Federated Learning (FL), which facilitates collaborative model training and protects users’ privacy, has drawn great interest from the research community. With FL, participants train their models on local data and submit the corresponding updates for aggregation to a server. While concealing the identities of the participants, FL may attract adversaries in order to hamper the underlying model. In this paper, we propose an FL framework, FedDOT, to defend against adversaries performing targeted attacks. FedDOT incorporates two powerful defense algorithms, Maximum Spanning Tree based attacker detection (MSTAD) and Densest graph based attacker detection (Density-AD), which leverage correlation between weight updates and graph theory concepts, maximum spanning tree, and densest graph. With a goal to withstand an overwhelming number of attackers, our algorithms provide strong solutions to aid an FL server, even in overwhelming scenarios where adversaries constitute more than half of the participants. Along with theoretical bounds in correlation space, a rigorous experimental analysis using image classification datasets is carried out to validate the robustness of the FedDOT framework in non-iid settings, which ascertains the superiority of the models against the state-of-the-art methods using a variety of metrics evaluating the accuracy and attack detection rate. With an attack success rate of < 10% for targeted attacks like single-label flipping, multi-label flipping, and backdoor, FedDOT successfully defends against overwhelming adversaries with a marginal accuracy drop of less than 2%.
FedDOT: Defending Federated Learning Against Overwhelming Targeted Attacks
Coro Federico;
2026
Abstract
Federated Learning (FL), which facilitates collaborative model training and protects users’ privacy, has drawn great interest from the research community. With FL, participants train their models on local data and submit the corresponding updates for aggregation to a server. While concealing the identities of the participants, FL may attract adversaries in order to hamper the underlying model. In this paper, we propose an FL framework, FedDOT, to defend against adversaries performing targeted attacks. FedDOT incorporates two powerful defense algorithms, Maximum Spanning Tree based attacker detection (MSTAD) and Densest graph based attacker detection (Density-AD), which leverage correlation between weight updates and graph theory concepts, maximum spanning tree, and densest graph. With a goal to withstand an overwhelming number of attackers, our algorithms provide strong solutions to aid an FL server, even in overwhelming scenarios where adversaries constitute more than half of the participants. Along with theoretical bounds in correlation space, a rigorous experimental analysis using image classification datasets is carried out to validate the robustness of the FedDOT framework in non-iid settings, which ascertains the superiority of the models against the state-of-the-art methods using a variety of metrics evaluating the accuracy and attack detection rate. With an attack success rate of < 10% for targeted attacks like single-label flipping, multi-label flipping, and backdoor, FedDOT successfully defends against overwhelming adversaries with a marginal accuracy drop of less than 2%.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
