Related papers: FIDELIS: Blockchain-Enabled Protection Against Poisoning Attacks in Federated Learning

FIDELIS: Blockchain-Enabled Protection Against Poisoning Attacks in Federated Learning

URL: http://arxiv.org/abs/2508.10042v1
Date: Mon, 11 Aug 2025 22:12:27 GMT
Title: FIDELIS: Blockchain-Enabled Protection Against Poisoning Attacks in Federated Learning
Authors: Jane Carney, Kushal Upreti, Gaby G. Dagher, Tim Andersen,
Abstract summary: Federated learning enhances traditional deep learning by enabling the joint training of a model with the use of IoT device's private data.<n>It ensures privacy for clients, but is susceptible to data poisoning attacks during training that degrade model performance and integrity.<n>We present Sys, a novel blockchain-enabled poison detection framework in federated learning.
Score: 1.2499537119440243
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Federated learning enhances traditional deep learning by enabling the joint training of a model with the use of IoT device's private data. It ensures privacy for clients, but is susceptible to data poisoning attacks during training that degrade model performance and integrity. Current poisoning detection methods in federated learning lack a standardized detection method or take significant liberties with trust. In this paper, we present \Sys, a novel blockchain-enabled poison detection framework in federated learning. The framework decentralizes the role of the global server across participating clients. We introduce a judge model used to detect data poisoning in model updates. The judge model is produced by each client and verified to reach consensus on a single judge model. We implement our solution to show \Sys is robust against data poisoning attacks and the creation of our judge model is scalable.

Related papers

Poisoning Attacks and Defenses to Federated Unlearning [9.518552973479684]
Federated unlearning is susceptible to poisoning attacks by malicious clients.<n>We propose BadUnlearn, the first poisoning attack targeting federated unlearning.<n>We show that BadUnlearn can effectively corrupt existing federated unlearning methods, while UnlearnGuard remains secure against poisoning attacks.
arXiv Detail & Related papers (2025-01-29T03:23:46Z)
Mitigating Malicious Attacks in Federated Learning via Confidence-aware Defense [3.685395311534351]
Federated Learning (FL) is a distributed machine learning diagram that enables multiple clients to collaboratively train a global model without sharing their private local data. FL systems are vulnerable to attacks that are happening in malicious clients through data poisoning and model poisoning. Existing defense methods typically focus on mitigating specific types of poisoning and are often ineffective against unseen types of attack.
arXiv Detail & Related papers (2024-08-05T20:27:45Z)
Robust Federated Learning Mitigates Client-side Training Data Distribution Inference Attacks [48.70867241987739]
InferGuard is a novel Byzantine-robust aggregation rule aimed at defending against client-side training data distribution inference attacks. The results of our experiments indicate that our defense mechanism is highly effective in protecting against client-side training data distribution inference attacks.
arXiv Detail & Related papers (2024-03-05T17:41:35Z)
FLoW3 -- Web3 Empowered Federated Learning [0.0]
Federated Learning is susceptible to various kinds of attacks like Data Poisoning, Model Poisoning and Man in the Middle attack. validation is done through consensus by employing Novelty Detection and Snowball protocol. System is realized by implementing in python and Foundry for smart contract development.
arXiv Detail & Related papers (2023-12-09T04:05:07Z)
FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning [98.43475653490219]
Federated learning (FL) is susceptible to poisoning attacks. FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain. We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
arXiv Detail & Related papers (2023-12-07T16:56:24Z)
FedBayes: A Zero-Trust Federated Learning Aggregation to Defend Against Adversarial Attacks [1.689369173057502]
Federated learning has created a decentralized method to train a machine learning model without needing direct access to client data. malicious clients are able to corrupt the global model and degrade performance across all clients within a federation. Our novel aggregation method, FedBayes, mitigates the effect of a malicious client by calculating the probabilities of a client's model weights.
arXiv Detail & Related papers (2023-12-04T21:37:50Z)
Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
arXiv Detail & Related papers (2023-09-14T03:48:27Z)
Towards Attack-tolerant Federated Learning via Critical Parameter Analysis [85.41873993551332]
Federated learning systems are susceptible to poisoning attacks when malicious clients send false updates to the central server. This paper proposes a new defense strategy, FedCPA (Federated learning with Critical Analysis) Our attack-tolerant aggregation method is based on the observation that benign local models have similar sets of top-k and bottom-k critical parameters, whereas poisoned local models do not.
arXiv Detail & Related papers (2023-08-18T05:37:55Z)
FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
arXiv Detail & Related papers (2023-07-18T08:00:41Z)
Defending Against Poisoning Attacks in Federated Learning with Blockchain [12.840821573271999]
We propose a secure and reliable federated learning system based on blockchain and distributed ledger technology. Our system incorporates a peer-to-peer voting mechanism and a reward-and-slash mechanism, which are powered by on-chain smart contracts, to detect and deter malicious behaviors.
arXiv Detail & Related papers (2023-07-02T11:23:33Z)
MPAF: Model Poisoning Attacks to Federated Learning based on Fake Clients [51.973224448076614]
We propose the first Model Poisoning Attack based on Fake clients called MPAF. MPAF can significantly decrease the test accuracy of the global model, even if classical defenses and norm clipping are adopted.
arXiv Detail & Related papers (2022-03-16T14:59:40Z)
TESSERACT: Gradient Flip Score to Secure Federated Learning Against Model Poisoning Attacks [25.549815759093068]
Federated learning is vulnerable to model poisoning attacks. This is because malicious clients can collude to make the global model inaccurate. We develop TESSERACT, a defense against this directed deviation attack.
arXiv Detail & Related papers (2021-10-19T17:03:29Z)
RoFL: Attestable Robustness for Secure Federated Learning [59.63865074749391]
Federated Learning allows a large number of clients to train a joint model without the need to share their private data. To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation. We present RoFL, a secure Federated Learning system that improves robustness against malicious clients.
arXiv Detail & Related papers (2021-07-07T15:42:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.