A lightweight secret-sharing-based defense against model poisoning attacks in privacy-preserving federated learning

IF 4.3 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-07-19 DOI:10.1016/j.comcom.2025.108272

Hengheng Xiong, Jiguang Lv, Dapeng Man, Yukun Zhu, Tao Liu, Huanran Wang, Chen Xu, Wu Yang

{"title":"A lightweight secret-sharing-based defense against model poisoning attacks in privacy-preserving federated learning","authors":"Hengheng Xiong, Jiguang Lv, Dapeng Man, Yukun Zhu, Tao Liu, Huanran Wang, Chen Xu, Wu Yang","doi":"10.1016/j.comcom.2025.108272","DOIUrl":null,"url":null,"abstract":"<div><div>As Artificial Intelligence of Things (AIoT) converges with Privacy-Preserving Federated Learning (PPFL), the challenge of defending against model poisoning attacks emerges as increasingly critical. Due to PPFL’s cryptographic protocols for protecting gradient exchanges, detecting poisoning attacks becomes challenging. Traditional defense mechanisms rely on plaintext gradient analysis and thus cannot be directly applied to encrypted gradients. Although homomorphic encryption-based defense schemes enable secure computations on encrypted data, their substantial computational overhead makes them impractical for resource-constrained Internet of Things (IoT) deployments. To address these challenges, we propose a Secret-Sharing-based Defense Framework (SSDF), a lightweight scheme that enables efficient similarity calculations on encrypted gradients under secure aggregation protocols. Our scheme facilitates robust aggregation of encrypted parameters in resource-constrained edge computing environments while protecting the privacy of local model updates. Extensive experiments on four datasets demonstrate that our proposed scheme provides robust defense capabilities against poisoning attacks for both Independent and Identically Distributed (IID) and non-IID data.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"242 ","pages":"Article 108272"},"PeriodicalIF":4.3000,"publicationDate":"2025-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425002294","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

As Artificial Intelligence of Things (AIoT) converges with Privacy-Preserving Federated Learning (PPFL), the challenge of defending against model poisoning attacks emerges as increasingly critical. Due to PPFL’s cryptographic protocols for protecting gradient exchanges, detecting poisoning attacks becomes challenging. Traditional defense mechanisms rely on plaintext gradient analysis and thus cannot be directly applied to encrypted gradients. Although homomorphic encryption-based defense schemes enable secure computations on encrypted data, their substantial computational overhead makes them impractical for resource-constrained Internet of Things (IoT) deployments. To address these challenges, we propose a Secret-Sharing-based Defense Framework (SSDF), a lightweight scheme that enables efficient similarity calculations on encrypted gradients under secure aggregation protocols. Our scheme facilitates robust aggregation of encrypted parameters in resource-constrained edge computing environments while protecting the privacy of local model updates. Extensive experiments on four datasets demonstrate that our proposed scheme provides robust defense capabilities against poisoning attacks for both Independent and Identically Distributed (IID) and non-IID data.

查看原文本刊更多论文

隐私保护联邦学习中基于轻量级秘密共享的模型中毒攻击防御

随着人工智能（AIoT）与保护隐私的联邦学习（PPFL）的融合，防御模型中毒攻击的挑战变得越来越重要。由于PPFL用于保护梯度交换的加密协议，检测中毒攻击变得具有挑战性。传统的防御机制依赖于明文梯度分析，不能直接应用于加密梯度。尽管基于同态加密的防御方案能够对加密数据进行安全计算，但它们的大量计算开销使得它们不适合资源受限的物联网（IoT）部署。为了应对这些挑战，我们提出了一种基于秘密共享的防御框架（SSDF），这是一种轻量级方案，可以在安全聚合协议下对加密梯度进行有效的相似性计算。我们的方案促进了资源受限边缘计算环境中加密参数的鲁棒聚合，同时保护了局部模型更新的隐私性。在四个数据集上的大量实验表明，我们提出的方案为独立和同分布（IID）和非IID数据提供了强大的防御中毒攻击的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.