FLAT: Latent-Driven Arbitrary-Target Backdoor Attacks in Federated Learning

• URL: http://arxiv.org/abs/2508.04064v1
• Date: Wed, 06 Aug 2025 03:54:29 GMT
• Title: FLAT: Latent-Driven Arbitrary-Target Backdoor Attacks in Federated Learning
• Authors: Tuan Nguyen, Khoa D Doan, Kok-Seng Wong,
• Abstract summary: Federated learning (FL) is vulnerable to backdoor attacks.<n>Most existing methods are limited by fixed-pattern or single-target triggers.<n>We propose FLAT (FL Arbitrary-Target Attack), a novel backdoor attack that leverages a latent-driven conditional autoencoder.
• Score: 7.655329509535266
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Federated learning (FL) is vulnerable to backdoor attacks, yet most existing methods are limited by fixed-pattern or single-target triggers, making them inflexible and easier to detect. We propose FLAT (FL Arbitrary-Target Attack), a novel backdoor attack that leverages a latent-driven conditional autoencoder to generate diverse, target-specific triggers as needed. By introducing a latent code, FLAT enables the creation of visually adaptive and highly variable triggers, allowing attackers to select arbitrary targets without retraining and to evade conventional detection mechanisms. Our approach unifies attack success, stealth, and diversity within a single framework, introducing a new level of flexibility and sophistication to backdoor attacks in FL. Extensive experiments show that FLAT achieves high attack success and remains robust against advanced FL defenses. These results highlight the urgent need for new defense strategies to address latent-driven, multi-target backdoor threats in federated settings.

Related papers

• SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning [10.924427077035915]
  Federated Learning (FL) has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges.<n>We propose a novel and stealthy backdoor attack framework, named SPA, which departs from traditional approaches by leveraging feature-space alignment.<n>Our results call urgent attention to the evolving sophistication of backdoor threats in FL and emphasize the pressing need for advanced, feature-level defense techniques.
  arXiv  Detail & Related papers  (2025-06-26T01:33:14Z)
• Robust Anti-Backdoor Instruction Tuning in LVLMs [53.766434746801366]
  We introduce a lightweight, certified-agnostic defense framework for large visual language models (LVLMs)<n>Our framework finetunes only adapter modules and text embedding layers under instruction tuning.<n>Experiments against seven attacks on Flickr30k and MSCOCO demonstrate that ours reduces their attack success rate to nearly zero.
  arXiv  Detail & Related papers  (2025-06-04T01:23:35Z)
• ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models [55.93380086403591]
  Generative large language models are vulnerable to backdoor attacks.<n>$textitELBA-Bench$ allows attackers to inject backdoor through parameter efficient fine-tuning.<n>$textitELBA-Bench$ provides over 1300 experiments.
  arXiv  Detail & Related papers  (2025-02-22T12:55:28Z)
• Non-Cooperative Backdoor Attacks in Federated Learning: A New Threat Landscape [7.00762739959285]
  Federated Learning (FL) for privacy-preserving model training remains susceptible to backdoor attacks. This research emphasizes the critical need for robust defenses against diverse backdoor attacks in the evolving FL landscape.
  arXiv  Detail & Related papers  (2024-07-05T22:03:13Z)
• Learning diverse attacks on large language models for robust red-teaming and safety tuning [126.32539952157083]
  Red-teaming, or identifying prompts that elicit harmful responses, is a critical step in ensuring the safe deployment of large language models.<n>We show that even with explicit regularization to favor novelty and diversity, existing approaches suffer from mode collapse or fail to generate effective attacks.<n>We propose to use GFlowNet fine-tuning, followed by a secondary smoothing phase, to train the attacker model to generate diverse and effective attack prompts.
  arXiv  Detail & Related papers  (2024-05-28T19:16:17Z)
• Backdoor Contrastive Learning via Bi-level Trigger Optimization [45.41485634654881]
  Contrastive Learning (CL) has attracted enormous attention due to its remarkable capability in unsupervised representation learning. Recent works have revealed the vulnerability of CL to backdoor attacks. In this paper, we propose a bi-level optimization approach to achieve this goal.
  arXiv  Detail & Related papers  (2024-04-11T15:55:53Z)
• BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning [85.2564206440109]
  This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses. We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
  arXiv  Detail & Related papers  (2023-11-20T02:21:49Z)
• FTA: Stealthy and Adaptive Backdoor Attack with Flexible Triggers on Federated Learning [11.636353298724574]
  We propose a new stealthy and robust backdoor attack against federated learning (FL) defenses. We build a generative trigger function that can learn to manipulate benign samples with an imperceptible flexible trigger pattern. Our trigger generator can keep learning and adapt across different rounds, allowing it to adjust to changes in the global model.
  arXiv  Detail & Related papers  (2023-08-31T20:25:54Z)
• Downlink Power Allocation in Massive MIMO via Deep Learning: Adversarial Attacks and Training [62.77129284830945]
  This paper considers a regression problem in a wireless setting and shows that adversarial attacks can break the DL-based approach. We also analyze the effectiveness of adversarial training as a defensive technique in adversarial settings and show that the robustness of DL-based wireless system against attacks improves significantly.
  arXiv  Detail & Related papers  (2022-06-14T04:55:11Z)
• Meta Federated Learning [57.52103907134841]
  Federated Learning (FL) is vulnerable to training time adversarial attacks. We propose Meta Federated Learning ( Meta-FL) which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks.
  arXiv  Detail & Related papers  (2021-02-10T16:48:32Z)
• Dynamic backdoor attacks against federated learning [0.5482532589225553]
  Federated Learning (FL) is a new machine learning framework, which enables millions of participants to collaboratively train model without compromising data privacy and security. In this paper, we focus on dynamic backdoor attacks under FL setting, where the goal of the adversary is to reduce the performance of the model on targeted tasks. To the best of our knowledge, this is the first paper that focus on dynamic backdoor attacks research under FL setting.
  arXiv  Detail & Related papers  (2020-11-15T01:32:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.