Securing Federated Learning against Backdoor Threats with Foundation Model Integration
This addresses security vulnerabilities in FL systems for privacy-preserving decentralized training, though it is incremental as it builds on existing FL and FM integration.
The paper tackles the problem of novel backdoor attacks in Federated Learning (FL) that exploit Foundation Models (FMs) to compromise synthetic data, proposing a data-free defense strategy that constrains internal activations to mitigate attacks while preserving model functionality, with experiments showing it outperforms existing defenses.
Federated Learning (FL) enables decentralized model training while preserving privacy. Recently, the integration of Foundation Models (FMs) into FL has enhanced performance but introduced a novel backdoor attack mechanism. Attackers can exploit FM vulnerabilities to embed backdoors into synthetic data generated by FMs. During global model fusion, these backdoors are transferred to the global model through compromised synthetic data, subsequently infecting all client models. Existing FL backdoor defenses are ineffective against this novel attack due to its fundamentally different mechanism compared to classic ones. In this work, we propose a novel data-free defense strategy that addresses both classic and novel backdoor attacks in FL. The shared attack pattern lies in the abnormal activations within the hidden feature space during model aggregation. Hence, we propose to constrain internal activations to remain within reasonable ranges, effectively mitigating attacks while preserving model functionality. The activation constraints are optimized using synthetic data alongside FL training. Extensive experiments demonstrate its effectiveness against both novel and classic backdoor attacks, outperforming existing defenses.