FedPure：基于联邦骨架的动作识别的数据中毒攻击检测和净化

IF 6.8 1区计算机科学 0 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Sciences Pub Date : 2025-09-29 DOI:10.1016/j.ins.2025.122733

Min Hyuk Kim , Eun-Gi Lee , Seok Bong Yoo

{"title":"FedPure：基于联邦骨架的动作识别的数据中毒攻击检测和净化","authors":"Min Hyuk Kim , Eun-Gi Lee , Seok Bong Yoo","doi":"10.1016/j.ins.2025.122733","DOIUrl":null,"url":null,"abstract":"<div><div>Skeleton-based action recognition (SAR) often requires centralized skeleton data, raising serious privacy concerns in deployment scenarios such as healthcare or surveillance. Federated learning (FL) allows SAR models to be trained without sharing raw data and has therefore become an attractive approach for privacy-sensitive, distributed applications such as camera-enabled devices, human–robot interaction, and security monitoring. However, FL-based SAR remains vulnerable to data poisoning attacks. We propose a data poisoning attack detection and purification method for federated SAR, called FedPure. FedPure introduces a fused transform prototype representation, which combines global perspective transforms with subregion transforms to capture spatiotemporal cues. This design enables precise inter-client correlation analysis for malicious client detection. Moreover, a detector comprising inter-client spatiotemporal matching is designed to analyze the correlation between pseudo skeleton data. Furthermore, FedPure improves model robustness by purifying the malicious clients using a disentangled feature-based purifier to maintain data diversity. The experimental results on diverse adversarial attacks, including FGSM, PGD, C&W, Bone Length Attack, and Hard No Box Attack, confirm that FedPure outperforms existing models in SAR accuracy. By providing an integrated detection-and-purification pipeline tailored to federated SAR, FedPure narrows a key gap in privacy-preserving training, enabling safer application of FL-based action recognition. Our code is publicly available at <span><span>https://github.com/alsgur0720/fedpure</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":51063,"journal":{"name":"Information Sciences","volume":"725 ","pages":"Article 122733"},"PeriodicalIF":6.8000,"publicationDate":"2025-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FedPure: Data poisoning attack detection and purification for federated skeleton-based action recognition\",\"authors\":\"Min Hyuk Kim , Eun-Gi Lee , Seok Bong Yoo\",\"doi\":\"10.1016/j.ins.2025.122733\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Skeleton-based action recognition (SAR) often requires centralized skeleton data, raising serious privacy concerns in deployment scenarios such as healthcare or surveillance. Federated learning (FL) allows SAR models to be trained without sharing raw data and has therefore become an attractive approach for privacy-sensitive, distributed applications such as camera-enabled devices, human–robot interaction, and security monitoring. However, FL-based SAR remains vulnerable to data poisoning attacks. We propose a data poisoning attack detection and purification method for federated SAR, called FedPure. FedPure introduces a fused transform prototype representation, which combines global perspective transforms with subregion transforms to capture spatiotemporal cues. This design enables precise inter-client correlation analysis for malicious client detection. Moreover, a detector comprising inter-client spatiotemporal matching is designed to analyze the correlation between pseudo skeleton data. Furthermore, FedPure improves model robustness by purifying the malicious clients using a disentangled feature-based purifier to maintain data diversity. The experimental results on diverse adversarial attacks, including FGSM, PGD, C&W, Bone Length Attack, and Hard No Box Attack, confirm that FedPure outperforms existing models in SAR accuracy. By providing an integrated detection-and-purification pipeline tailored to federated SAR, FedPure narrows a key gap in privacy-preserving training, enabling safer application of FL-based action recognition. Our code is publicly available at <span><span>https://github.com/alsgur0720/fedpure</span><svg><path></path></svg></span>.</div></div>\",\"PeriodicalId\":51063,\"journal\":{\"name\":\"Information Sciences\",\"volume\":\"725 \",\"pages\":\"Article 122733\"},\"PeriodicalIF\":6.8000,\"publicationDate\":\"2025-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Sciences\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0020025525008692\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"0\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0020025525008692","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

基于骨架的动作识别（SAR）通常需要集中的骨架数据，这在医疗保健或监视等部署场景中引发了严重的隐私问题。联邦学习（FL）允许在不共享原始数据的情况下训练SAR模型，因此已成为隐私敏感的分布式应用程序（如支持摄像头的设备、人机交互和安全监控）的一种有吸引力的方法。然而，基于fl的SAR仍然容易受到数据中毒攻击。提出了一种联邦SAR数据中毒攻击检测与净化方法，称为FedPure。FedPure引入了一种融合的变换原型表示，它结合了全局视角变换和子区域变换来捕捉时空线索。该设计能够对恶意客户端进行精确的客户端间相关性分析。此外，设计了包含客户端间时空匹配的检测器来分析伪骨架数据之间的相关性。此外，FedPure通过使用一个基于特征的净化器净化恶意客户端来保持数据的多样性，从而提高了模型的鲁棒性。针对FGSM、PGD、C&；W、骨长攻击和硬无盒攻击等多种对抗性攻击的实验结果证实，FedPure在SAR精度方面优于现有模型。通过提供为联邦SAR量身定制的集成检测和净化管道，FedPure缩小了隐私保护培训方面的关键差距，使基于fl的动作识别应用更加安全。我们的代码可以在https://github.com/alsgur0720/fedpure上公开获得。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

FedPure: Data poisoning attack detection and purification for federated skeleton-based action recognition

Skeleton-based action recognition (SAR) often requires centralized skeleton data, raising serious privacy concerns in deployment scenarios such as healthcare or surveillance. Federated learning (FL) allows SAR models to be trained without sharing raw data and has therefore become an attractive approach for privacy-sensitive, distributed applications such as camera-enabled devices, human–robot interaction, and security monitoring. However, FL-based SAR remains vulnerable to data poisoning attacks. We propose a data poisoning attack detection and purification method for federated SAR, called FedPure. FedPure introduces a fused transform prototype representation, which combines global perspective transforms with subregion transforms to capture spatiotemporal cues. This design enables precise inter-client correlation analysis for malicious client detection. Moreover, a detector comprising inter-client spatiotemporal matching is designed to analyze the correlation between pseudo skeleton data. Furthermore, FedPure improves model robustness by purifying the malicious clients using a disentangled feature-based purifier to maintain data diversity. The experimental results on diverse adversarial attacks, including FGSM, PGD, C&W, Bone Length Attack, and Hard No Box Attack, confirm that FedPure outperforms existing models in SAR accuracy. By providing an integrated detection-and-purification pipeline tailored to federated SAR, FedPure narrows a key gap in privacy-preserving training, enabling safer application of FL-based action recognition. Our code is publicly available at https://github.com/alsgur0720/fedpure.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Sciences 工程技术-计算机：信息系统

CiteScore

14.00

自引率

17.30%

发文量

1322

审稿时长

10.4 months

期刊介绍： Informatics and Computer Science Intelligent Systems Applications is an esteemed international journal that focuses on publishing original and creative research findings in the field of information sciences. We also feature a limited number of timely tutorial and surveying contributions. Our journal aims to cater to a diverse audience, including researchers, developers, managers, strategic planners, graduate students, and anyone interested in staying up-to-date with cutting-edge research in information science, knowledge engineering, and intelligent systems. While readers are expected to share a common interest in information science, they come from varying backgrounds such as engineering, mathematics, statistics, physics, computer science, cell biology, molecular biology, management science, cognitive science, neurobiology, behavioral sciences, and biochemistry.