UDFed: A Universal Defense Scheme for Various Poisoning Attacks on Federated Learning

Abstract

Federated learning (FL), as a distributed machine learning paradigm with privacy protection, has garnered significant attention since it prevents the exchange of raw local data. However, FL remains vulnerable to poisoning attacks, including data contamination and gradient manipulation. Moreover, attackers may launch individual or collusive attacks, complicating the identification of malicious clients. To address these challenges, we propose a universal poisoning defense framework incorporating three key strategies. First, we decouple client identities from gradients through anonymous obfuscation and enhance privacy with differential noise injection. Second, we detect potential detect potential collusive attackers via a joint similarity-based approach. Third, we apply an iterative low rank approximation-based anomaly detection to amplify discrepancies between benign and malicious clients and progressively filter out attackers. We theoretically demonstrate that anonymous obfuscation can enhance the privacy protection capability of differential privacy. Additionally, experimental results further validate that our scheme is comparable to or outperforms state-of-the-art defense methods against a variety of data and model poisoning attacks.