Articles producció científicaEnginyeria Informàtica i Matemàtiques

FL-Defender: Combating targeted attacks in federated learning

  • Datos identificativos

    Identificador:  imarina:9287550
    Handlehttps://hdl.handle.net/20.500.11797/imarina9287550
    Autores:  Jebreel, NM; Domingo-Ferrer, J
    Resumen:
    Federated learning (FL) enables learning a global machine learning model from data distributed among a set of participating workers. This makes it possible (i) to train more accurate models due to learning from rich, joint training data and (ii) to improve privacy by not sharing the workers’ local private data with others. However, the distributed nature of FL makes it vulnerable to targeted poisoning attacks that negatively impact on the integrity of the learned model while, unfortunately, being difficult to detect. Existing defenses against those attacks are limited by assumptions on the workers’ data distribution and/or are ill-suited to high-dimensional models. In this paper, we analyze targeted attacks against FL, specifically label-flipping and backdoor attacks, and find that the neurons in the last layer of a deep learning (DL) model that are related to these attacks exhibit a different behavior from the unrelated neurons. This makes the last-layer gradients valuable features for attack detection. Accordingly, we propose FL-Defender to combat FL targeted attacks. It consists of (i) engineering robust discriminative features by calculating the worker-wise angle similarity for the workers’ last-layer gradients, (ii) compressing the resulting similarity vectors using PCA to reduce redundant information, and (iii) re-weighting the workers’ updates based on their deviation from the centroid of the compressed similarity vectors. Experiments on three data sets show the effectiveness of our method in defending against label-flipping and backdoor attacks. Compared to several state-of-the-art defenses, FL-Defender achieves the lowest attack success rates while maintaining the main task accuracy.

  • Otros:

    Enlace a la fuente original: https://www.sciencedirect.com/science/article/abs/pii/S0950705122012746
    Referencia de l'ítem segons les normes APA: Jebreel, NM; Domingo-Ferrer, J (2023). FL-Defender: Combating targeted attacks in federated learning. KNOWLEDGE-BASED SYSTEMS, 260(), 110178-. DOI: 10.1016/j.knosys.2022.110178
    Referencia al articulo segun fuente origial: KNOWLEDGE-BASED SYSTEMS. 260 110178-
    DOI del artículo: 10.1016/j.knosys.2022.110178
    Año de publicación de la revista: 2023-01-25
    Entidad: Universitat Rovira i Virgili
    Versión del articulo depositado: info:eu-repo/semantics/acceptedVersion
    Fecha de alta del registro: 2026-05-09
    Autor/es de la URV: Domingo Ferrer, Josep
    Departamento: Enginyeria Informàtica i Matemàtiques
    URL Documento de licencia: https://repositori.urv.cat/ca/proteccio-de-dades/
    Tipo de publicación: Journal Publications
    Autor según el artículo: Jebreel, NM; Domingo-Ferrer, J
    Acceso a la licencia de uso: https://creativecommons.org/licenses/by/3.0/es/
    Áreas temáticas: Software, Management information systems, Information systems and management, Información y documentación, Engenharias iv, Economia, Comunicación e información, Computer science, artificial intelligence, Ciencias sociales, Ciência da computação, Artificial intelligence, Administração pública e de empresas, ciências contábeis e turismo
    Direcció de correo del autor: josep.domingo@urv.cat, josep.domingo@urv.cat, josep.domingo@urv.cat, josep.domingo@urv.cat

  • Palabras clave:

    Targeted poisoning attacks
    Security and robustness
    Label-flipping attacks
    Federated learning
    Backdoor attacks
    Artificial Intelligence
    Computer Science
    Information Systems and Management
    Management Information Systems
    Software
    Información y documentación
    Engenharias iv
    Economia
    Comunicación e información
    Ciencias sociales
    Ciência da computação
    Administração pública e de empresas
    ciências contábeis e turismo

  • Documentos:

    DocumentPrincipal

  • Cerca a google

    Search to google scholar