A defense mechanism for federated learning in AIoT through critical gradient dimension extraction

IF 4.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-03-05 DOI:10.1016/j.comcom.2025.108114

Jian Xu , Bing Guo , Fei Chen , Yan Shen , Shengxin Dai , Cheng Dai , Yuchuan Hu

{"title":"A defense mechanism for federated learning in AIoT through critical gradient dimension extraction","authors":"Jian Xu , Bing Guo , Fei Chen , Yan Shen , Shengxin Dai , Cheng Dai , Yuchuan Hu","doi":"10.1016/j.comcom.2025.108114","DOIUrl":null,"url":null,"abstract":"<div><div>Leveraging the distributed nature of the Internet of Things (IoT), Federated Learning (FL) facilitates knowledge transfer among heterogeneous IoT devices, enhancing the capabilities of Artificial Intelligence of Things (AIoT) while preserving data privacy. However, FL is susceptible to poisoning attacks such as label flipping, Gaussian, and backdoor attacks. Most existing defense strategies rely on robust aggregation algorithms that use the statistical properties of gradient vectors to counteract poisoning attacks, however, they often overlook the non-independent and identically distributed (non-iid) nature of client data, limiting their effectiveness in the IoT. We propose a method that combines cross-node Top-k gradient vector compression and Principal Component Analysis (PCA) dimensionality reduction to extract critical gradient dimensions. By clustering these essential dimensions and performing filtering, our approach effectively distinguishes malicious from benign clients in non-iid data scenarios. Additionally, we introduce a client trust-score assessment mechanism that continuously monitors client behavior and applies secondary filtering, further improving the identification of malicious clients. Experimental results on the CIFAR-10, MNIST, DomainNet, and Flowers102 datasets demonstrate that our method achieves higher model accuracy and robustness in non-iid data settings compared to existing defense strategies.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108114"},"PeriodicalIF":4.5000,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425000714","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Leveraging the distributed nature of the Internet of Things (IoT), Federated Learning (FL) facilitates knowledge transfer among heterogeneous IoT devices, enhancing the capabilities of Artificial Intelligence of Things (AIoT) while preserving data privacy. However, FL is susceptible to poisoning attacks such as label flipping, Gaussian, and backdoor attacks. Most existing defense strategies rely on robust aggregation algorithms that use the statistical properties of gradient vectors to counteract poisoning attacks, however, they often overlook the non-independent and identically distributed (non-iid) nature of client data, limiting their effectiveness in the IoT. We propose a method that combines cross-node Top-k gradient vector compression and Principal Component Analysis (PCA) dimensionality reduction to extract critical gradient dimensions. By clustering these essential dimensions and performing filtering, our approach effectively distinguishes malicious from benign clients in non-iid data scenarios. Additionally, we introduce a client trust-score assessment mechanism that continuously monitors client behavior and applies secondary filtering, further improving the identification of malicious clients. Experimental results on the CIFAR-10, MNIST, DomainNet, and Flowers102 datasets demonstrate that our method achieves higher model accuracy and robustness in non-iid data settings compared to existing defense strategies.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.