HPE: Hallucinated Positive Entanglement for Backdoor Attacks in Federated Self-Supervised Learning

• URL: http://arxiv.org/abs/2602.02147v1
• Date: Mon, 02 Feb 2026 14:24:06 GMT
• Title: HPE: Hallucinated Positive Entanglement for Backdoor Attacks in Federated Self-Supervised Learning
• Authors: Jiayao Wang, Yang Song, Zhendong Zhao, Jiale Zhang, Qilin Wu, Wenliang Yuan, Junwu Zhu, Dongfang Zhao,
• Abstract summary: Federated self-supervised learning (FSSL) enables collaborative training of self-supervised representation models without sharing raw unlabeled data.<n>While it serves as a crucial paradigm for privacy-preserving learning, its security remains vulnerable to backdoor attacks.<n>We propose a new backdoor attack method for FSSL, namely Hallucinated Positive Entanglement (HPE)
• Score: 11.615563669883072
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated self-supervised learning (FSSL) enables collaborative training of self-supervised representation models without sharing raw unlabeled data. While it serves as a crucial paradigm for privacy-preserving learning, its security remains vulnerable to backdoor attacks, where malicious clients manipulate local training to inject targeted backdoors. Existing FSSL attack methods, however, often suffer from low utilization of poisoned samples, limited transferability, and weak persistence. To address these limitations, we propose a new backdoor attack method for FSSL, namely Hallucinated Positive Entanglement (HPE). HPE first employs hallucination-based augmentation using synthetic positive samples to enhance the encoder's embedding of backdoor features. It then introduces feature entanglement to enforce tight binding between triggers and backdoor samples in the representation space. Finally, selective parameter poisoning and proximity-aware updates constrain the poisoned model within the vicinity of the global model, enhancing its stability and persistence. Experimental results on several FSSL scenarios and datasets show that HPE significantly outperforms existing backdoor attack methods in performance and exhibits strong robustness under various defense mechanisms.

Related papers

• DSBA: Dynamic Stealthy Backdoor Attack with Collaborative Optimization in Self-Supervised Learning [10.286339414754496]
  Self-Supervised Learning (SSL) has emerged as a significant paradigm in representation learning thanks to its ability to learn without extensive labeled data.<n>Recent research reveals that SSL models are also vulnerable to backdoor attacks.<n>We propose a Dynamic Stealthy Backdoor Attack (DSBA) backed by a new technique we term Collaborative Optimization.
  arXiv  Detail & Related papers  (2026-03-03T10:49:46Z)
• ADCA: Attention-Driven Multi-Party Collusion Attack in Federated Self-Supervised Learning [9.410118086518992]
  Federated Self-Supervised Learning (FSSL) integrates privacy advantages of distributed training with the capability of self-supervised learning.<n>Recent studies have shown that FSSL is also vulnerable to backdoor attacks.<n>We propose the Attention-Driven multi-party Collusion Attack (ADCA)
  arXiv  Detail & Related papers  (2026-02-05T12:49:36Z)
• MARS: A Malignity-Aware Backdoor Defense in Federated Learning [51.77354308287098]
  Recently proposed state-of-the-art (SOTA) attack, 3DFed, uses an indicator mechanism to determine whether backdoor models have been accepted by the defender.<n>We propose a Malignity-Aware backdooR defenSe (MARS) that leverages backdoor energy to indicate the malicious extent of each neuron.<n>Experiments demonstrate that MARS can defend against SOTA backdoor attacks and significantly outperforms existing defenses.
  arXiv  Detail & Related papers  (2025-09-21T14:50:02Z)
• Lethe: Purifying Backdoored Large Language Models with Knowledge Dilution [49.78359632298156]
  Large language models (LLMs) have seen significant advancements, achieving superior performance in various Natural Language Processing (NLP) tasks.<n> backdoor attacks, where models behave normally for standard queries but generate harmful responses or unintended output when specific triggers are activated.<n>We present LETHE, a novel method to eliminate backdoor behaviors from LLMs through knowledge dilution.
  arXiv  Detail & Related papers  (2025-08-28T17:05:18Z)
• IPBA: Imperceptible Perturbation Backdoor Attack in Federated Self-Supervised Learning [13.337697403537488]
  Federated self-supervised learning (FSSL) combines the advantages of decentralized modeling and unlabeled representation learning.<n>Research indicates that FSSL remains vulnerable to backdoor attacks.<n>We propose an imperceptible and effective backdoor attack method against FSSL, called IPBA.
  arXiv  Detail & Related papers  (2025-08-11T14:36:11Z)
• SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning [10.924427077035915]
  Federated Learning (FL) has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges.<n>We propose a novel and stealthy backdoor attack framework, named SPA, which departs from traditional approaches by leveraging feature-space alignment.<n>Our results call urgent attention to the evolving sophistication of backdoor threats in FL and emphasize the pressing need for advanced, feature-level defense techniques.
  arXiv  Detail & Related papers  (2025-06-26T01:33:14Z)
• ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models [55.93380086403591]
  Generative large language models are vulnerable to backdoor attacks.<n>$textitELBA-Bench$ allows attackers to inject backdoor through parameter efficient fine-tuning.<n>$textitELBA-Bench$ provides over 1300 experiments.
  arXiv  Detail & Related papers  (2025-02-22T12:55:28Z)
• Mind the Cost of Scaffold! Benign Clients May Even Become Accomplices of Backdoor Attack [16.104941796138128]
  BadSFL is the first backdoor attack targeting Scaffold.<n>It steers benign clients' local gradient updates towards the attacker's poisoned direction, effectively turning them into unwitting accomplices.<n>BadSFL achieves superior attack durability, maintaining effectiveness for over 60 global rounds, lasting up to three times longer than existing baselines.
  arXiv  Detail & Related papers  (2024-11-25T07:46:57Z)
• Securing Federated Learning against Backdoor Threats with Foundation Model Integration [8.191214701984162]
  Federated Learning (FL) enables decentralized model training while preserving privacy.<n>Recently, the integration of Foundation Models (FMs) into FL has enhanced performance but introduced a novel backdoor attack mechanism.<n>We propose a novel data-free defense strategy that addresses both classic and novel backdoor attacks in FL.
  arXiv  Detail & Related papers  (2024-10-23T05:54:41Z)
• BEEAR: Embedding-based Adversarial Removal of Safety Backdoors in Instruction-tuned Language Models [57.5404308854535]
  Safety backdoor attacks in large language models (LLMs) enable the stealthy triggering of unsafe behaviors while evading detection during normal interactions. We present BEEAR, a mitigation approach leveraging the insight that backdoor triggers induce relatively uniform drifts in the model's embedding space. Our bi-level optimization method identifies universal embedding perturbations that elicit unwanted behaviors and adjusts the model parameters to reinforce safe behaviors against these perturbations.
  arXiv  Detail & Related papers  (2024-06-24T19:29:47Z)
• EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
  Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
  arXiv  Detail & Related papers  (2024-05-21T06:14:49Z)
• Concealing Backdoor Model Updates in Federated Learning by Trigger-Optimized Data Poisoning [20.69655306650485]
  Federated Learning (FL) is a decentralized machine learning method that enables participants to collaboratively train a model without sharing their private data. Despite its privacy and scalability benefits, FL is susceptible to backdoor attacks. We propose DPOT, a backdoor attack strategy in FL that dynamically constructs backdoor objectives by optimizing a backdoor trigger.
  arXiv  Detail & Related papers  (2024-05-10T02:44:25Z)
• G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks through Attributed Client Graph Clustering [116.4277292854053]
  Federated Learning (FL) offers collaborative model training without data sharing. FL is vulnerable to backdoor attacks, where poisoned model weights lead to compromised system integrity. We present G$2$uardFL, a protective framework that reinterprets the identification of malicious clients as an attributed graph clustering problem.
  arXiv  Detail & Related papers  (2023-06-08T07:15:04Z)
• FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning [66.56240101249803]
  We study how hardening benign clients can affect the global model (and the malicious clients) We propose a trigger reverse engineering based defense and show that our method can achieve improvement with guarantee robustness. Our results on eight competing SOTA defense methods show the empirical superiority of our method on both single-shot and continuous FL backdoor attacks.
  arXiv  Detail & Related papers  (2022-10-23T22:24:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.