EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Robust Federated Learning Against Targeted Attackers Using Model Updates Correlation

Priyesh Ranjan (), Ashish Gupta () and Sajal K. Das ()
Additional contact information
Priyesh Ranjan: Missouri University of Science and Technology
Ashish Gupta: Dubai Campus
Sajal K. Das: Missouri University of Science and Technology

A chapter in Handbook of Trustworthy Federated Learning, 2025, pp 109-147 from Springer

Abstract: Abstract Robust federated learning is an emerging paradigm in machine learning that addresses the challenges of training accurate and secure models in decentralized and privacy-constrained environments. By leveraging the power of collaborative learning, this paradigm also ensures robustness against model attackers. However, federated learning setups are especially vulnerable against various targeted attacks including label-flipping and backdoor attacks. To combat this, similarity between client weight updates has gained increased traction as a reliable metric for attacker detection. In this chapter, we describe some of the works tackling targeted attacks by leveraging model similarity. We then present a graph theoretic formulation that leverages model correlations and introduce two novel graph theoretic algorithms MST-AD and Density-AD for the detection of targeted adversaries. The limitations of similarity based algorithms in distributed attack settings are then acknowledged. To combat these attacks, we introduce a divergence-based algorithm called Div-DBAD and establish its superiority on distributed backdoor attacks done on the setup. Experimental analysis on two standard machine learning datasets establishes the superiority of the Density-AD and the MST-AD algorithms against targeted attacks and the Div-DBAD algorithm against distributed backdoor attacks. For both the scenarios, the proposed algorithms are able to outperform the existing state of the art and maintain a lower success rate for the attacks while observing minimal drops in model performance.

Date: 2025
References: Add references at CitEc
Citations:

There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:spr:spochp:978-3-031-58923-2_4

Ordering information: This item can be ordered from
http://www.springer.com/9783031589232

DOI: 10.1007/978-3-031-58923-2_4

Access Statistics for this chapter

More chapters in Springer Optimization and Its Applications from Springer
Bibliographic data for series maintained by Sonal Shukla () and Springer Nature Abstracting and Indexing ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-04-01
Handle: RePEc:spr:spochp:978-3-031-58923-2_4