pith. sign in

arxiv: 2507.16134 · v2 · submitted 2025-07-22 · 💻 cs.CR · cs.DC

DP2Guard: A Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT

Baofu Han , Bing Li , Yining Qi , Zhiquan Liu , Raja Jurdak , Kaibin Huang , Chau Yuen This is my paper

Pith reviewed 2026-05-19 03:56 UTC · model grok-4.3

classification 💻 cs.CR cs.DC
keywords federated learningprivacy-preservingByzantine robustIndustrial IoTpoisoning attacksgradient maskinganomaly detectionblockchain
0
0 comments X

The pith

DP2Guard replaces heavy encryption in privacy-preserving federated learning with lightweight gradient masking and a hybrid defense to block poisoning attacks in Industrial IoT.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes DP2Guard as a framework for privacy-preserving federated learning in Industrial IoT settings. It tackles high overhead from encryption and weak robustness against adaptive adversaries by substituting cryptographic operations with a gradient masking mechanism that hides local updates. A hybrid defense extracts features from gradients through singular value decomposition and cosine similarity, then uses clustering to flag malicious updates. Trust scores derived from historical behavior adjust client weights during aggregation, while blockchain maintains tamper-proof records of results and scores. Experiments on two public datasets confirm defense against four advanced poisoning attacks alongside lower communication and computation costs.

Core claim

DP2Guard is a lightweight PPFL framework that enhances both privacy and robustness for Industrial IoT by leveraging a lightweight gradient masking mechanism to replace costly cryptographic operations while ensuring the privacy of local gradients, a hybrid defense strategy that extracts gradient features using singular value decomposition and cosine similarity and applies a clustering algorithm to identify malicious gradients, a trust score-based adaptive aggregation scheme that adjusts client weights according to historical behavior, and blockchain records of aggregated results and trust scores to ensure tamper-proof and auditable training.

What carries the argument

The hybrid defense strategy, which extracts gradient features via singular value decomposition and cosine similarity then applies clustering to identify malicious gradients.

If this is right

  • Defends effectively against four advanced poisoning attacks while maintaining model utility.
  • Ensures privacy of local gradients without the overhead of heavyweight encryption.
  • Reduces communication and computation costs relative to prior encryption-heavy PPFL schemes.
  • Delivers tamper-proof and auditable training through blockchain integration of aggregated results and trust scores.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The masking-plus-clustering pattern may extend to resource-constrained edge learning scenarios outside Industrial IoT where encryption budgets are tight.
  • Trust scores accumulated over rounds could support client selection policies that further improve long-term robustness in dynamic device networks.
  • Recording trust scores on blockchain opens a path to cross-organizational auditability in collaborative IoT analytics without revealing raw gradients.

Load-bearing premise

The hybrid defense strategy that extracts gradient features via singular value decomposition and cosine similarity and then applies clustering can reliably separate malicious gradients from benign ones even under adaptive adversaries.

What would settle it

An experiment in which an adaptive adversary crafts gradients that pass the SVD-cosine similarity feature extraction and clustering step yet still degrade the aggregated model accuracy.

Figures

Figures reproduced from arXiv: 2507.16134 by Baofu Han, Bing Li, Chau Yuen, Kaibin Huang, Raja Jurdak, Yining Qi, Zhiquan Liu.

Figure 1
Figure 1. Figure 1: The example of model poisoning attacks in PPFL. [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: System architecture of the DP2Guard. As illustrated in [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: A workflow of the DP2Guard. gˆ (2) i = g˜ (2) i − g˜ (2) , where g˜ (2) = 1 N X N j=1 g˜ (2) j (11) Server S1 then forwards the centered results gˆ (1) i to S2, which conducts hybrid detection without gaining access to any individual client’s raw updates. 2) Gradient Reconstruction: Upon receiving gˆ (1) i from S1, server S2 reconstructs the centered gradients as follows: gˆi = gˆ (1) i + gˆ (2) i (12) whe… view at source ↗
Figure 4
Figure 4. Figure 4: Impact of training iterations on the effectiveness of defense strategies on MNIST and Fashion-MNIST datasets under [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Class-wise sample distribution heatmap for 10 ran [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: impact of defense strategies against four types poisoning attacks on MNIST(a-d) and Fashion-MNIST(e-f) datasets [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Impact of training iterations on the effectiveness of defense strategies against four poisoning attacks on MNIST(a-d) [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Impact of varying malicious clients ratios (0%–40%) on the performance of different defense strategies against four [PITH_FULL_IMAGE:figures/full_fig_p011_8.png] view at source ↗
read the original abstract

Privacy-Preserving Federated Learning (PPFL) has emerged as a secure distributed Machine Learning (ML) paradigm that aggregates locally trained gradients without exposing raw data. To defend against model poisoning threats, several robustness-enhanced PPFL schemes have been proposed by integrating anomaly detection. Nevertheless, they still face two major challenges: (1) the reliance on heavyweight encryption techniques results in substantial communication and computation overhead; and (2) single-strategy defense mechanisms often fail to provide sufficient robustness against adaptive adversaries. To overcome these challenges, we propose DP2Guard, a lightweight PPFL framework that enhances both privacy and robustness. DP2Guard leverages a lightweight gradient masking mechanism to replace costly cryptographic operations while ensuring the privacy of local gradients. A hybrid defense strategy is proposed, which extracts gradient features using singular value decomposition and cosine similarity, and applies a clustering algorithm to effectively identify malicious gradients. Additionally, DP2Guard adopts a trust score-based adaptive aggregation scheme that adjusts client weights according to historical behavior, while blockchain records aggregated results and trust scores to ensure tamper-proof and auditable training. Extensive experiments conducted on two public datasets demonstrate that DP2Guard effectively defends against four advanced poisoning attacks while ensuring privacy with reduced communication and computation costs.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 3 minor

Summary. The manuscript proposes DP2Guard, a lightweight privacy-preserving federated learning scheme for Industrial IoT. It replaces heavyweight encryption with a gradient masking mechanism for privacy protection, introduces a hybrid defense that extracts features via singular value decomposition and cosine similarity before applying clustering to isolate malicious gradients, uses a trust-score-based adaptive aggregation rule, and logs results on blockchain for auditability. The central claim is that this combination defends effectively against four advanced poisoning attacks while reducing communication and computation costs, as demonstrated in experiments on two public datasets.

Significance. If the experimental validation holds under scrutiny, the work could contribute a practical efficiency-robustness tradeoff for PPFL in resource-limited IoT environments, addressing the overhead of cryptographic approaches and the fragility of single-strategy anomaly detection. The explicit use of blockchain for tamper-proof logging and historical trust scoring adds an auditable dimension that is not always present in prior Byzantine-robust FL schemes.

major comments (2)
  1. [Abstract] Abstract: the claim that DP2Guard 'effectively defends against four advanced poisoning attacks' is presented without any quantitative metrics, attack parameters (e.g., fraction of malicious clients, poisoning magnitude), baseline comparisons, or error bars. This absence makes the central robustness claim unverifiable from the provided information and constitutes a load-bearing gap for the paper's main contribution.
  2. [Hybrid defense description (likely §3)] Hybrid defense description (likely §3): the strategy projects gradients via SVD, computes cosine similarity as a feature, and applies clustering to separate malicious from benign updates. No experiment is described in which the four attacks are made adaptive to the defense (i.e., the adversary knows the SVD basis, similarity metric, and cluster count and crafts updates to remain inside the benign cluster). Without such a test, the assertion that the hybrid approach succeeds where single-strategy defenses fail against adaptive adversaries cannot be substantiated.
minor comments (3)
  1. Clarify the precise mathematical form of the lightweight gradient masking mechanism, including any parameters that control the privacy-utility tradeoff.
  2. Specify the clustering algorithm (e.g., k-means, DBSCAN), how the number of clusters is chosen, and any preprocessing steps applied to the SVD-derived features.
  3. Add a table or figure summarizing communication and computation costs with concrete numbers (bytes per round, FLOPs) against at least one cryptographic baseline.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed feedback on our manuscript. We address each major comment below, indicating the revisions we plan to incorporate to strengthen the presentation of our results and claims.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the claim that DP2Guard 'effectively defends against four advanced poisoning attacks' is presented without any quantitative metrics, attack parameters (e.g., fraction of malicious clients, poisoning magnitude), baseline comparisons, or error bars. This absence makes the central robustness claim unverifiable from the provided information and constitutes a load-bearing gap for the paper's main contribution.

    Authors: We agree that the abstract would be strengthened by including summary quantitative details. In the revised version, we will update the abstract to concisely report key experimental outcomes, including model accuracy or F1 scores under each attack at specified malicious client fractions (e.g., 10-30%), poisoning magnitudes, comparisons to baselines such as FedAvg and other robust aggregation methods, and reference to variability across repeated runs. These additions will be drawn directly from the detailed results already present in the experimental section, making the robustness claim more verifiable while preserving abstract length. revision: yes

  2. Referee: [Hybrid defense description (likely §3)] Hybrid defense description (likely §3): the strategy projects gradients via SVD, computes cosine similarity as a feature, and applies clustering to separate malicious from benign updates. No experiment is described in which the four attacks are made adaptive to the defense (i.e., the adversary knows the SVD basis, similarity metric, and cluster count and crafts updates to remain inside the benign cluster). Without such a test, the assertion that the hybrid approach succeeds where single-strategy defenses fail against adaptive adversaries cannot be substantiated.

    Authors: We thank the referee for highlighting this important aspect of the threat model. Our experiments evaluate the hybrid defense against the standard, non-adaptive implementations of the four poisoning attacks as described in prior literature. To address the concern, we will revise Section 3 to explicitly state the assumed threat model and add a new paragraph in the experimental analysis discussing adaptive adversaries. This will include reasoning on why the multi-feature hybrid (SVD projection combined with cosine similarity and clustering) raises the bar for evasion compared to single-strategy methods, along with any feasible preliminary simulations of adaptive variants. We will also note full adaptive evaluation as an avenue for future work if space constraints limit new experiments. revision: partial

Circularity Check

0 steps flagged

No circularity: DP2Guard is a new construction whose robustness claims rest on external experiments rather than self-referential definitions or fits.

full rationale

The paper presents DP2Guard as an original lightweight PPFL framework that replaces cryptographic operations with gradient masking, introduces a hybrid defense using SVD for feature extraction plus cosine similarity and clustering to identify malicious gradients, employs trust-score adaptive aggregation, and uses blockchain for auditability. These elements are explicitly positioned as design responses to challenges in prior work. The claims of defending against four poisoning attacks and achieving lower overhead are tied to experimental results on public datasets, not to any derivation that reduces by construction to the scheme's own inputs or to self-citations that bear the load of uniqueness or ansatz justification. No equations or steps in the provided description exhibit self-definitional loops, fitted parameters renamed as predictions, or imported uniqueness theorems from the same authors. The derivation chain is therefore self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The scheme rests on standard domain assumptions about gradient distributions and attack models that are not independently verified in the abstract.

axioms (1)
  • domain assumption Benign and malicious gradients form separable clusters in the feature space defined by SVD and cosine similarity.
    This premise is required for the hybrid defense to identify malicious updates.

pith-pipeline@v0.9.0 · 5772 in / 1282 out tokens · 44296 ms · 2026-05-19T03:56:04.943147+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

49 extracted references · 49 canonical work pages · 1 internal anchor

  1. [1]

    A joint energy and latency framework for transfer learning over 5g industrial edge networks,

    B. Yang, O. Fagbohungbe, X. Cao, C. Yuen, L. Qian, D. Niyato, and Y . Zhang, “A joint energy and latency framework for transfer learning over 5g industrial edge networks,” IEEE Transactions on Industrial Informatics, vol. 18, no. 1, pp. 531–541, 2021

    work page 2021

  2. [2]

    Reconfigurable intelligent surface assisted mobile edge computing with heterogeneous learning tasks,

    S. Huang, S. Wang, R. Wang, M. Wen, and K. Huang, “Reconfigurable intelligent surface assisted mobile edge computing with heterogeneous learning tasks,” IEEE Transactions on Cognitive Communications and Networking, vol. 7, no. 2, pp. 369–382, 2021

    work page 2021

  3. [3]

    A federated learning-based industrial health prognostics for heterogeneous edge devices using matched feature extraction,

    A. Arunan, Y . Qin, X. Li, and C. Yuen, “A federated learning-based industrial health prognostics for heterogeneous edge devices using matched feature extraction,” IEEE Transactions on Automation Science and Engineering, vol. 21, no. 3, pp. 3065–3079, 2024

    work page 2024

  4. [4]

    Device-edge cooperative fine-tuning of foundation models as a 6g service,

    H. Wu, X. Chen, and K. Huang, “Device-edge cooperative fine-tuning of foundation models as a 6g service,” IEEE Wireless Communications, vol. 31, no. 3, pp. 60–67, 2024

    work page 2024

  5. [5]

    Digital twin-driven madrl approaches for communication-computing- control co-optimization,

    X. Yuan, H. Tian, X. Zhang, H. Du, N. Zhang, K. Huang, and L. Cai, “Digital twin-driven madrl approaches for communication-computing- control co-optimization,” IEEE Journal on Selected Areas in Communi- cations, pp. 1–1, 2025

    work page 2025

  6. [6]

    Security and privacy for reconfigurable intelligent surface in 6g: A review of prospective applications and challenges,

    F. Naeem, M. Ali, G. Kaddoum, C. Huang, and C. Yuen, “Security and privacy for reconfigurable intelligent surface in 6g: A review of prospective applications and challenges,” IEEE Open Journal of the Communications Society, vol. 4, pp. 1196–1217, 2023

    work page 2023

  7. [7]

    Decentralized federated learning with asynchronous parameter sharing for large-scale iot networks,

    H. Xie, M. Xia, P. Wu, S. Wang, and K. Huang, “Decentralized federated learning with asynchronous parameter sharing for large-scale iot networks,” IEEE Internet of Things Journal , vol. 11, no. 21, pp. 34 123–34 139, 2024

    work page 2024

  8. [8]

    Deploying federated learning in large-scale cellular networks: Spatial convergence analysis,

    Z. Lin, X. Li, V . K. N. Lau, Y . Gong, and K. Huang, “Deploying federated learning in large-scale cellular networks: Spatial convergence analysis,” IEEE Transactions on Wireless Communications , vol. 21, no. 3, pp. 1542–1556, 2022

    work page 2022

  9. [9]

    Slmfed: A stage- based and layerwise mechanism for incremental federated learning to assist dynamic and ubiquitous iot,

    L. You, Z. Guo, B. Zuo, Y . Chang, and C. Yuen, “Slmfed: A stage- based and layerwise mechanism for incremental federated learning to assist dynamic and ubiquitous iot,” IEEE Internet of Things Journal , vol. 11, no. 9, pp. 16 364–16 381, 2024

    work page 2024

  10. [10]

    Efficient parallel split learning over resource-constrained wireless edge networks,

    Z. Lin, G. Zhu, Y . Deng, X. Chen, Y . Gao, K. Huang, and Y . Fang, “Efficient parallel split learning over resource-constrained wireless edge networks,” IEEE Transactions on Mobile Computing , vol. 23, no. 10, pp. 9224–9239, 2024

    work page 2024

  11. [11]

    User- level privacy-preserving federated learning: Analysis and performance optimization,

    K. Wei, J. Li, M. Ding, C. Ma, H. Su, B. Zhang, and H. V . Poor, “User- level privacy-preserving federated learning: Analysis and performance optimization,” IEEE Transactions on Mobile Computing , vol. 21, no. 9, pp. 3388–3401, 2022

    work page 2022

  12. [12]

    Differentially private asynchronous federated learning for mobile edge computing in urban informatics,

    Y . Lu, X. Huang, Y . Dai, S. Maharjan, and Y . Zhang, “Differentially private asynchronous federated learning for mobile edge computing in urban informatics,”IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 2134–2143, 2020

    work page 2020

  13. [13]

    Pbfl: A privacy-preserving blockchain-based federated learning frame- work with homomorphic encryption and single masking,

    B. Han, B. Li, R. Jurdak, P. Zhang, H. Zhang, P. Feng, and C. Yuen, “Pbfl: A privacy-preserving blockchain-based federated learning frame- work with homomorphic encryption and single masking,” IEEE Internet of Things Journal , pp. 1–1, 2024. JOURNAL OF LATEX CLASS FILES, VOL. 18, NO. 9, SEPTEMBER 2020 13

    work page 2024

  14. [14]

    Securesl: A privacy-preserving vertical cooperative learning scheme for web 3.0,

    W. Yang, X. Wang, Z. Guan, L. Wu, X. Du, and M. Guizani, “Securesl: A privacy-preserving vertical cooperative learning scheme for web 3.0,” IEEE Transactions on Network Science and Engineering , vol. 11, no. 5, pp. 3983–3994, 2024

    work page 2024

  15. [15]

    Communication-efficient privacy-preserving neural network inference via arithmetic secret sharing,

    R. Bi, J. Xiong, C. Luo, J. Ning, X. Liu, Y . Tian, and Y . Zhang, “Communication-efficient privacy-preserving neural network inference via arithmetic secret sharing,” IEEE Transactions on Information Foren- sics and Security , vol. 19, pp. 6722–6737, 2024

    work page 2024

  16. [16]

    Nspfl: A novel secure and privacy-preserving federated learning with data integrity auditing,

    Z. Zhang and Y . Li, “Nspfl: A novel secure and privacy-preserving federated learning with data integrity auditing,” IEEE Transactions on Information Forensics and Security , vol. 19, pp. 4494–4506, 2024

    work page 2024

  17. [17]

    Distributed learning in wireless networks: Recent progress and future challenges,

    M. Chen, D. G ¨und¨uz, K. Huang, W. Saad, M. Bennis, A. V . Feljan, and H. V . Poor, “Distributed learning in wireless networks: Recent progress and future challenges,” IEEE Journal on Selected Areas in Communications, vol. 39, no. 12, pp. 3579–3605, 2021

    work page 2021

  18. [18]

    Distributed and secure federated learning for wireless computing power networks,

    P. Wang, W. Sun, H. Zhang, W. Ma, and Y . Zhang, “Distributed and secure federated learning for wireless computing power networks,”IEEE Transactions on Vehicular Technology , vol. 72, no. 7, pp. 9381–9393, 2023

    work page 2023

  19. [19]

    Trustworthy federated learning against malicious attacks in web 3.0,

    Z. Yuan, Y . Tian, Z. Zhou, T. Li, S. Wang, and J. Xiong, “Trustworthy federated learning against malicious attacks in web 3.0,” IEEE Trans- actions on Network Science and Engineering , vol. 11, no. 5, pp. 3969– 3982, 2024

    work page 2024

  20. [20]

    Ma- chine learning with adversaries: Byzantine tolerant gradient descent,

    P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Ma- chine learning with adversaries: Byzantine tolerant gradient descent,” Advances in neural information processing systems , vol. 30, 2017

    work page 2017

  21. [21]

    arXiv preprint arXiv:2012.13995 , year=

    X. Cao, M. Fang, J. Liu, and N. Z. Gong, “Fltrust: Byzantine- robust federated learning via trust bootstrapping,” arXiv preprint arXiv:2012.13995, 2020

    work page arXiv 2012

  22. [22]

    Manipulating the byzantine: Opti- mizing model poisoning attacks and defenses for federated learning,

    V . Shejwalkar and A. Houmansadr, “Manipulating the byzantine: Opti- mizing model poisoning attacks and defenses for federated learning,” in NDSS, 2021

    work page 2021

  23. [23]

    A scheme for robust federated learning with privacy-preserving based on krum agr,

    X. Li, M. Wen, S. He, R. Lu, and L. Wang, “A scheme for robust federated learning with privacy-preserving based on krum agr,” in 2023 IEEE/CIC International Conference on Communications in China (ICCC), 2023, pp. 1–6

    work page 2023

  24. [24]

    Biscotti: A blockchain system for private and secure federated learning,

    M. Shayan, C. Fung, C. J. M. Yoon, and I. Beschastnikh, “Biscotti: A blockchain system for private and secure federated learning,” IEEE Transactions on Parallel and Distributed Systems , vol. 32, no. 7, pp. 1513–1525, 2021

    work page 2021

  25. [25]

    Rflpa: A robust federated learning framework against poisoning attacks with secure aggregation,

    P. Mai, R. Yan, and Y . Pang, “Rflpa: A robust federated learning framework against poisoning attacks with secure aggregation,” Advances in Neural Information Processing Systems, vol. 37, pp. 104 329–104 356, 2024

    work page 2024

  26. [26]

    Shieldfl: Mitigating model poisoning attacks in privacy-preserving federated learning,

    Z. Ma, J. Ma, Y . Miao, Y . Li, and R. H. Deng, “Shieldfl: Mitigating model poisoning attacks in privacy-preserving federated learning,” IEEE Transactions on Information Forensics and Security , vol. 17, pp. 1639– 1654, 2022

    work page 2022

  27. [27]

    Flod: Oblivious defender for private byzantine-robust federated learning with dishonest- majority,

    Y . Dong, X. Chen, K. Li, D. Wang, and S. Zeng, “Flod: Oblivious defender for private byzantine-robust federated learning with dishonest- majority,” in European Symposium on Research in Computer Security . Springer, 2021, pp. 497–518

    work page 2021

  28. [28]

    Dpfla: defending private federated learning against poisoning attacks,

    X. Feng, W. Cheng, C. Cao, L. Wang, and V . S. Sheng, “Dpfla: defending private federated learning against poisoning attacks,” IEEE Transactions on Services Computing , 2024

    work page 2024

  29. [29]

    Privacy-preserving federated learning for industrial edge computing via hybrid differential privacy and adaptive compression,

    B. Jiang, J. Li, H. Wang, and H. Song, “Privacy-preserving federated learning for industrial edge computing via hybrid differential privacy and adaptive compression,”IEEE Transactions on Industrial Informatics, vol. 19, no. 2, pp. 1136–1144, 2023

    work page 2023

  30. [30]

    Fl2dp: Privacy-preserving federated learning via differential privacy for artificial iot,

    C. Gu, X. Cui, X. Zhu, and D. Hu, “Fl2dp: Privacy-preserving federated learning via differential privacy for artificial iot,” IEEE Transactions on Industrial Informatics, vol. 20, no. 4, pp. 5100–5111, 2024

    work page 2024

  31. [31]

    Towards adaptive privacy protection for interpretable federated learning,

    Z. Li, H. Chen, Z. Ni, Y . Gao, and W. Lou, “Towards adaptive privacy protection for interpretable federated learning,” IEEE Transactions on Mobile Computing, vol. 23, no. 12, pp. 14 471–14 483, 2024

    work page 2024

  32. [32]

    Practical secure aggregation for privacy-preserving machine learning,

    K. Bonawitz, V . Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth, “Practical secure aggregation for privacy-preserving machine learning,” in proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security , 2017, pp. 1175–1191

    work page 2017

  33. [33]

    Blockchain-based efficiently privacy-preserving federated learning framework using shamir secret sharing,

    X. Fu, L. Xiong, F. Li, X. Yang, and N. Xiong, “Blockchain-based efficiently privacy-preserving federated learning framework using shamir secret sharing,” IEEE Transactions on Consumer Electronics , pp. 1–1, 2024

    work page 2024

  34. [34]

    Ho- momorphic encryption-enabled federated learning for privacy-preserving intrusion detection in resource-constrained iov networks,

    B. D. Manh, C.-H. Nguyen, D. T. Hoang, and D. N. Nguyen, “Ho- momorphic encryption-enabled federated learning for privacy-preserving intrusion detection in resource-constrained iov networks,” in 2024 IEEE 100th Vehicular Technology Conference (VTC2024-Fall), 2024, pp. 1–6

    work page 2024

  35. [35]

    P 3: Privacy-preserving prediction of real-time energy demands in ev charging networks,

    B. Li, Y . Guo, Q. Du, Z. Zhu, X. Li, and R. Lu, “P 3: Privacy-preserving prediction of real-time energy demands in ev charging networks,” IEEE Transactions on Industrial Informatics , vol. 19, no. 3, pp. 3029–3038, 2023

    work page 2023

  36. [36]

    Privacy- preserving byzantine-robust federated learning via blockchain systems,

    Y . Miao, Z. Liu, H. Li, K.-K. R. Choo, and R. H. Deng, “Privacy- preserving byzantine-robust federated learning via blockchain systems,” IEEE Transactions on Information Forensics and Security , vol. 17, pp. 2848–2861, 2022

    work page 2022

  37. [37]

    Communication-efficient learning of deep networks from decentralized data,

    B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” in Artificial intelligence and statistics . PMLR, 2017, pp. 1273– 1282

    work page 2017

  38. [38]

    The limitations of federated learning in sybil settings,

    C. Fung, C. J. Yoon, and I. Beschastnikh, “The limitations of federated learning in sybil settings,” in 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020) , 2020, pp. 301–316

    work page 2020

  39. [39]

    Local model poisoning attacks to {Byzantine-Robust} federated learning,

    M. Fang, X. Cao, J. Jia, and N. Gong, “Local model poisoning attacks to {Byzantine-Robust} federated learning,” in 29th USENIX security symposium (USENIX Security 20) , 2020, pp. 1605–1622

    work page 2020

  40. [40]

    Securing smart grids through an incentive mechanism for blockchain-based data sharing,

    D. Reijsbergen, A. Maw, T. T. A. Dinh, W.-T. Li, and C. Yuen, “Securing smart grids through an incentive mechanism for blockchain-based data sharing,” in Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy , 2022, pp. 191–202

    work page 2022

  41. [41]

    Blockchain for the internet of vehicles towards intelligent transportation systems: A survey,

    M. B. Mollah, J. Zhao, D. Niyato, Y . L. Guan, C. Yuen, S. Sun, K.-Y . Lam, and L. H. Koh, “Blockchain for the internet of vehicles towards intelligent transportation systems: A survey,” IEEE Internet of Things Journal, vol. 8, no. 6, pp. 4157–4185, 2020

    work page 2020

  42. [42]

    Svd approach to data unfolding,

    A. Hoecker and V . Kartvelishvili, “Svd approach to data unfolding,” Nuclear Instruments and Methods in Physics Research Section A: Accelerators, Spectrometers, Detectors and Associated Equipment , vol. 372, no. 3, pp. 469–481, 1996

    work page 1996

  43. [43]

    K-means based constellation optimization for index modulated reconfigurable intelligent surfaces,

    H. Liu, J. An, W. Xu, X. Jia, L. Gan, and C. Yuen, “K-means based constellation optimization for index modulated reconfigurable intelligent surfaces,” IEEE Communications Letters, vol. 27, no. 8, pp. 2152–2156, 2023

    work page 2023

  44. [44]

    Multi-attribute auction-based resource allocation for twins migration in vehicular metaverses: A gpt-based drl approach,

    Y . Tong, J. Chen, M. Xu, J. Kang, Z. Xiong, D. Niyato, C. Yuen, and Z. Han, “Multi-attribute auction-based resource allocation for twins migration in vehicular metaverses: A gpt-based drl approach,” IEEE Transactions on Cognitive Communications and Networking , 2024

    work page 2024

  45. [45]

    How to simulate it–a tutorial on the simulation proof technique,

    Y . Lindell, “How to simulate it–a tutorial on the simulation proof technique,” Tutorials on the Foundations of Cryptography: Dedicated to Oded Goldreich , pp. 277–346, 2017

    work page 2017

  46. [46]

    Gradient-based learning applied to document recognition,

    Y . LeCun, L. Bottou, Y . Bengio, and P. Haffner, “Gradient-based learning applied to document recognition,” Proceedings of the IEEE , vol. 86, no. 11, pp. 2278–2324, 2002

    work page 2002

  47. [47]

    A data poisoning resistible and privacy protection federated-learning mechanism for ubiquitous iot,

    G. Chen, X. Li, L. You, A. M. Abdelmoniem, Y . Zhang, and C. Yuen, “A data poisoning resistible and privacy protection federated-learning mechanism for ubiquitous iot,” IEEE Internet of Things Journal, vol. 12, no. 8, pp. 10 736–10 750, 2025

    work page 2025

  48. [48]

    How to backdoor federated learning,

    E. Bagdasaryan, A. Veit, Y . Hua, D. Estrin, and V . Shmatikov, “How to backdoor federated learning,” in International conference on artificial intelligence and statistics . PMLR, 2020, pp. 2938–2948

    work page 2020

  49. [49]

    Poisoning Attacks against Support Vector Machines

    B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines,” arXiv preprint arXiv:1206.6389 , 2012. Baofu Han received the M.S. degree from the School of Information Science and Engineering, Shenyang University of Technology, Shenyang, China, in 2021. He is currently pursuing the Ph.D. degree with the School of Cyber Science a...

    work page internal anchor Pith review Pith/arXiv arXiv 2012