Fairness-Constrained Optimization Attack in Federated Learning

• URL: http://arxiv.org/abs/2510.12143v1
• Date: Tue, 14 Oct 2025 04:49:53 GMT
• Title: Fairness-Constrained Optimization Attack in Federated Learning
• Authors: Harsh Kasyap, Minghong Fang, Zhuqing Liu, Carsten Maple, Somanath Tripathy,
• Abstract summary: Federated learning (FL) is a privacy-preserving machine learning technique that facilitates collaboration among participants across demographics.<n>This paper proposes an intentional fairness attack, where a client maliciously sends a biased model.<n>We evaluate our attack against the state-of-the-art Byzantine-robust and fairness-aware aggregation schemes over different datasets.
• Score: 26.380464066437668
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Federated learning (FL) is a privacy-preserving machine learning technique that facilitates collaboration among participants across demographics. FL enables model sharing, while restricting the movement of data. Since FL provides participants with independence over their training data, it becomes susceptible to poisoning attacks. Such collaboration also propagates bias among the participants, even unintentionally, due to different data distribution or historical bias present in the data. This paper proposes an intentional fairness attack, where a client maliciously sends a biased model, by increasing the fairness loss while training, even considering homogeneous data distribution. The fairness loss is calculated by solving an optimization problem for fairness metrics such as demographic parity and equalized odds. The attack is insidious and hard to detect, as it maintains global accuracy even after increasing the bias. We evaluate our attack against the state-of-the-art Byzantine-robust and fairness-aware aggregation schemes over different datasets, in various settings. The empirical results demonstrate the attack efficacy by increasing the bias up to 90\%, even in the presence of a single malicious client in the FL system.

Related papers

• Targeted Learning for Data Fairness [52.59573714151884]
  We expand fairness inference by evaluating fairness in the data generating process itself.<n>We derive estimators demographic parity, equal opportunity, and conditional mutual information.<n>To validate our approach, we perform several simulations and apply our estimators to real data.
  arXiv  Detail & Related papers  (2025-02-06T18:51:28Z)
• EAB-FL: Exacerbating Algorithmic Bias through Model Poisoning Attacks in Federated Learning [3.699715556687871]
  Federated Learning (FL) is a technique that allows multiple parties to train a shared model collaboratively without disclosing their private data. FL models can suffer from biases against certain demographic groups due to the heterogeneity of data and party selection. We propose a new type of model poisoning attack, EAB-FL, with a focus on exacerbating group unfairness while maintaining a good level of model utility.
  arXiv  Detail & Related papers  (2024-10-02T21:22:48Z)
• Decaf: Data Distribution Decompose Attack against Federated Learning [4.3667223256713745]
  We devise an innovative privacy threat: the Data Distribution Decompose Attack on FL, termed Decaf. Decaf operates stealthily, rendering it entirely passive and undetectable to victim users regarding the infringement of their data distribution privacy. Results indicate its ability to accurately decompose local user data distribution, regardless of whether it is IID or non-IID distributed.
  arXiv  Detail & Related papers  (2024-05-24T07:56:32Z)
• Fairness-enhancing mixed effects deep learning improves fairness on in- and out-of-distribution clustered (non-iid) data [6.596656267996196]
  We propose the Fair Mixed Effects Deep Learning (Fair MEDL) framework.<n>This framework quantifies cluster-invariant fixed effects (FE) and cluster-specific random effects (RE) through: 1) a cluster adversary for learning invariant FE, 2) a Bayesian neural network for RE, and 3) a mixing function combining FE and RE for final predictions.<n>Fair MEDL framework improves fairness by 86.4% for Age, 64.9% for Race, 57.8% for Sex, and 36.2% for Marital status, while maintaining robust predictive performance.
  arXiv  Detail & Related papers  (2023-10-04T20:18:45Z)
• Learning for Counterfactual Fairness from Observational Data [62.43249746968616]
  Fairness-aware machine learning aims to eliminate biases of learning models against certain subgroups described by certain protected (sensitive) attributes such as race, gender, and age. A prerequisite for existing methods to achieve counterfactual fairness is the prior human knowledge of the causal model for the data. In this work, we address the problem of counterfactually fair prediction from observational data without given causal models by proposing a novel framework CLAIRE.
  arXiv  Detail & Related papers  (2023-07-17T04:08:29Z)
• FedVal: Different good or different bad in federated learning [9.558549875692808]
  Federated learning (FL) systems are susceptible to attacks from malicious actors. FL poses new challenges in addressing group bias, such as ensuring fair performance for different demographic groups. Traditional methods used to address such biases require centralized access to the data, which FL systems do not have. We present a novel approach FedVal for both robustness and fairness that does not require any additional information from clients.
  arXiv  Detail & Related papers  (2023-06-06T22:11:13Z)
• On Comparing Fair Classifiers under Data Bias [42.43344286660331]
  We study the effect of varying data biases on the accuracy and fairness of fair classifiers. Our experiments show how to integrate a measure of data bias risk in the existing fairness dashboards for real-world deployments.
  arXiv  Detail & Related papers  (2023-02-12T13:04:46Z)
• Securing Federated Learning against Overwhelming Collusive Attackers [7.587927338603662]
  We propose two graph theoretic algorithms, based on Minimum Spanning Tree and k-Densest graph, by leveraging correlations between local models. Our FL model can nullify the influence of attackers even when they are up to 70% of all the clients. We establish the superiority of our algorithms over the existing ones using accuracy, attack success rate, and early detection round.
  arXiv  Detail & Related papers  (2022-09-28T13:41:04Z)
• D-BIAS: A Causality-Based Human-in-the-Loop System for Tackling Algorithmic Bias [57.87117733071416]
  We propose D-BIAS, a visual interactive tool that embodies human-in-the-loop AI approach for auditing and mitigating social biases. A user can detect the presence of bias against a group by identifying unfair causal relationships in the causal network. For each interaction, say weakening/deleting a biased causal edge, the system uses a novel method to simulate a new (debiased) dataset.
  arXiv  Detail & Related papers  (2022-08-10T03:41:48Z)
• Acceleration of Federated Learning with Alleviated Forgetting in Local Training [61.231021417674235]
  Federated learning (FL) enables distributed optimization of machine learning models while protecting privacy. We propose FedReg, an algorithm to accelerate FL with alleviated knowledge forgetting in the local training stage. Our experiments demonstrate that FedReg not only significantly improves the convergence rate of FL, especially when the neural network architecture is deep.
  arXiv  Detail & Related papers  (2022-03-05T02:31:32Z)
• Towards Multi-Objective Statistically Fair Federated Learning [1.2687030176231846]
  Federated Learning (FL) has emerged as a result of data ownership and privacy concerns. We propose a new FL framework that is able to satisfy multiple objectives including various statistical fairness metrics.
  arXiv  Detail & Related papers  (2022-01-24T19:22:01Z)
• Towards Fair Federated Learning with Zero-Shot Data Augmentation [123.37082242750866]
  Federated learning has emerged as an important distributed learning paradigm, where a server aggregates a global model from many client-trained models while having no access to the client data. We propose a novel federated learning system that employs zero-shot data augmentation on under-represented data to mitigate statistical heterogeneity and encourage more uniform accuracy performance across clients in federated networks. We study two variants of this scheme, Fed-ZDAC (federated learning with zero-shot data augmentation at the clients) and Fed-ZDAS (federated learning with zero-shot data augmentation at the server).
  arXiv  Detail & Related papers  (2021-04-27T18:23:54Z)
• WAFFLe: Weight Anonymized Factorization for Federated Learning [88.44939168851721]
  In domains where data are sensitive or private, there is great value in methods that can learn in a distributed manner without the data ever leaving the local devices. We propose Weight Anonymized Factorization for Federated Learning (WAFFLe), an approach that combines the Indian Buffet Process with a shared dictionary of weight factors for neural networks.
  arXiv  Detail & Related papers  (2020-08-13T04:26:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.