FedNIA: Noise-Induced Activation Analysis for Mitigating Data Poisoning in FL

TL;DR

FedNIA introduces a noise-based analysis method that detects and mitigates various data poisoning attacks in federated learning without needing a central test dataset, enhancing security against collaborative malicious clients.

Contribution

The paper presents FedNIA, a novel defense framework that uses noise-induced activation analysis to identify adversarial clients in federated learning, effective against multiple attack types without relying on a central dataset.

Findings

FedNIA effectively detects diverse poisoning attacks.

It maintains robustness in non-iid federated datasets.

It does not require a central test dataset.

Abstract

Federated learning systems are increasingly threatened by data poisoning attacks, where malicious clients compromise global models by contributing tampered updates. Existing defenses often rely on impractical assumptions, such as access to a central test dataset, or fail to generalize across diverse attack types, particularly those involving multiple malicious clients working collaboratively. To address this, we propose Federated Noise-Induced Activation Analysis (FedNIA), a novel defense framework to identify and exclude adversarial clients without relying on any central test dataset. FedNIA injects random noise inputs to analyze the layerwise activation patterns in client models leveraging an autoencoder that detects abnormal behaviors indicative of data poisoning. FedNIA can defend against diverse attack types, including sample poisoning, label flipping, and backdoors, even in scenarios with multiple attacking nodes. Experimental results on non-iid federated datasets demonstrate its effectiveness and robustness, underscoring its potential as a foundational approach for enhancing the security of federated learning systems.