FedThief: Harming Others to Benefit Oneself in Self-Centered Federated Learning

• URL: http://arxiv.org/abs/2509.00540v1
• Date: Sat, 30 Aug 2025 15:42:39 GMT
• Title: FedThief: Harming Others to Benefit Oneself in Self-Centered Federated Learning
• Authors: Xiangyu Zhang, Mang Ye,
• Abstract summary: Existing attack strategies have adversaries upload tampered model updates to degrade the global model's performance.<n>We propose a framework named FedThief, which degrades the performance of the global model by uploading modified content.<n>At the same time, it enhances the private model's performance through divergence-aware ensemble techniques.
• Score: 61.680244936069926
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: In federated learning, participants' uploaded model updates cannot be directly verified, leaving the system vulnerable to malicious attacks. Existing attack strategies have adversaries upload tampered model updates to degrade the global model's performance. However, attackers also degrade their own private models, gaining no advantage. In real-world scenarios, attackers are driven by self-centered motives: their goal is to gain a competitive advantage by developing a model that outperforms those of other participants, not merely to cause disruption. In this paper, we study a novel Self-Centered Federated Learning (SCFL) attack paradigm, in which attackers not only degrade the performance of the global model through attacks but also enhance their own models within the federated learning process. We propose a framework named FedThief, which degrades the performance of the global model by uploading modified content during the upload stage. At the same time, it enhances the private model's performance through divergence-aware ensemble techniques, where "divergence" quantifies the deviation between private and global models, that integrate global updates and local knowledge. Extensive experiments show that our method effectively degrades the global model performance while allowing the attacker to obtain an ensemble model that significantly outperforms the global model.

Related papers

• BadFU: Backdoor Federated Learning through Adversarial Machine Unlearning [7.329446721934861]
  Federated learning (FL) has been widely adopted as a decentralized training paradigm.<n>In this paper, we present the first backdoor attack in the context of federated unlearning.
  arXiv  Detail & Related papers  (2025-08-21T13:17:01Z)
• Model Hijacking Attack in Federated Learning [19.304332176437363]
  HijackFL is the first-of-its-kind hijacking attack against the global model in federated learning. It aims to force the global model to perform a different task from its original task without the server or benign client noticing. We conduct extensive experiments on four benchmark datasets and three popular models.
  arXiv  Detail & Related papers  (2024-08-04T20:02:07Z)
• Learn from the Past: A Proxy Guided Adversarial Defense Framework with Self Distillation Regularization [53.04697800214848]
  Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models. AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting. We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
  arXiv  Detail & Related papers  (2023-10-19T13:13:41Z)
• Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
  Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
  arXiv  Detail & Related papers  (2023-09-14T03:48:27Z)
• FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
  Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
  arXiv  Detail & Related papers  (2023-07-18T08:00:41Z)
• MPAF: Model Poisoning Attacks to Federated Learning based on Fake Clients [51.973224448076614]
  We propose the first Model Poisoning Attack based on Fake clients called MPAF. MPAF can significantly decrease the test accuracy of the global model, even if classical defenses and norm clipping are adopted.
  arXiv  Detail & Related papers  (2022-03-16T14:59:40Z)
• ARFED: Attack-Resistant Federated averaging based on outlier elimination [0.0]
  In federated learning, each participant trains its local model with its own data and a global model is formed at a trusted server. Since the server has no effect and visibility on the training procedure of the participants to ensure privacy, the global model becomes vulnerable to attacks such as data poisoning and model poisoning. We propose a defense algorithm called ARFED that does not make any assumptions about data distribution, update similarity of participants, or the ratio of the malicious participants.
  arXiv  Detail & Related papers  (2021-11-08T15:00:44Z)
• Turning Federated Learning Systems Into Covert Channels [3.7168491743915646]
  Federated learning (FL) goes beyond traditional, centralized machine learning by distributing model training among edge clients. In this paper, we put forward a novel attacker model aiming at turning FL systems into covert channels to implement a stealth communication infrastructure.
  arXiv  Detail & Related papers  (2021-04-21T14:32:03Z)
• Learning to Attack: Towards Textual Adversarial Attacking in Real-world Situations [81.82518920087175]
  Adversarial attacking aims to fool deep neural networks with adversarial examples. We propose a reinforcement learning based attack model, which can learn from attack history and launch attacks more efficiently.
  arXiv  Detail & Related papers  (2020-09-19T09:12:24Z)
• Dynamic Defense Against Byzantine Poisoning Attacks in Federated Learning [11.117880929232575]
  Federated learning is vulnerable to Byzatine poisoning adversarial attacks. We propose a dynamic aggregation operator that dynamically discards those adversarial clients. The results show that the dynamic selection of the clients to aggregate enhances the performance of the global learning model.
  arXiv  Detail & Related papers  (2020-07-29T18:02:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.