Mitigating poisoning attacks in federated learning for IoT with non-IID data
摘要
Federated learning (FL) is a promising approach for distributed deep learning in Internet of Things (IoT) environments, where data remains local and only model updates are communicated. However, FL systems are increasingly vulnerable to sophisticated poisoning attacks in which malicious clients submit manipulated model updates to degrade the performance of the global model. In this paper, we propose ActiGuard, a novel defense framework that identifies malicious clients by analyzing neuron activation patterns. Our approach dynamically extracts neural activations from client models using strategically generated inputs, and then isolates adversaries through clustering of these patterns. Additionally, we propose an improved model poisoning attack, called the Inverse Gradient Scaling Attack (IGSA) which manipulates the previous global weights and use it in the next round to degrade the global model’s performance. We evaluate both our defense and attack methods under Non-IID settings across two datasets. The results demonstrate that ActiGuard achieves higher accuracy under various attacks scenarios. Furthermore, ActiGuard effectively defends against our proposed IGSA, while IGSA successfully compromises existing defense mechanisms.