Detection of Malicious Clients in Federated Learning Using Graph Neural Network

IF 3.4 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Access Pub Date : 2025-04-30 DOI:10.1109/ACCESS.2025.3565712

Anee Sharma;Ningrinla Marchang

{"title":"Detection of Malicious Clients in Federated Learning Using Graph Neural Network","authors":"Anee Sharma;Ningrinla Marchang","doi":"10.1109/ACCESS.2025.3565712","DOIUrl":null,"url":null,"abstract":"Federated Learning (FL) facilitates decentralized model training without the exchange of raw data, thereby guaranteeing privacy. However, due to its distributed nature, this paradigm is susceptible to adversarial threats such as sign-flipping attacks, in which malicious clients reverse model parameter signs in order to poison the global aggregation process. This study introduces a detection framework that is graph-based and leverages Graph Attention Networks (GATs) to overcome these challenges. The framework detects malicious clients with high accuracy by representing FL local models as directed graphs and capturing layer-wise statistical features. The efficacy of the approach is demonstrated by extensive experiments on the FEMNIST dataset, which simulate varying attacker percentages (15%, 35%) and attack probabilities (0.5, 0.7, 1.0). The GAT model obtains a 100% detection rate with zero false positives within an optimal threshold range of 0.5–0.9, as demonstrated by the results. Furthermore, isolating detected attackers during targeted rounds (20-60) substantially maintains FL global model performance, thereby mitigating the cascading effects of poisoned updates and ensuring system stability. This work offers a practicable, scalable, and robust solution to improve the security of FL systems against adversarial behaviors.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"77952-77972"},"PeriodicalIF":3.4000,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10980311","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10980311/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning (FL) facilitates decentralized model training without the exchange of raw data, thereby guaranteeing privacy. However, due to its distributed nature, this paradigm is susceptible to adversarial threats such as sign-flipping attacks, in which malicious clients reverse model parameter signs in order to poison the global aggregation process. This study introduces a detection framework that is graph-based and leverages Graph Attention Networks (GATs) to overcome these challenges. The framework detects malicious clients with high accuracy by representing FL local models as directed graphs and capturing layer-wise statistical features. The efficacy of the approach is demonstrated by extensive experiments on the FEMNIST dataset, which simulate varying attacker percentages (15%, 35%) and attack probabilities (0.5, 0.7, 1.0). The GAT model obtains a 100% detection rate with zero false positives within an optimal threshold range of 0.5–0.9, as demonstrated by the results. Furthermore, isolating detected attackers during targeted rounds (20-60) substantially maintains FL global model performance, thereby mitigating the cascading effects of poisoned updates and ensuring system stability. This work offers a practicable, scalable, and robust solution to improve the security of FL systems against adversarial behaviors.

查看原文本刊更多论文

基于图神经网络的联邦学习中恶意客户端的检测

联邦学习（FL）在不交换原始数据的情况下促进分散的模型训练，从而保证隐私。然而，由于其分布式特性，这种范式容易受到对抗性威胁，例如符号翻转攻击，在这种攻击中，恶意客户端颠倒模型参数符号以毒害全局聚合过程。本研究引入了一个基于图的检测框架，并利用图注意网络（GATs）来克服这些挑战。该框架通过将FL局部模型表示为有向图并捕获分层统计特征来高精度地检测恶意客户端。FEMNIST数据集上的大量实验证明了该方法的有效性，该数据集模拟了不同的攻击者百分比（15%,35%）和攻击概率（0.5,0.7,1.0）。结果表明，GAT模型在0.5-0.9的最佳阈值范围内获得了100%的检测率和零误报。此外，在目标轮（20-60）中隔离检测到的攻击者可以有效地维护FL全局模型性能，从而减轻有毒更新的级联效应并确保系统稳定性。这项工作提供了一个可行的、可扩展的和健壮的解决方案，以提高FL系统对对抗行为的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.