FedNIA: Noise-Induced Activation Analysis for Mitigating Data Poisoning in FL
This addresses security vulnerabilities in federated learning systems, particularly against collaborative attacks, though it appears incremental as it builds on existing defense concepts.
The paper tackles the problem of data poisoning attacks in federated learning by proposing FedNIA, a defense framework that identifies and excludes adversarial clients without a central test dataset, achieving effectiveness and robustness against diverse attack types in non-iid settings.
Federated learning systems are increasingly threatened by data poisoning attacks, where malicious clients compromise global models by contributing tampered updates. Existing defenses often rely on impractical assumptions, such as access to a central test dataset, or fail to generalize across diverse attack types, particularly those involving multiple malicious clients working collaboratively. To address this, we propose Federated Noise-Induced Activation Analysis (FedNIA), a novel defense framework to identify and exclude adversarial clients without relying on any central test dataset. FedNIA injects random noise inputs to analyze the layerwise activation patterns in client models leveraging an autoencoder that detects abnormal behaviors indicative of data poisoning. FedNIA can defend against diverse attack types, including sample poisoning, label flipping, and backdoors, even in scenarios with multiple attacking nodes. Experimental results on non-iid federated datasets demonstrate its effectiveness and robustness, underscoring its potential as a foundational approach for enhancing the security of federated learning systems.