Defense Strategies in Federated Learning Against Adversarial Attacks
摘要
Federated Learning (FL) enables collaborative model training across decentralized devices while preserving data privacy. However, FL is highly vulnerable to adversarial attacks, including data and model poisoning, which compromise model integrity and security. This chapter introduces a New Label Flipping Attack (New-LFA), a novel attack strategy that selectively manipulates high-impact training labels to maximize model degradation while evading detection. To assess its impact, we conduct a comparative analysis of existing attack and defense mechanisms, summarizing their effectiveness through detailed evaluations. Through empirical experiments on benchmark IoT datasets (N-BaIoT and UNSW-NB15), we demonstrate that New-LFA significantly reduces model performance compared to conventional attacks. Furthermore, we evaluate the resilience of robust aggregation techniques, including Krum and Trimmed Mean, in mitigating poisoning attacks. Our findings highlight the effectiveness of Trimmed Mean as the most robust defense mechanism and underscore the necessity of adaptive security strategies to enhance FL resilience against evolving threats.