Fl-CDF: Collaborative defense framework for backdoor mitigation in federated learning

Author

Haiyan ZHANG
Xinghua LI
Yinbin MIAO
Shunjie YUAN
Mengyao ZHU
Ximeng LIU
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Publication Date

12-2025

Abstract

Federated learning (FL) is vulnerable to backdoor attacks due to its distributed nature. Existing unilateral defense mechanisms often fail against persistent attack strategies, primarily due to their limited perspectives. To address the challenge of model misclassification on the server side caused by overlooked model similarity drift, and gradient misjudgment on the client side caused by semantic learning imbalances across classes, this paper proposes a collaborative defense framework for federated learning, termed FL-CDF. FL-CDF establishes an end-to-end defense through a bidirectional client-server collaboration mechanism. Specifically: (1) On the client side, an adversarial perturbation-based malicious neuron detection module is introduced. This module measures neuron activation sensitivity by generating adversarial perturbations, and adaptively prunes backdoor neurons exhibiting high sensitivity. (2) On the server side, a multi-dimensional detection scheme is designed, which integrates neuron localization, adversarial sensitivity, and model parameters. By incorporating client-side feedback on malicious neurons, the server performs robust model aggregation. Theoretical analysis verifies the robustness of FL-CDF, and extensive experiments on public benchmarks demonstrate its effectiveness. In the best-case scenario, FL-CDF improves defense performance by 42.5% compared to current state-of-the-art (SOTA) defense.

Keywords

Neurons, Servers, Training, Perturbation Methods, Electronic Mail, Collaboration, Adaptation Models, Symbols, Sensitivity, Robustness, Federated Learning FL

Discipline

Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

22

Issue

6

First Page

6732

Last Page

6747

ISSN

1545-5971

Identifier

10.1109/TDSC.2025.3590175

Publisher

Institute of Electrical and Electronics Engineers

Citation

ZHANG, Haiyan; LI, Xinghua; MIAO, Yinbin; YUAN, Shunjie; ZHU, Mengyao; LIU, Ximeng; and DENG, Robert H.. Fl-CDF: Collaborative defense framework for backdoor mitigation in federated learning. (2025). IEEE Transactions on Dependable and Secure Computing. 22, (6), 6732-6747.
Available at: https://ink.library.smu.edu.sg/sis_research/10998

Additional URL

https://doi.org/10.1109/TDSC.2025.3590175