FLAT: Latent-Driven Arbitrary-Target Backdoor Attacks in Federated Learning
This addresses a security vulnerability in federated learning systems, posing a threat to decentralized machine learning applications, and is incremental by enhancing flexibility and stealth over prior fixed-pattern attacks.
The paper tackles the problem of inflexible and detectable backdoor attacks in federated learning by proposing FLAT, a latent-driven conditional autoencoder method that generates diverse, target-specific triggers, achieving high attack success and robustness against defenses.
Federated learning (FL) is vulnerable to backdoor attacks, yet most existing methods are limited by fixed-pattern or single-target triggers, making them inflexible and easier to detect. We propose FLAT (FL Arbitrary-Target Attack), a novel backdoor attack that leverages a latent-driven conditional autoencoder to generate diverse, target-specific triggers as needed. By introducing a latent code, FLAT enables the creation of visually adaptive and highly variable triggers, allowing attackers to select arbitrary targets without retraining and to evade conventional detection mechanisms. Our approach unifies attack success, stealth, and diversity within a single framework, introducing a new level of flexibility and sophistication to backdoor attacks in FL. Extensive experiments show that FLAT achieves high attack success and remains robust against advanced FL defenses. These results highlight the urgent need for new defense strategies to address latent-driven, multi-target backdoor threats in federated settings.