Act in Collusion: Distributed Multi-Target Backdoor Attacks in Federated Learning

TL;DR

This paper introduces DMBA, a novel distributed multi-target backdoor attack method for federated learning, effectively maintaining high attack success rates across multiple backdoors in IoT scenarios.

Contribution

It proposes the DMBA framework with BR and CFCT strategies to enhance multi-target backdoor effectiveness in distributed federated learning environments.

Findings

DMBA achieves over 80% success rate for all backdoors.

Baseline methods often fall below 50%, some near 0%.

Experiments validate DMBA's robustness across datasets.

Abstract

Federated learning (FL) is widely used in Internet-of-Things (IoT) systems, but its distributed training process also exposes it to backdoor attacks. Existing studies mainly consider single-target or centralized multi-target settings, while coordinated distributed multi-target attacks remain underexplored. In practical IoT scenarios, one adversarial entity may control multiple distributed malicious clients and assign each client distinct triggers and target labels. Under this setting, existing distributed backdoor methods often fail to preserve the effectiveness of all backdoors because malicious updates conflict during aggregation. To address this issue, we propose a Distributed Multi-Target Backdoor Attack (DMBA) for FL. DMBA introduces a Backdoor Replay (BR) mechanism to reduce discrepancies among malicious gradients and a Channel-Frequency Composite Trigger (CFCT) strategy to improve trigger distinguishability and alleviate local interference. Experiments on multiple datasets show that DMBA ensures attack success rates above 80% for all implanted backdoors, whereas some baseline backdoors fall below 50% and may even approach 0.