A4FL: Federated Adversarial Defense via Adversarial Training and Pruning Against Backdoor Attack
Backdoor attacks threaten federated learning (FL) models, where malicious participants embed hidden triggers into local models during training. These triggers can compromise crucial applications, such as autonomous systems, when they activate specific inputs, causing a targeted misclassification in...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10992684/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Backdoor attacks threaten federated learning (FL) models, where malicious participants embed hidden triggers into local models during training. These triggers can compromise crucial applications, such as autonomous systems, when they activate specific inputs, causing a targeted misclassification in the global model. We recommend a strong defense mechanism that combines statistical testing, model refinement, and adversarial training methods. The primary goal is to develop a robust defense against backdoor attacks in federated learning (FL), where malicious participants embed hidden triggers into local models. This defense aims to preserve the integrity of the global model and ensure high reliability in real-world FL deployments, even when facing sophisticated adversarial strategies. Our defense strategy incorporates “Messy” samples with obvious triggers and “wrap” samples with similar but nonidentical triggers during adversarial training. This dual approach enhances the model’s ability to detect and resist hidden manipulations. We facilitate applying neuron pruning to remove compromised neurons, further refining the model architecture for improved security. Continuous statistical testing, including variance analysis and cosine similarity checks, ensures that only legitimate and significant updates are integrated into the global model. A key innovation of our method is a significance-based filtering mechanism that effectively identifies and excludes malicious updates, preventing backdoor triggers from affecting the global model. This iterative defense process adapts to attack strategies, maintaining the model’s robustness. Empirical results confirm that this defense mechanism significantly improves FL models’ resilience to sophisticated backdoor attacks while preserving high accuracy and reliability. Balancing defensive strategies from adversarial training and sample diversification to model pruning provides a dependable framework for safeguarding FL models where integrity and security are critical. Experimental results demonstrate that our defense mechanism significantly enhances FL models’ resistance to sophisticated backdoor attacks while maintaining high accuracy and reliability in real-world deployments. These solutions ensure the potential significance of balanced defense solutions, which offer strong protection against adversarial backdoor assaults. This framework provides a dependable solution for securing FL models in environments where integrity and security are paramount. |
|---|---|
| ISSN: | 2169-3536 |