Skip to content
/ FLpaper Public

A Curated List of Must-read Papers on Federated Learning attack and defense

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CPZXJ/FLpaper

BranchesTags

Repository files navigation

English | 中文

Must-read papers on Federated Learning attack and defense

Introduction

This repository provides a curated list of papers and tutorials on federated learning (FL), including systematic tutorials, Existing Surveys, horizontal federated learning, vertical federated learning, federated transfer learning, federated recommendation scenarios, data poisoning attacks, model poisoning attacks, data poisoning defenses, model poisoning defenses, privacy-preserving federated learning, privacy-preserving federated recommendation, existing attacks in federated recommendation, existing defenses in federated recommendation, some open source codes, etc.

* Please help to contribute this list by adding pull request with the template below.Thank you to all contributors!

- Author Name et al. **Paper Name.**  Conference/Journal, Year.

Table of Contents

System Tutorials

  • Yang et al. Federated Learning. SLAIML, 2021.

Existing Surveys

  • Zhou et al. 联邦学习研究综述. 网络与信息安全学报, 2021.
  • Liang et al. 基于联邦学习的推荐系统综述. 中国科学, 2022.
  • Wu et al. 联邦学习攻击与防御综述. 大数据, 2022.
  • Chen et al. 联邦学习攻防研究综述. 计算机科学, 2022.
  • Gu et al. 联邦学习模型安全与隐私研究进展. 软件学报, 2022.
  • Shi et al. challenges and approaches for mitigating byzantine attacks in federated learning. IEEE ICTSP, 2022.
  • Xiao et al. 联邦学习的隐私保护与安全防御研究综述. 计算机学报, 2023.
  • Gao et al. 联邦学习系统攻击与防御技术研究综述. 计算机学报, 2023.
  • Sun et al. 联邦学习拜占庭攻击与防御研究综述. 网络空间安全科学学报, 2023.
  • Yang et al. 联邦学习与攻防对抗综述. 信息网络安全, 2023.
  • Sun et
    al.Data_and_Model_Poisoning_Backdoor_Attacks_on_Wireless_Federated_Learning_and_the_Defense_Mechanisms_A_Comprehensive_Survey. IEEE CSAT, 2024.
  • Chen et al. 联邦学习中的安全威胁与防御措施综述. 计算机应用, 2024.
  • Zhang et al. 联邦学习中的攻击手段与防御机制研究综述. 计算机工程与应用, 2024.

Horizontal Federated Learning

  • Zhang et al. Federated Feature Selection for Horizontal Federated Learning in IoT Networks. IEEE IoT-J, 2023.

Vertical Federated Learning

  • Chen et al. 面向纵向联邦学习的对抗样本生成算法. 通信学报, 2023.
  • Lai et al. VFedAD A Defense Method Based on the Information. CIKD CCFB, 2023.

Federated Transfer Learning

  • Liu et al. A Secure Federated Transfer Learning Framework. IEEE IS, 2023.

Federated Recommendation Scenarios

  • Chen et al. 一种基于注意力联邦蒸馏的推荐方法. 软件学报, 2020.
  • Rong et al. poisoning deep learning based recommender model in federated learning scenarios. IJCAL, 2022.

Data Poisoning Attacks

  • Xiao et al. Adversarial label flips attack on support vector machines. ECAL, 2012.
  • Rosenfeld et al. certified robustness to label-flipping attacks via randomized smoothing. ICML, 2020.
  • Bagdasaryan et al. How to backdoor federated learning . ICML, 2020.
  • Sun et al. data posioning attacks on federated machine learning . IEEE ITOJ, 2021.
  • Xu et al. More is Better(mostly)_on the backdoor attacks in federated learning. ACSAC, 2022.
  • Rieger et al. Deepsight_mitigating backdoor attacks in federated learning through deep model inspection. NDSS, 2022.
  • Fang et al. On the vulnerability of backdoor defenses for federated learning. AAAI, 2023.
  • Liu et al. Poisoning_Attack_based_on_Data_Feature_Selection_in_Federated_Learning. IEEE Confluence, 2023.
  • Xu et al. Shadowcast Stealthy Data Poisoning Attacks against Vision-language Model NeurIPS, 2024.
  • Pawelczyk et al. Machine Unlearning Fails to Remove Data Poisoning Attacks arXiv, 2024.
  • Cotroneo et al. Vulnerabilities in AI Code Generators Exploring Targeted Data Poisoning Attack ICPC, 2024.
  • Yang et al. Data Poisoning Attacks Against Multimodal Encoders PMLR, 2023.
  • Zhang et al. Data_Poisoning_based_Backdoor_Attacks_to_Contrastive_Learning CVPR, 2024.
  • Cina et al. Machine Learning Security against Data Poisoning Are We There Yet arXiv, 2024.

Model Poisoning Attacks

  • Baruch et al. a-little-is-enough-circumventing-defenses-for-distributed-learning-Paper. NeurIPS, 2019.
  • Fang et al. local model poisoning attacks to byzantine-robust federated learning. usenix, 2020.
  • Shejwalkar et al. Manipulating the byzantine_Optimizing model poisoning attacks and defense for federated learning. NDSS, 2021.
  • Cao et al. MPAF_Model_Poisoning_Attacks_to_Federated_Learning_Based_on_Fake. CVPR, 2022.
  • Zhang et al. denial-of-service or fine-grained control_towards flexible model poisoning attacks on federated learning. arxiv, 2023.
  • Zhang et al. FLTracer_accurate poisoning attack provenance in federated learning. arxiv, 2023.
  • Jin et al. FedPerturb Covert Poisoning Attack on Federated Learning via Partial Perturbation . IEEE ECAL, 2023.
  • Yuan et al. Model_Poisoning_Attack_In_Federated_Learning_Via_Adversarial_Examples. IEEE SCSET, 2023.
  • Wei et al. covert model poisoning against federated learning_algorithm design and optimization. IEEE TDSC, 2023.
  • Li et al. data-agnostic_model poisoning against federated learning_a graph autoencoder approach. IEEE TIFS, 2023.
  • Zhang et al. Denial-of-Service or Fine-Grained Control_towards FLexible model poisoning attacks on federated learning. IJCAI, 2023.
  • Jiang et al. towards efficient and certified recovery from poisoning attacks in federated learning. arxiv, 2024.
  • Aghakhani et al. TROJANPUZZLE Covertly Poisoning Code-Suggestion Models arXiv, 2024.
  • Cong et al. Test-Time Poisoning Attacks Against Test-Time Adaptiation Models arXiv, 2023.
  • Zhang et al. LoRec Large Language Model for Robust Sequential Recommendation against Poisoning Attacks arXiv, 2024.
  • Wu et al. Preference Poisoning Attacks on Reward Model Learning arXiv, 2024.
  • Zou et al. PoisonedRAG Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models arXiv, 2024.
  • Yuan et al. Robust Federated Contrastive Recommende System against Model Poisoning Attack arXiv, 2024.
  • Xie et al. Model Poisoning Attacks to Federated Learning via Multi-Round Consistency arXiv,2024.
  • Zhao et al. Models Are Codes Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs arXiv, 2024.
  • Yan et al. recess-vaccine-for-federated-learning-proactive-defense-against-model-poisoning-attacks NeurIPS, 2023.
  • Li et al. Poison Attack and Poison Detection on Deep Source Code Processing Models TOSEM, 2024.
  • Yang et al. robust-contrastive-language-image-pretraining-against-data-poisoning-and-backdoor-attacks NeurIPS, 2023.

Data Poisoning Defenses

  • Shen et al. AUROR:Defending Against Poisoning Attacks in Collaborative Deep Learning Systems. ACSAC, 2016.
  • Fung et al. Mitigating Sybils in Federated Learning Poisoning. arxiv, 2018.
  • Tolpegin et al. Data Poisoning Attacks Against Federated Learning Systems. ESORICS, 2020.
  • Fung et al. The Limitations of Federated learning. RAID, 2020.
  • Awan et al. CONTRA :defending against Poisoning Attacks in Federated Learning. ESORICS, 2021.
  • Chen et al. De-Pois_An_Attack-Agnostic_Defense_against_Data_Poisoning_Attacks. IEEE TIFS, 2021.
  • Jebreel et al. Defending against the label-flipping attack in federated learning. arxiv, 2022.
  • Gupta et al. Long-ShortHistoryof Gradient is All You Need. ESORICS, 2022.
  • wu et al. Toward_Cleansing_Backdoored_Neural_Networks_in_Federated_Learning. ICDCS, 2022.
  • Nguyen et al. FLAME_Taming backdoors in federated learning. USENIX, 2022.
  • Rezaei et al. Run-off Election_improved Provable Defense against data poisoning attacks. arxiv, 2023.
  • Jiang et al. Data Quality Detection Mechanism Against Label Flipping Attacks in Federated Learning. IEEE TIFS, 2023.
  • Jebreel et al. FL_Defender:Combating targeted attacks in federated learning. KBS, 2023. -Ovi et al. Confident federated learning to tackle label flipped data poisoning attacks. SPIE DCS, 2023.
  • Jebreel et al. LFighter_defending against the label-flipping attack in federated learning. NN, 2024.
  • Li et al. Defend Data Poisoning Attacks on Voice Authentication arXiv, 2023.
  • Zhao et al. Defending Against Weight-Poisoning Backdoor Attacks for Parameter-Efficient Fine-Tuning arXiv, 2024.
  • Hong et al. Diffusion denoising as a certified defense against clean-label poisoning arXiv, 2024.
  • Gaspari et al. Have you poisoned my data defending neural networks against data poisoning arXiv, 2024.
  • Galanis et al. Defending against data poisoning attacks in federated learning via user elimination arXiv, 2024.
  • Sun et al. a gan-based data poisoning attack against federated learning systems and its countermeasure arXiv, 2024.
  • Bhat et al. PUREGEN universal data purification for train-time ppoison defense via generative model dynamics arXiv, 2024.
  • Wang et al. Defending against sophisticated poisoning attacks with rl-based aggregation in fedaerated learning arXiv, 2024.
  • Lai et al. VFedAD a defense method based on the information mechanism behind the vertical federated data poisoning attack CIKM, 2023.
  • Yang et al. Breaking state-od-the-art poisoning defenses to federated learning an optimization-based attack framework CIKM,2024.
  • Li et al. BIC-Based mixture model defense against data poisoning attacks on classifiers a comprehensive study TKDE,2024.
  • Badjie et al. Denoising Autoencoder-Based Defensive Distillation as an Adversarial Robustness Algorithm Against Data Poisoning Attacks sigada,2024.
  • Huang et al. LDPGuard_Defenses_Against_Data_Poisoning_Attacks_to_Local_Differential_Privacy_Protocols TKDE,2024.
  • Yan et al. recess-vaccine-for-federated-learning-proactive-defense-against-model-poisoning-attacks NeurIPS, 2023.
  • Wang et al. temporal-robustness-against-data-poisoning NeurIPS, 2023.
  • Rezaei et al. Run-off election improved provable defense against data poisoning attacks PMLR, 2023.

Model Poisoning Defenses

  • McMahan et al. communication-efficient learning of deep networks from decentralized data. MLR, 2016.
  • Blanchard et al. machine-learning-with-adversaries-byzantine-tolerant-gradient-descent-Paper. NIPS, 2017.
  • Muñoz-González et al. Towards poisoning of deep learning algorithms with back-gradient optimization. arxiv, 2017.
  • Yin et al. Byzantine-Robust Distributed Learning_towards optimal stastistical rates. ICML, 2018.
  • Mhamdi et al. the hidden vulnerability of distributed learning in byzantium. ICML, 2018.
  • Sun et al. can you really backdoor federated learning. arxiv, 2019.
  • Baruch et al. A little Is Enough_circumventing defense for distributed learning. NIPS, 2019.
  • Bhagoji et al. analyzing federated learning through an adversarial lens. ICML, 2019.
  • Li et al. abnormal client behavior detection in federated learning. arxiv, 2019.
  • Cao et al. Distributed_Gradient_Descent_Algorithm_Robust_to_an_Arbitrary_Number_of_Byzantine_Attackers. IEEE TOSP, 2019.
  • Xia et al. FABA_An algorithm for fast aggregation against byzantine attacks in distributed neural networks. IJCAI, 2019.
  • Pillutla et al. Robust Aggregation for Federated Learning. arxiv, 2019.
  • Li et al. RSAByzantine-robust stochastic aggregation methods for distributed learning from heterogeneous datasets. AAAI, 2019.
  • Liu et al. communication-efficient federated learning for anomaly detection in industrial internet of things. IEEE GB, 2020.
  • Sun et al. Data poisoning attacks on federated machine learning. arxiv, 2020.
  • Li et al. learning to detect malicious clients for robust federated learning. arxiv, 2020.
  • Sun et al. fl-wbc-enhancing-robustness-against-model-poisoning-attacks-in-federated-learning-from-a-client-perspective-Paper (1). NeurIPS, 2021.
  • Cao et al. FLTRUST :Byzantine-robust federated learning via trust bootstrapping. NDSS, 2021.
  • Shejwalkar et al. Manipulating the byzantine_optimizing model poisoning attacks and defenses for federated learning. NDSS, 2021.
  • Xu et al. Byzantine-robost Federated learning through Collaborative Malicious Gradient Filtering. ICDCS, 2022.
  • Wang et al. Federated unlearning via class-discriminative pruning. WWW, 2022.
  • Cao et al. FLCert_Provably_Secure_Federated_Learning_Against_Poisoning_Attacks. IEEE TIFS, 2022.
  • Zhang et al. FLDetector_defending federated learning against model poisoning attacks via detecting malicious clients. KDD, 2022.
  • Weng et al. Privacy-Preserving_Federated_Learning_based_on_Differential_Privacy_and_Momentum_Gradient_Descent. IJCNN, 2022.
  • Shejwalkar et al. Back to the Drawing Board: A critical Evaluation of poisoning attacks on production federated learning. IEEE-SP, 2022.
  • Panda et al. SparseFed_mitigating model poisoning attacks in federated learning with sparsification. AISTATS, 2022.
  • Gong et al. agramplifier_defending federated learning agaginst poisoning attacks through local update amplification. IEEE TIFS, 2023.
  • Yin et al. Defending_Against_Data_Poisoning_Attack_in_Federated_Learning_With_Non-IID_Data. IEEE TOCSS, 2023.
  • Aloran et al. Defending_Federated_Learning_Against_Model_Poisoning_Attacks. IEEE BigData, 2023.
  • Yan et al. DeFL_defending against model poisoning attacks in federated learning via critical learning periods awareness. AAAI, 2023.
  • Lu et al. Depriving_the_Survival_Space_of_Adversaries_Against_Poisoned_Gradients_in_Federated_Learning. IEEE TIFS, 2023.
  • Mozaffari et al. every vote count_ranking-based training of federated learning to resist poisoning attacks. usenix, 2023.
  • Guo et al. FAST_Adopting_Federated_Unlearning_to_Eliminating_Malicious_Terminals_at_Server_Side. IEEE TNSE, 2023.
  • Zhao et al. FedCom_Byzantine-Robust_Federated_Learning_Using_Data_Commitment. IEEE ICC, 2023.
  • Chelli et al. FedGuard_Selective_Parameter_Aggregation_for_Poisoning_Attack_Mitigation_in_Federated_Learning. IEEE CLUSTER, 2023.
  • Zhang et al. FedRecovery_Differentially_Private_Machine_Unlearning_for_Federated_Learning_Frameworks. IEEE TIFS, 2023.
  • Cao et al. FedRecover_Recovering_from_Poisoning_Attacks_in_Federated_Learning_using_Historical_Information. IEEE SP, 2023.
  • Ebron Jr. et al. FedTruth_byzantine_robust and backdoor-resilient federated learning framework. arxiv, 2023.
  • Liu et al. FLOW_A_Robust_Federated_Learning_Framework_to_Defend_Against_Model_Poisoning_Attacks_in_IoTs. IEEE IOTJ, 2023.
  • Han et al. kick bad guys out zero-knowledge-proof-based anomaly detection in federated learning. arxiv, 2023.
  • Zhu et al. leadFL_Client self-defense against model poisoning in federated learning. PMLR, 2023.
  • Li et al. loMar_a local defense against poisoning attack on federated learning . IEEE TDSC, 2023.
  • Krauß et al. MESAS_poisoning defense for federated learning resilient against adaptive attacks. CCS, 2023.
  • Yan et al. reces vaccine for federated learning_proactive defense against model poisoning attacks. arxiv, 2023.
  • Yaldiz et al. secure federated learning against modek=l poisonong attacks via client filtering. ICLR, 2023.
  • Zhao et al. Semisupervised_Federated-Learning-Based_Intrusion_Detection_Method_for_Internet_of_Things. IEEE IOTJ, 2023.
  • Shen et al. SPEFL_Efficient_Security_and_Privacy_Enhanced_Federated_Learning_Against_Poisoning_Attacks. IEEE IOTJ, 2023.
  • Ma et al. 面向Non-IID数据的拜占庭鲁棒联邦学习. 通信学报, 2023.
  • Yang et al. A_Robust_and_Efficient_Federated_Learning_Algorithm_Against_Adaptive_Model_Poisoning_Attacks. IEEE ITOJ, 2024.
  • Dong et al. FADngs_Federated_Learning_for_Anomaly_Detection. IEEE TNNLS, 2024.
  • Han et al. kick bad guys out_zero-knowlege-proof-based anomaly detection in federated learning. ICLR, 2024.
  • Yang et al. RoseAgg_Robust_Defense_against_Targeted_Collusion_Attacks_in_Federated_Learning. IEEE TIFS, 2024.
  • Kasyap et al. Sine_Similarity_is_not_enough_for_mitigating_Local_Model_Poisoning_Attacks_in_Federated_Learning. IEEE TDSC, 2024.
  • Huang et al. VPPFL_A verifiable privacy- preserving federated learning scheme against poisoning attacks. CS, 2024.
  • Kabir et al. FLShield a validation based federated learning framework to defend against poisoning attacks arXiv, 2023.
  • Han et al. FedMID a data-free method for using intermediate outputs as a defense mechanism against poisoning attacks in federated learning arXiv, 2024.
  • Zhao et al. Models are codes towards measuring malicious code poisoning attacks on pre-trained model hubs arXiv,2024.
  • Xie et al. FedREDefense defending against model poisoning attacks for federated learning using model update reconstruction error PMLR, 2024.
  • Chen et al. Tutorial toward robust deep learning against poisoning attacks TECS, 2023.
  • Krau et al. MESAS poisoning defense for federated learning resilient against adaptive attackers CCS,2023.
  • Sharma et al. FLAIR defense against model poisoning attack in federated learning , 2023.
  • Zheng et al. detecting poisoning attacks on federated learning using gradient-weighted class activation mapping WWW, 2024.
  • Yang et al. A_Robust_and_Efficient_Federated_Learning_Algorithm_against_Adaptive_Model_Poisoning_Attacks IoT, 2024.
  • Zhou et al. Inversion-Guided_Defense_Detecting_Model_Stealing_Attacks_by_Output_Inverting TIFS, 2024.
  • Wang et al. defending-against-data-free-model-extraction-by-distributionally-robust-defensive-training NeurIPS, 2023.
  • Zhang et al. Poisoning-Free_Defense_Against_Black-Box_Model_Extraction ICASSP, 2024
  • Zhu et al. LeadFL client self-defense against model poisoning in federated learning PMLR, 2024
  • Zhang et al. Poisoning Free Defense Against Black Box Model Extraction ICASSP, 2024.
  • Yan et al. DeFL defending against model poisoning attacks in federated learning via critical learning periods awareness AAAI, 2023.
  • Zhu et al. detection and defense of unlearnable examples AAAI, 2024.

Privacy-preserving Federated Learning

  • Liu et al. 联邦学习中的隐私保护技术. 软件学报, 2021.

Privacy-preserving Federated Recommendation

  • Zhang et al. 基于隐私保护的联邦推荐算法综述_张洪磊. 自动化学报, 2022.
  • Xue et al. Advanced_Privacy-Preserving_Federated_Relationship_Recommendation. IEEE ICAICA, 2023.

Existing Attacks in Federated Recommendation

  • Chen et al. Robust Federated Recommendation System. arxiv, 2020.
  • Huang et al. data poisoning attacks to deep learning based recommender systems. NDSS, 2021.
  • Rong et al. FedRecAttack Model Poisoning Attack to Federated Recommendation. IEEE ICDE, 2022.
  • Zhang et al. PipAttack Poisoning Federated Recommender Systems for. arxiv, 2022.
  • Wu et al. Fedattack_effectivate and covert poisoning attack on federated recommendation via hard sampling. kdd, 2022.
  • Yu et al. Untargeted attack against federated recommendation systems via poisonous item embeddings and the defense. AAAI, 2023.

Existing Defenses in Federated Recommendation

  • Sandeepa et al. Rec-Def_A_Recommendation-Based_Defence_Mechanism_for_Privacy_Preservation_in_Federated_Learning_Systems. IEEE TCE, 2024.

Some Open Source Codes

Date before 2017 2017-2019 2020 2021 2022 2023 2024
PaperN 3 14 10 11 24 60 46
Sum 168

About

A Curated List of Must-read Papers on Federated Learning attack and defense

Topics

survey recommender-system read-papers fl federated-learning privacy-security attack-and-defense federated-recommender-system fl-tutorials

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages