Learned Components","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3617574.3617858","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007292608","display_name":"Waris Gill","orcid":null},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Waris Gill","raw_affiliation_strings":["Virginia Tech, Blacksburg, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Virginia Tech, Blacksburg, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054645319","display_name":"Ali Anwar","orcid":"https://orcid.org/0000-0003-4487-2436"},"institutions":[{"id":"https://openalex.org/I130238516","display_name":"University of Minnesota","ror":"https://ror.org/017zqws13","country_code":"US","type":"education","lineage":["https://openalex.org/I130238516"]},{"id":"https://openalex.org/I4210101327","display_name":"Twin Cities Orthopedics","ror":"https://ror.org/01en4s460","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I4210101327"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ali Anwar","raw_affiliation_strings":["University of Minnesota Twin Cities, Minneapolis, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Minnesota Twin Cities, Minneapolis, USA","institution_ids":["https://openalex.org/I4210101327","https://openalex.org/I130238516"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003747461","display_name":"Muhammad Ali Gulzar","orcid":"https://orcid.org/0000-0002-8007-8662"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Muhammad Ali Gulzar","raw_affiliation_strings":["Virginia Tech, Blacksburg, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Virginia Tech, Blacksburg, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5007292608"],"corresponding_institution_ids":["https://openalex.org/I859038795"],"apc_list":null,"apc_paid":null,"fwci":1.3366,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.84969722,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"6","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9888861179351807},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6226603388786316},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5680334568023682}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9888861179351807},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6226603388786316},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5680334568023682}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3617574.3617858","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617574.3617858","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3617574.3617858","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st International Workshop on Dependability and Trustworthiness of Safety-Critical Systems with Machine Learned Components","raw_type":"proceedings-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/118228","is_oa":true,"landing_page_url":"https://hdl.handle.net/10919/118228","pdf_url":"https://vtechworks.lib.vt.edu/bitstreams/6c1daf3e-94c0-489e-81bb-567256a5c948/download","source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1145/3617574.3617858","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617574.3617858","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3617574.3617858","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st International Workshop on Dependability and Trustworthiness of Safety-Critical Systems with Machine Learned Components","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","score":0.49000000953674316,"display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4389215104.pdf","grobid_xml":"https://content.openalex.org/works/W4389215104.grobid-xml"},"referenced_works_count":5,"referenced_works":["https://openalex.org/W2616028256","https://openalex.org/W2934843808","https://openalex.org/W3175919946","https://openalex.org/W4238083723","https://openalex.org/W4384345756"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W4386080799","https://openalex.org/W4401407399"],"abstract_inverted_index":{"Federated":[0],"Learning":[1],"(FL)":[2],"is":[3,87],"a":[4,23,30,44,54,76,102,107],"privacy-preserving":[5],"distributed":[6],"machine":[7],"learning":[8],"technique":[9],"that":[10,126],"enables":[11],"individual":[12],"clients":[13],"(e.g.,":[14],"user":[15],"participants,":[16],"edge":[17],"devices,":[18],"or":[19],"organizations)":[20],"to":[21,42,100,138],"train":[22],"model":[24,38,46,144],"on":[25,72],"their":[26],"local":[27],"data":[28],"in":[29,61],"secure":[31],"environment":[32],"and":[33,114,119,122],"then":[34],"share":[35],"the":[36,82,94,133,142],"trained":[37],"with":[39,117],"an":[40],"aggregator":[41],"build":[43],"global":[45,143],"collaboratively.":[47],"In":[48],"this":[49],"work,":[50],"we":[51],"propose":[52],"FedDefender,":[53],"defense":[55],"mechanism":[56],"against":[57],"targeted":[58],"poisoning":[59],"attacks":[60],"FL":[62],"by":[63],"leveraging":[64],"differential":[65,70],"testing.":[66],"FedDefender":[67,92,111,127],"first":[68],"applies":[69],"testing":[71],"clients\u2019":[73,98],"models":[74,99],"using":[75,112],"synthetic":[77,90],"input.":[78],"Instead":[79],"of":[80,97],"comparing":[81],"output":[83],"(predicted":[84],"label),":[85],"which":[86],"unavailable":[88],"for":[89],"input,":[91],"fingerprints":[93],"neuron":[95],"activations":[96],"identify":[101],"potentially":[103],"malicious":[104],"client":[105],"containing":[106],"backdoor.":[108],"We":[109],"evaluate":[110],"MNIST":[113],"FashionMNIST":[115],"datasets":[116],"20":[118],"30":[120],"clients,":[121],"our":[123],"results":[124],"demonstrate":[125],"effectively":[128],"mitigates":[129],"such":[130],"attacks,":[131],"reducing":[132],"attack":[134],"success":[135],"rate":[136],"(ASR)":[137],"10%":[139],"without":[140],"deteriorating":[141],"performance.":[145]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":1}],"updated_date":"2026-05-14T08:36:36.166977","created_date":"2025-10-10T00:00:00"}