Publication Type

Journal Article

Version

acceptedVersion

Publication Date

6-2025

Abstract

Federated learning (FL), as a powerful learning paradigm, trains a shared model by aggregating model updates from distributed clients. However, the decoupling of model learning from local data makes FL highly vulnerable to backdoor attacks, where a single compromised client can poison the shared model. While recent progress has been made in backdoor detection, existing methods face challenges with detection accuracy and runtime effectiveness, particularly when dealing with complex model architectures. In this work, we propose a novel approach to detecting malicious clients in an accurate, stable, and efficient manner. Our method utilizes a sampling-based network representation method to quantify dissimilarities between clients, identifying model deviations caused by backdoor injections. We also propose an iterative algorithm to progressively detect and exclude malicious clients as outliers based on these dissimilarity measurements. Evaluations across a range of benchmark tasks demonstrate that our approach outperforms state-of-the-art methods in detection accuracy and defense effectiveness. When deployed for runtime protection, our approach effectively eliminates backdoor injections with marginal overheads.

Keywords

Computational Modeling, Training, Data Models, Runtime, Accuracy, Predictive Models, Servers, Federated Learning, Inspection, Filters, Backdoor Detection, Federated Learning

Discipline

Artificial Intelligence and Robotics

Research Areas

Intelligent Systems and Optimization

Areas of Excellence

Digital transformation

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

22

Issue

5

First Page

4607

Last Page

4624

ISSN

1545-5971

Identifier

10.1109/TDSC.2025.3550330

Publisher

Institute of Electrical and Electronics Engineers

Additional URL

https://doi.ieeecomputersociety.org/10.1109/TDSC.2025.3550330

Download

Share

COinS