Adaptive Federated Learning Defences via Trust-Aware Deep Q-Networks
This addresses security issues in federated learning for distributed machine learning systems, presenting an incremental improvement over existing defence methods.
The paper tackles the vulnerability of federated learning to poisoning and backdoor attacks by formulating defence as a partially observable sequential decision problem and introducing a trust-aware Deep Q-Network that integrates multi-signal evidence into client trust updates. On CIFAR-10, it shows that DQN achieves the best robustness-accuracy trade-off compared to other controllers, with results including improved accuracy and reduced attack success rate (ASR) under certain conditions.
Federated learning is vulnerable to poisoning and backdoor attacks under partial observability. We formulate defence as a partially observable sequential decision problem and introduce a trust-aware Deep Q-Network that integrates multi-signal evidence into client trust updates while optimizing a long-horizon robustness--accuracy objective. On CIFAR-10, we (i) establish a baseline showing steadily improving accuracy, (ii) show through a Dirichlet sweep that increased client overlap consistently improves accuracy and reduces ASR with stable detection, and (iii) demonstrate in a signal-budget study that accuracy remains steady while ASR increases and ROC-AUC declines as observability is reduced, which highlights that sequential belief updates mitigate weaker signals. Finally, a comparison with random, linear-Q, and policy gradient controllers confirms that DQN achieves the best robustness--accuracy trade-off.