{"id":"https://openalex.org/W4411635489","doi":"https://doi.org/10.1145/3731715.3733342","title":"FLAIN: Mitigating Backdoor Attacks in Federated Learning via Flipping Weight Updates of Low-Activation Input Neurons","display_name":"FLAIN: Mitigating Backdoor Attacks in Federated Learning via Flipping Weight Updates of Low-Activation Input Neurons","publication_year":2025,"publication_date":"2025-06-25","ids":{"openalex":"https://openalex.org/W4411635489","doi":"https://doi.org/10.1145/3731715.3733342"},"language":"en","primary_location":{"id":"doi:10.1145/3731715.3733342","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3731715.3733342","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 International Conference on Multimedia Retrieval","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102635871","display_name":"Binbin Ding","orcid":null},"institutions":[{"id":"https://openalex.org/I9842412","display_name":"Nanjing University of Aeronautics and Astronautics","ror":"https://ror.org/01scyh794","country_code":"CN","type":"education","lineage":["https://openalex.org/I9842412"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Binbin Ding","raw_affiliation_strings":["Nanjing University of Aeronautics and Astronautics, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0002-2968-0911","affiliations":[{"raw_affiliation_string":"Nanjing University of Aeronautics and Astronautics, Nanjing, China","institution_ids":["https://openalex.org/I9842412"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102968204","display_name":"Penghui Yang","orcid":"https://orcid.org/0009-0003-3626-5094"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Penghui Yang","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0003-3626-5094","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103204774","display_name":"Sheng-Jun Huang","orcid":"https://orcid.org/0000-0002-7673-5367"},"institutions":[{"id":"https://openalex.org/I9842412","display_name":"Nanjing University of Aeronautics and Astronautics","ror":"https://ror.org/01scyh794","country_code":"CN","type":"education","lineage":["https://openalex.org/I9842412"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sheng-Jun Huang","raw_affiliation_strings":["Nanjing University of Aeronautics and Astronautics, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0002-7673-5367","affiliations":[{"raw_affiliation_string":"Nanjing University of Aeronautics and Astronautics, Nanjing, China","institution_ids":["https://openalex.org/I9842412"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5102635871"],"corresponding_institution_ids":["https://openalex.org/I9842412"],"apc_list":null,"apc_paid":null,"fwci":6.5198,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.96241279,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"219","last_page":"227"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10502","display_name":"Advanced Memory and Neural Computing","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9801971912384033},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7183088660240173},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35926732420921326},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3430725932121277},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32541796565055847}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9801971912384033},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7183088660240173},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35926732420921326},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3430725932121277},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32541796565055847}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3731715.3733342","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3731715.3733342","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 International Conference on Multimedia Retrieval","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W2007339694","https://openalex.org/W2186222003","https://openalex.org/W2526529994","https://openalex.org/W2734358244","https://openalex.org/W2807363941","https://openalex.org/W2934843808","https://openalex.org/W2990138404","https://openalex.org/W3036791758","https://openalex.org/W3041107652","https://openalex.org/W3096718731","https://openalex.org/W3106047871","https://openalex.org/W3116740735","https://openalex.org/W3171189420","https://openalex.org/W3175919946","https://openalex.org/W3204468048","https://openalex.org/W3209100754","https://openalex.org/W3212023986","https://openalex.org/W4213234812","https://openalex.org/W4280564713","https://openalex.org/W4285117148","https://openalex.org/W4290790929","https://openalex.org/W4300470068","https://openalex.org/W4313192591","https://openalex.org/W4321021833","https://openalex.org/W4382469137","https://openalex.org/W4384835077","https://openalex.org/W4390871934","https://openalex.org/W4390874361","https://openalex.org/W4393156872","https://openalex.org/W6601645714","https://openalex.org/W6867847125"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W4401407399"],"abstract_inverted_index":{"Federated":[0],"learning":[1,10],"(FL)":[2],"enables":[3],"multiple":[4],"clients":[5,36],"to":[6,37,83,101,134],"collaboratively":[7],"train":[8],"machine":[9],"models":[11],"under":[12],"the":[13,23,28,41,91,120,126,130,144,169],"coordination":[14],"of":[15,78,93,147,153,171],"a":[16,70,151],"central":[17],"server,":[18],"while":[19,117,164],"maintaining":[20,165],"privacy.":[21],"However,":[22],"server":[24],"cannot":[25],"directly":[26],"monitor":[27],"local":[29],"training":[30],"processes,":[31],"leaving":[32],"room":[33],"for":[34,122],"malicious":[35,57,160],"introduce":[38],"backdoors":[39],"into":[40],"model.":[42],"Research":[43],"has":[44],"shown":[45],"that":[46,52,140],"backdoor":[47,85,148],"attacks":[48,86,149],"exploit":[49],"specific":[50],"neurons":[51,105],"are":[53],"activated":[54],"only":[55],"by":[56],"inputs,":[58],"remaining":[59],"dormant":[60],"with":[61],"clean":[62,172],"data.":[63,173],"Building":[64],"on":[65,129,168],"this":[66],"insight,":[67],"we":[68,96],"propose":[69],"novel":[71],"defense":[72],"method":[73],"called":[74],"Flipping":[75],"Weight":[76],"Updates":[77],"Low-Activation":[79],"Input":[80],"Neurons":[81],"(FLAIN)":[82],"counter":[84],"in":[87],"FL.":[88],"Specifically,":[89],"upon":[90],"completion":[92],"global":[94],"training,":[95],"use":[97],"an":[98],"auxiliary":[99,131],"dataset":[100],"identify":[102],"low-activation":[103,123],"input":[104],"and":[106,158],"iteratively":[107],"flip":[108],"their":[109],"associated":[110],"weight":[111],"updates.":[112],"This":[113],"flipping":[114],"process":[115],"continues":[116],"progressively":[118],"raising":[119],"threshold":[121],"neurons,":[124],"until":[125],"model's":[127],"performance":[128,170],"data":[132,156],"begins":[133],"degrade":[135],"significantly.":[136],"Extensive":[137],"experiments":[138],"demonstrate":[139],"FLAIN":[141],"effectively":[142],"reduces":[143],"success":[145],"rate":[146],"across":[150],"variety":[152],"scenarios,including":[154],"Non-IID":[155],"distributions":[157],"high":[159],"client":[161],"ratios":[162],"(MCR),":[163],"minimal":[166],"impact":[167],"The":[174],"source":[175],"code":[176],"is":[177],"available":[178],"at:":[179],"FLAIN.":[180]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}