4270                                                       软件学报  2025  年第  36  卷第  9  期


                     and Incentive. Cham: Springer, 2020. 189–204. [doi: 10.1007/978-3-030-63076-8_14]
                 [42]   Lecun Y, Bottou L, Bengio Y, Haffner P. Gradient-based learning applied to document recognition. Proc. of the IEEE, 1998, 86(11):
                     2278–2324. [doi: 10.1109/5.726791]
                 [43]   Krizhevsky A. Learning multiple layers of features from tiny images [MS. Thesis]. Toronto: University of Toronto, 2009.
                 [44]   Xiao H, Rasul K, Vollgraf R. Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms. arXiv:1708.07747,
                     2017.
                 [45]   Yang JC, Shi R, Wei DL, Liu ZQ, Zhao L, Ke BL, Pfister H, Ni BB. MedMNIST v2—A large-scale lightweight benchmark for 2D and
                     3D biomedical image classification. Scientific Data, 2023, 10(1): 41. [doi: 10.1038/s41597-022-01721-8]
                 [46]   Wortsman M, Ramanujan V, Liu R, Kembhavi A, Rastegari M, Yosinski J, Farhadi A. Supermasks in superposition. arXiv:2006.14769,
                     2020.
                 [47]   Minka TP. Estimating a Dirichlet distribution. 2000. https://tminka.github.io/papers/dirichlet/minka-dirichlet.pdf
                 [48]   Blanchard P, El Mhamdi EM, Guerraoui R, Stainer J. Machine learning with adversaries: Byzantine tolerant gradient descent. In: Proc. of
                     the 31st Int’l Conf. on Neural Information Processing Systems. Long Beach: Curran Associates Inc., 2017. 118–128.
                 [49]   Yin D, Chen YD, Ramchandran K, Bartlett P. Byzantine-robust distributed learning: Towards optimal statistical rates. In: Proc. of the
                     35th Int’l Conf. on Machine Learning. Stockholm: PMLR, 2018. 5650–5659.
                 [50]   Fang  MH,  Cao  XY,  Jia  JY,  Gong  NZ.  Local  model  poisoning  attacks  to  Byzantine-robust  federated  learning.  In:  Proc.  of  the  29th
                     USENIX Conf. on Security Symp. USENIX Association, 2020. 1623–1640.
                 [51]   Shen SQ, Tople S, Saxena P. Auror: Defending against poisoning attacks in collaborative deep learning systems. In: Proc. of the 32nd
                     Annual Conf. on Computer Security Applications. Los Angeles: ACM, 2016. 508–519. [doi: 10.1145/2991079.2991125]
                 [52]   Awan S, Luo B, Li FJ. CONTRA: Defending against poisoning attacks in federated learning. In: Proc. of the 26th European Symp. on
                     Research in Computer Security. Darmstadt: Springer, 2021. 455–475. [doi: 10.1007/978-3-030-88418-5_22]

                 附中文参考文献:
                 [1]   佟兴, 张召, 金澈清, 周傲英. 面向端边云协同架构的区块链技术综述. 计算机学报, 2021, 44(12): 2345–2366. [doi: 10.11897/
                    SP.J.1016.2021.02345]
                 [5]   李欣姣, 吴国伟, 姚琳, 张伟哲, 张宾. 机器学习安全攻击与防御机制研究进展和未来挑战. 软件学报, 2021, 32(2): 406–423. http://
                    www.jos.org.cn/1000-9825/6147.htm [doi: 10.13328/j.cnki.jos.006147]


                             赵亚茹(1996－), 女, 博士生, 主要研究领域为联                 曹益皓(1997－), 男, 博士生, 主要研究领域为可
                            邦学习, 信息安全, 边缘计算.                             信计算, 联邦学习, 信息安全.




                             张建标(1969－), 男, 博士, 教授, 博士生导师, 主              黄浩翔(1992－), 男, 博士生, 主要研究领域为可
                            要研究领域为可信计算, 网络安全, 区块链技术.                     信计算, 云计算, 访问控制.