Backdoor Learning Resources

This Github repository summarizes a curated list of Backdoor Learning resources. For more details and the categorization criteria, please refer to our survey.

Attack and Defense Towards Other Paradigms and Tasks

Collaborative Learning

• Secure Partial Aggregation: Making Federated Learning More Robust for Industry 4.0 Applications. [link]

  • Jiqiang Gao, Baolei Zhang, Xiaojie Guo, Thar Baker, Min Li, and Zheli Liu. IEEE Transactions on Industrial Informatics, 2022.

• Backdoor Attacks-resilient Aggregation based on Robust Filtering of Outliers in Federated Learning for Image Classification. [link]

  • Nuria Rodríguez-Barroso, Eugenio Martínez-Cámara, M. Victoria Luzónb, and Francisco Herrera. Knowledge-Based Systems, 2022.

• Privacy-Enhanced Federated Learning against Poisoning Adversaries. [link]

  • Xiaoyuan Liu, Hongwei Li, Guowen Xu, Zongqi Chen, Xiaoming Huang, and Rongxing Lu. IEEE Transactions on Information Forensics and Security, 2021.

• Coordinated Backdoor Attacks against Federated Learning with Model-Dependent Triggers. [link]

  • Xueluan Gong, Yanjiao Chen, Huayang Huang, Yuqing Liao, Shuai Wang, and Qian Wang. IEEE Network, 2022.

• Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications. [link]

  • Boyu Hou, Jiqiang Gao, Xiaojie Guo, Thar Baker, Ying Zhang, Yanlong Wen, and Zheli Liu. IEEE Transactions on Industrial Informatics, 2021.
  • 服务器端：简历攻击样本库；客户端：可以检测并清理

• How to Backdoor Federated Learning. [pdf]

  • Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. AISTATS, 2020 (arXiv, 2018).

• DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. [pdf]

  • Phillip Rieger, Thien Duc Nguyen, Markus Miettinen, and Ahmad-Reza Sadeghi. NDSS, 2022.

• Defending Label Inference and Backdoor Attacks in Vertical Federated Learning. [pdf]

  • Yang Liu, Zhihao Yi, Yan Kang, Yuanqin He, Wenhan Liu, Tianyuan Zou, and Qiang Yang. AAAI, 2022.
  • 垂直联邦学习

• Stability-Based Analysis and Defense against Backdoor Attacks on Edge Computing Services. [link]

  • Yi Zhao, Ke Xu, Haiyang Wang, Bo Li, and Ruoxi Jia. IEEE Network, 2021.
  • 研究dropout参数和后门攻击成功率

• CRFL: Certifiably Robust Federated Learning against Backdoor Attacks. [pdf]

  • Chulin Xie, Minghao Chen, Pin-Yu Chen, and Bo Li. ICML, 2021.

• Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning. [pdf]

  • Syed Zawad, Ahsan Ali, Pin-Yu Chen, Ali Anwar, Yi Zhou, Nathalie Baracaldo, Yuan Tian, and Feng Yan. AAAI, 2021.

• Attack of the Tails: Yes, You Really Can Backdoor Federated Learning. [pdf]

  • Hongyi Wang, Kartik Sreenivasan, Shashank Rajput, Harit Vishwakarma, Saurabh Agarwal, Jy-yong Sohn, Kangwook Lee, and Dimitris Papailiopoulos. NeurIPS, 2020.

• DBA: Distributed Backdoor Attacks against Federated Learning. [pdf]

  • Chulin Xie, Keli Huang, Pinyu Chen, and Bo Li. ICLR, 2020.
  • 分布式后门攻击

• Defending Against Backdoors in Federated Learning with Robust Learning Rate. [pdf]

  • Mustafa Safa Ozdayi, Murat Kantarcioglu, and Yulia R. Gel. AAAI, 2021.
  • 基于调整每个学习参数的学习速率的聚合规则
  • 问题：牺牲了隐私

• PipAttack: Poisoning Federated Recommender Systems for Manipulating Item Promotion. [pdf]

  • Shijie Zhang, Hongzhi Yin, Tong Chen, Zi Huang, Quoc Viet Hung Nguyen, and Lizhen Cui. WSDM, 2021.

• The Limitations of Federated Learning in Sybil Settings. [pdf] [extension] [code]

  • Clement Fung, Chris J.M. Yoon, and Ivan Beschastnikh. RAID, 2020 (arXiv, 2018).

• BEAS: Blockchain Enabled Asynchronous & Secure Federated Machine Learning. [pdf]

  • Arup Mondal, Harpreet Virk, and Debayan Gupta. AAAI Workshop, 2022.

• Backdoor Attacks and Defenses in Feature-partitioned Collaborative Learning. [pdf]

  • Yang Liu, Zhihao Yi, and Tianjian Chen. ICML Workshop, 2020.

• Can You Really Backdoor Federated Learning? [pdf]

  • Ziteng Sun, Peter Kairouz, Ananda Theertha Suresh, and H. Brendan McMahan. NeurIPS Workshop, 2019.

• Client-Wise Targeted Backdoor in Federated Learning. [pdf]

  • Gorka Abad, Servio Paguada, Stjepan Picek, Víctor Julio Ramírez-Durán, and Aitor Urbieta. arXiv, 2022.

• Backdoor Defense in Federated Learning Using Differential Testing and Outlier Detection. [pdf]

  • Yein Kim, Huili Chen, and Farinaz Koushanfar. arXiv, 2022.

• ARIBA: Towards Accurate and Robust Identification of Backdoor Attacks in Federated Learning. [pdf]

  • Yuxi Mi, Jihong Guan, and Shuigeng Zhou. arXiv, 2022.

• More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks. [pdf]

  • Jing Xu, Rui Wang, Kaitai Liang, and Stjepan Picek. arXiv, 2022.

• Low-Loss Subspace Compression for Clean Gains against Multi-Agent Backdoor Attacks. [pdf]

  • Siddhartha Datta and Nigel Shadbolt. arXiv, 2022.

• Backdoors Stuck at The Frontdoor: Multi-Agent Backdoor Attacks That Backfire. [pdf]

  • Siddhartha Datta and Nigel Shadbolt. arXiv, 2022.

• Federated Unlearning with Knowledge Distillation. [pdf]

  • Chen Wu, Sencun Zhu, and Prasenjit Mitra. arXiv, 2022.

• Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning. [pdf]

  • Phung Lai, NhatHai Phan, Abdallah Khreishah, Issa Khalil, and Xintao Wu. arXiv, 2022.

• Backdoor Attacks on Federated Learning with Lottery Ticket Hypothesis. [pdf]

  • Zihang Zou, Boqing Gong, and Liqiang Wang. arXiv, 2021.

• On Provable Backdoor Defense in Collaborative Learning. [pdf]

  • Ximing Qiao, Yuhua Bai, Siping Hu, Ang Li, Yiran Chen, and Hai Li. arXiv, 2021.

• SparseFed: Mitigating Model Poisoning Attacks in Federated Learning with Sparsification. [pdf]

  • Ashwinee Panda, Saeed Mahloujifar, Arjun N. Bhagoji, Supriyo Chakraborty, and Prateek Mittal. arXiv, 2021.

• Robust Federated Learning with Attack-Adaptive Aggregation. [pdf] [code]

  • Ching Pui Wan, and Qifeng Chen. arXiv, 2021.

• Meta Federated Learning. [pdf]

  • Omid Aramoon, Pin-Yu Chen, Gang Qu, and Yuan Tian. arXiv, 2021.

• FLGUARD: Secure and Private Federated Learning. [pdf]

  • Thien Duc Nguyen, Phillip Rieger, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Ahmad-Reza Sadeghi, Thomas Schneider, and Shaza Zeitouni. arXiv, 2021.

• Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy. [pdf]

  • Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro. arXiv, 2020.

• Backdoor Attacks on Federated Meta-Learning. [pdf]

  • Chien-Lun Chen, Leana Golubchik, and Marco Paolieri. arXiv, 2020.

• Dynamic backdoor attacks against federated learning. [pdf]

  • Anbu Huang. arXiv, 2020.

• Federated Learning in Adversarial Settings. [pdf]

  • Raouf Kerkouche, Gergely Ács, and Claude Castelluccia. arXiv, 2020.

• BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture. [pdf]

  • Harsh Bimal Desai, Mustafa Safa Ozdayi, and Murat Kantarcioglu. arXiv, 2020.

• Mitigating Backdoor Attacks in Federated Learning. [pdf]

  • Chen Wu, Xian Yang, Sencun Zhu, and Prasenjit Mitra. arXiv, 2020.

• BaFFLe: Backdoor detection via Feedback-based Federated Learning. [pdf]

  • ebastien Andreina, Giorgia Azzurra Marson, Helen Möllering, and Ghassan Karame. arXiv, 2020.

• Learning to Detect Malicious Clients for Robust Federated Learning. [pdf]

  • Suyi Li, Yong Cheng, Wei Wang, Yang Liu, and Tianjian Chen. arXiv, 2020.

• Attack-Resistant Federated Learning with Residual-based Reweighting. [pdf] [code]

  • Shuhao Fu, Chulin Xie, Bo Li, and Qifeng Chen. arXiv, 2019.