AF-MCDC: Active Feedback-Based Malicious Client Dynamic Detection

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-03-24 DOI:10.1016/j.comnet.2025.111234

Hongyu Du , Shouhui Zhang , Xi Xv , Yimu Ji , Sisi Shao , Fei Wu , Shangdong Liu

{"title":"AF-MCDC: Active Feedback-Based Malicious Client Dynamic Detection","authors":"Hongyu Du , Shouhui Zhang , Xi Xv , Yimu Ji , Sisi Shao , Fei Wu , Shangdong Liu","doi":"10.1016/j.comnet.2025.111234","DOIUrl":null,"url":null,"abstract":"<div><div>Federated Learning (FL) has long been known for separating the training and model construction processes, ensuring the privacy of participating clients. However, this separation also introduces a new attack surface. Due to the decentralization feature, Federal Learning is prone to Byzantine attacks. Attackers can deliberately corrupt or malfunction one or more participants in the federated network, disrupting the overall model training process. Researchers have proposed many defense mechanisms to mitigate Byzantine attacks. Their main ideas include eliminating malicious updates that deviate from the overall distribution through similarity detection and avoiding malicious parameters using statistical characteristics. Yet, these defense mechanisms are usually passive, detection only happens on the central server, neglecting the important role of clients. Thus we propose AF-MCDC: Active Feedback-Based Malicious Client Dynamic Detection, a byzantine-robust federated learning method taking advantage of valid clients. What sets AF-MCDC apart from existing robust federated learning methods is its three-pronged defense approach. First, a detection mechanism is deployed on each client to verify the integrity of the distributed global model. If the model fails the integrity check, it will not be used to initialize the local model. On the server side, a decision is made based on the detection results uploaded by the clients, followed by performance scoring using cosine similarity among federated clients. Finally, a dynamic weighting mechanism based on client score rankings is applied to weigh the local models uploaded by all clients, effectively filtering out malicious clients Evaluation of two datasets, MNIST and CIFAR-10, demonstrates that AF-MCDC is robust against a significant portion of malicious clients. Furthermore, even when over half of the clients are malicious, AF-MCDC can still train a global model with performance comparable to the global model learned by FedAvg under non-adversarial conditions.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"263 ","pages":"Article 111234"},"PeriodicalIF":4.4000,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625002026","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning (FL) has long been known for separating the training and model construction processes, ensuring the privacy of participating clients. However, this separation also introduces a new attack surface. Due to the decentralization feature, Federal Learning is prone to Byzantine attacks. Attackers can deliberately corrupt or malfunction one or more participants in the federated network, disrupting the overall model training process. Researchers have proposed many defense mechanisms to mitigate Byzantine attacks. Their main ideas include eliminating malicious updates that deviate from the overall distribution through similarity detection and avoiding malicious parameters using statistical characteristics. Yet, these defense mechanisms are usually passive, detection only happens on the central server, neglecting the important role of clients. Thus we propose AF-MCDC: Active Feedback-Based Malicious Client Dynamic Detection, a byzantine-robust federated learning method taking advantage of valid clients. What sets AF-MCDC apart from existing robust federated learning methods is its three-pronged defense approach. First, a detection mechanism is deployed on each client to verify the integrity of the distributed global model. If the model fails the integrity check, it will not be used to initialize the local model. On the server side, a decision is made based on the detection results uploaded by the clients, followed by performance scoring using cosine similarity among federated clients. Finally, a dynamic weighting mechanism based on client score rankings is applied to weigh the local models uploaded by all clients, effectively filtering out malicious clients Evaluation of two datasets, MNIST and CIFAR-10, demonstrates that AF-MCDC is robust against a significant portion of malicious clients. Furthermore, even when over half of the clients are malicious, AF-MCDC can still train a global model with performance comparable to the global model learned by FedAvg under non-adversarial conditions.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.