Scientific Reports (Aug 2024)

Identifying alternately poisoning attacks in federated learning online using trajectory anomaly detection method

  • Zhiying Ding,
  • Wenshuo Wang,
  • Xu Li,
  • Xuan Wang,
  • Gwanggil Jeon,
  • Jindong Zhao,
  • Chunxiao Mu

DOI
https://doi.org/10.1038/s41598-024-70375-w
Journal volume & issue
Vol. 14, no. 1
pp. 1 – 11

Abstract

Read online

Abstract Implicit poisoning in federated learning is a significant threat, with malicious nodes subtly altering gradient parameters each round, making detection difficult. This study investigates this problem, revealing that temporal analysis alone struggles to identify such covert attacks, which can bypass online methods like cosine similarity and clustering. Common detection methods rely on offline analysis, resulting in delayed responses. However, recalculating gradient updates reveals distinct characteristics of malicious clients. Based on this finding, we designed a privacy-preserving detection algorithm using trajectory anomaly detection. Singular values of matrices are used as features, and an improved Isolation Forest algorithm processes these to detect malicious behavior. Experiments on MNIST, FashionMNIST, and CIFAR-10 datasets show our method achieves 94.3% detection accuracy and a false positive rate below 1.2%, indicating its high accuracy and effectiveness in detecting implicit model poisoning attacks.

Keywords