BDPFL: Backdoor Defense for Personalized Federated Learning via Explainable Distillation

• URL: http://arxiv.org/abs/2503.06554v1
• Date: Sun, 09 Mar 2025 10:59:18 GMT
• Title: BDPFL: Backdoor Defense for Personalized Federated Learning via Explainable Distillation
• Authors: Chengcheng Zhu, Jiale Zhang, Di Wu, Guodong Long,
• Abstract summary: Federated learning is a distributed learning paradigm that facilitates the collaborative training of a global model across multiple clients.<n>We propose a novel, backdoor-robust pFL framework named BDPFL to address these challenges.<n>First, BDPFL introduces layer-wise mutual distillation that enables clients to learn their personalized local models while mitigating potential backdoors.
• Score: 30.400746330423605
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated learning is a distributed learning paradigm that facilitates the collaborative training of a global model across multiple clients while preserving the privacy of local datasets. To address inherent challenges related to data heterogeneity and satisfy personalized needs, a new direction within FL, known as personalized Federated Learning (pFL), has gradually evolved. Extensive attention has been directed toward developing novel frameworks and methods to enhance the performance of pFL. Regrettably, the aspect of security in pFL has been largely overlooked. Our objective is to fill this gap. Similar to FL, pFL is susceptible to backdoor attacks. However, existing backdoor defense strategies are primarily tailored to general FL frameworks, and pFL lacks robustness against backdoor attacks. We propose a novel, backdoor-robust pFL framework named BDPFL to address these challenges. First, BDPFL introduces layer-wise mutual distillation that enables clients to learn their personalized local models while mitigating potential backdoors. Then, BDPFL employs explanation heatmap to learn high-quality intermediate representations and enhance the effect of eliminating deeper and more entrenched backdoors. Moreover, we perform empirical evaluations of BDPFL's performance on three datasets and compare BDPFL with four backdoor defense methods. The experiments demonstrate that BDPFL outperforms baseline methods and is effective under various settings.

Related papers

• Bad-PFL: Exploring Backdoor Attacks against Personalized Federated Learning [22.074601909696298]
  federated learning (PFL) enables each client to maintain a private personalized model to cater to client-specific knowledge.<n>Bad-PFL employs features from natural data as our trigger, ensuring its longevity in personalized models.<n>The large-scale experiments across three benchmark datasets demonstrate the superior performance of our attack against various PFL methods.
  arXiv  Detail & Related papers  (2025-01-22T09:12:16Z)
• Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning [83.90283731845867]
  We consider feature reconstruction attacks, a common risk targeting input data compromise. We show that Federated-based models are resistant to state-of-the-art feature reconstruction attacks.
  arXiv  Detail & Related papers  (2024-12-16T12:02:12Z)
• FuseFL: One-Shot Federated Learning through the Lens of Causality with Progressive Model Fusion [48.90879664138855]
  One-shot Federated Learning (OFL) significantly reduces communication costs in FL by aggregating trained models only once. However, the performance of advanced OFL methods is far behind the normal FL. We propose a novel learning approach to endow OFL with superb performance and low communication and storage costs, termed as FuseFL.
  arXiv  Detail & Related papers  (2024-10-27T09:07:10Z)
• Lurking in the shadows: Unveiling Stealthy Backdoor Attacks against Personalized Federated Learning [31.386836775526685]
  We propose textitPFedBA, a stealthy and effective backdoor attack strategy applicable to PFL systems. Our study sheds light on the subtle yet potent backdoor threats to PFL systems, urging the community to bolster defenses against emerging backdoor challenges.
  arXiv  Detail & Related papers  (2024-06-10T12:14:05Z)
• You Can Backdoor Personalized Federated Learning [18.91908598410108]
  Existing research primarily focuses on backdoor attacks and defenses within the generic federated learning scenario. We propose a two-pronged attack method, BapFL, which comprises two simple yet effective strategies.
  arXiv  Detail & Related papers  (2023-07-29T12:25:04Z)
• Decentralized Federated Learning: A Survey and Perspective [45.81975053649379]
  Decentralized FL (DFL) is a decentralized network architecture that eliminates the need for a central server. DFL enables direct communication between clients, resulting in significant savings in communication resources.
  arXiv  Detail & Related papers  (2023-06-02T15:12:58Z)
• Bayesian Federated Learning: A Survey [54.40136267717288]
  Federated learning (FL) demonstrates its advantages in integrating distributed infrastructure, communication, computing and learning in a privacy-preserving manner. The robustness and capabilities of existing FL methods are challenged by limited and dynamic data and conditions. BFL has emerged as a promising approach to address these issues.
  arXiv  Detail & Related papers  (2023-04-26T03:41:17Z)
• BadVFL: Backdoor Attacks in Vertical Federated Learning [22.71527711053385]
  Federated learning (FL) enables multiple parties to collaboratively train a machine learning model without sharing their data. In this paper, we focus on robustness in VFL, in particular, on backdoor attacks. We present a first-of-its-kind clean-label backdoor attack in VFL, which consists of two phases: a label inference and a backdoor phase.
  arXiv  Detail & Related papers  (2023-04-18T09:22:32Z)
• Revisiting Personalized Federated Learning: Robustness Against Backdoor Attacks [53.81129518924231]
  We conduct the first study of backdoor attacks in the pFL framework. We show that pFL methods with partial model-sharing can significantly boost robustness against backdoor attacks. We propose a lightweight defense method, Simple-Tuning, which empirically improves defense performance against backdoor attacks.
  arXiv  Detail & Related papers  (2023-02-03T11:58:14Z)
• Achieving Personalized Federated Learning with Sparse Local Models [75.76854544460981]
  Federated learning (FL) is vulnerable to heterogeneously distributed data. To counter this issue, personalized FL (PFL) was proposed to produce dedicated local models for each individual user. Existing PFL solutions either demonstrate unsatisfactory generalization towards different model architectures or cost enormous extra computation and memory. We proposeFedSpa, a novel PFL scheme that employs personalized sparse masks to customize sparse local models on the edge.
  arXiv  Detail & Related papers  (2022-01-27T08:43:11Z)
• Towards Personalized Federated Learning [20.586573091790665]
  We present a unique taxonomy dividing PFL techniques into data-based and model-based approaches. We highlight their key ideas, and envision promising future trajectories of research towards new PFL architectural design.
  arXiv  Detail & Related papers  (2021-03-01T02:45:19Z)
• Meta Federated Learning [57.52103907134841]
  Federated Learning (FL) is vulnerable to training time adversarial attacks. We propose Meta Federated Learning ( Meta-FL) which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks.
  arXiv  Detail & Related papers  (2021-02-10T16:48:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.