Defense against backdoor attacks in federated learning with robust adaptive learning rates

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-26 DOI:10.1016/j.comnet.2025.111720

Hongtao Li , Yongjun Fang , Jie Wang , Xianglin Li , Bo Wang

{"title":"Defense against backdoor attacks in federated learning with robust adaptive learning rates","authors":"Hongtao Li , Yongjun Fang , Jie Wang , Xianglin Li , Bo Wang","doi":"10.1016/j.comnet.2025.111720","DOIUrl":null,"url":null,"abstract":"<div><div>Federated Learning (FL) serves as a privacy-preserving paradigm that not only protects user privacy, but also improves model generalization ability and data security. However, by launching a backdoor attack, a vicious client can embed the backdoor in a the global model to deviate the direction of the model update, leading to the desired misclassification. To defend against backdoor attacks, we proposes a Robust Adaptive Learning Rate method (RALR). RALR takes into account the way of voting the gradient symbols of the clients by dimension, which means that no single client will have too much power. In addition, RALR adaptively finds the learning threshold so that the symbol voting value of each dimension reaches a certain number before it can participate in the global aggregation, and the bad influence of backdoor attackers on the global model training will be weakened as a result. In addition, the introduction of the sign gradient mechanism effectively protects the privacy of the update parameters. RALR not only ensures the performance of the main task under different experimental conditions, but also effectively eliminates the backdoor. The experimental results show that the robust adaptive learning rate method can defend against the backdoor attack very effectively. The successful rate of the attack is reduced to 1.9 % compared to the existing defense.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111720"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006863","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning (FL) serves as a privacy-preserving paradigm that not only protects user privacy, but also improves model generalization ability and data security. However, by launching a backdoor attack, a vicious client can embed the backdoor in a the global model to deviate the direction of the model update, leading to the desired misclassification. To defend against backdoor attacks, we proposes a Robust Adaptive Learning Rate method (RALR). RALR takes into account the way of voting the gradient symbols of the clients by dimension, which means that no single client will have too much power. In addition, RALR adaptively finds the learning threshold so that the symbol voting value of each dimension reaches a certain number before it can participate in the global aggregation, and the bad influence of backdoor attackers on the global model training will be weakened as a result. In addition, the introduction of the sign gradient mechanism effectively protects the privacy of the update parameters. RALR not only ensures the performance of the main task under different experimental conditions, but also effectively eliminates the backdoor. The experimental results show that the robust adaptive learning rate method can defend against the backdoor attack very effectively. The successful rate of the attack is reduced to 1.9 % compared to the existing defense.

查看原文本刊更多论文

利用鲁棒自适应学习率防御联邦学习中的后门攻击

联邦学习（FL）作为一种隐私保护范式，既保护了用户隐私，又提高了模型泛化能力和数据安全性。然而，恶意客户端通过发起后门攻击，可以将后门嵌入到全局模型中，从而偏离模型更新的方向，从而导致预期的错误分类。为了防御后门攻击，我们提出了一种鲁棒自适应学习率方法（RALR）。RALR考虑了按维对客户端的梯度符号进行投票的方式，这意味着单个客户端不会拥有过多的权力。此外，RALR自适应地找到学习阈值，使每个维度的符号投票值达到一定数量后才能参与全局聚合，从而减弱后门攻击者对全局模型训练的不良影响。此外，引入了符号梯度机制，有效地保护了更新参数的私密性。RALR不仅保证了主任务在不同实验条件下的性能，而且有效地消除了后门。实验结果表明，鲁棒自适应学习率方法可以有效防御后门攻击。与现有防御相比，攻击成功率降低到1.9%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.