A defense mechanism for federated learning in AIoT through critical gradient dimension extraction

IF 4.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-03-05 DOI:10.1016/j.comcom.2025.108114

Jian Xu , Bing Guo , Fei Chen , Yan Shen , Shengxin Dai , Cheng Dai , Yuchuan Hu

{"title":"A defense mechanism for federated learning in AIoT through critical gradient dimension extraction","authors":"Jian Xu , Bing Guo , Fei Chen , Yan Shen , Shengxin Dai , Cheng Dai , Yuchuan Hu","doi":"10.1016/j.comcom.2025.108114","DOIUrl":null,"url":null,"abstract":"<div><div>Leveraging the distributed nature of the Internet of Things (IoT), Federated Learning (FL) facilitates knowledge transfer among heterogeneous IoT devices, enhancing the capabilities of Artificial Intelligence of Things (AIoT) while preserving data privacy. However, FL is susceptible to poisoning attacks such as label flipping, Gaussian, and backdoor attacks. Most existing defense strategies rely on robust aggregation algorithms that use the statistical properties of gradient vectors to counteract poisoning attacks, however, they often overlook the non-independent and identically distributed (non-iid) nature of client data, limiting their effectiveness in the IoT. We propose a method that combines cross-node Top-k gradient vector compression and Principal Component Analysis (PCA) dimensionality reduction to extract critical gradient dimensions. By clustering these essential dimensions and performing filtering, our approach effectively distinguishes malicious from benign clients in non-iid data scenarios. Additionally, we introduce a client trust-score assessment mechanism that continuously monitors client behavior and applies secondary filtering, further improving the identification of malicious clients. Experimental results on the CIFAR-10, MNIST, DomainNet, and Flowers102 datasets demonstrate that our method achieves higher model accuracy and robustness in non-iid data settings compared to existing defense strategies.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108114"},"PeriodicalIF":4.5000,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425000714","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Leveraging the distributed nature of the Internet of Things (IoT), Federated Learning (FL) facilitates knowledge transfer among heterogeneous IoT devices, enhancing the capabilities of Artificial Intelligence of Things (AIoT) while preserving data privacy. However, FL is susceptible to poisoning attacks such as label flipping, Gaussian, and backdoor attacks. Most existing defense strategies rely on robust aggregation algorithms that use the statistical properties of gradient vectors to counteract poisoning attacks, however, they often overlook the non-independent and identically distributed (non-iid) nature of client data, limiting their effectiveness in the IoT. We propose a method that combines cross-node Top-k gradient vector compression and Principal Component Analysis (PCA) dimensionality reduction to extract critical gradient dimensions. By clustering these essential dimensions and performing filtering, our approach effectively distinguishes malicious from benign clients in non-iid data scenarios. Additionally, we introduce a client trust-score assessment mechanism that continuously monitors client behavior and applies secondary filtering, further improving the identification of malicious clients. Experimental results on the CIFAR-10, MNIST, DomainNet, and Flowers102 datasets demonstrate that our method achieves higher model accuracy and robustness in non-iid data settings compared to existing defense strategies.

查看原文本刊更多论文

基于临界梯度维数提取的AIoT联合学习防御机制

利用物联网（IoT）的分布式特性，联邦学习（FL）促进了异构物联网设备之间的知识转移，增强了物联网人工智能（AIoT）的能力，同时保护了数据隐私。但是，FL容易受到标签翻转、高斯攻击和后门攻击等中毒攻击。大多数现有的防御策略依赖于鲁棒聚合算法，这些算法使用梯度向量的统计特性来抵消中毒攻击，然而，它们往往忽略了客户端数据的非独立和同分布（非iid）性质，限制了它们在物联网中的有效性。提出了一种结合跨节点Top-k梯度向量压缩和主成分分析降维的方法来提取临界梯度维数。通过对这些基本维度进行聚类并执行过滤，我们的方法可以在非id数据场景中有效区分恶意客户端和良性客户端。此外，我们引入了客户信任评分评估机制，该机制持续监控客户端行为并应用二次过滤，进一步提高了对恶意客户端的识别。在CIFAR-10、MNIST、DomainNet和Flowers102数据集上的实验结果表明，与现有的防御策略相比，我们的方法在非id数据设置中具有更高的模型精度和鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.