SecureFed: A Two-Phase Framework for Detecting Malicious Clients in Federated Learning

TL;DR

SecureFed is a two-phase federated learning framework that detects and mitigates malicious clients by identifying outliers and dynamically weighting model updates, significantly enhancing model robustness against adversarial attacks.

Contribution

It introduces a novel two-phase approach combining outlier detection and dynamic weighting to improve security in federated learning environments.

Findings

Significantly improves model resilience against poisoning attacks

Maintains high model performance despite adversarial threats

Effective outlier detection reduces malicious influence

Abstract

Federated Learning (FL) protects data privacy while providing a decentralized method for training models. However, because of the distributed schema, it is susceptible to adversarial clients that could alter results or sabotage model performance. This study presents SecureFed, a two-phase FL framework for identifying and reducing the impact of such attackers. Phase 1 involves collecting model updates from participating clients and applying a dimensionality reduction approach to identify outlier patterns frequently associated with malicious behavior. Temporary models constructed from the client updates are evaluated on synthetic datasets to compute validation losses and support anomaly scoring. The idea of learning zones is presented in Phase 2, where weights are dynamically routed according to their contribution scores and gradient magnitudes. High-value gradient zones are given greater weight in aggregation and contribute more significantly to the global model, while lower-value gradient zones, which may indicate possible adversarial activity, are gradually removed from training. Until the model converges and a strong defense against poisoning attacks is possible, this training cycle continues Based on the experimental findings, SecureFed considerably improves model resilience without compromising model performance.