# FedThief: Harming Others to Benefit Oneself in Self-Centered Federated Learning

**Authors:** Xiangyu Zhang, Mang Ye

arXiv: 2509.00540 · 2025-09-03

## TL;DR

FedThief introduces a novel attack in federated learning where malicious participants degrade the global model while simultaneously improving their own models using divergence-aware ensemble techniques, highlighting new security challenges.

## Contribution

This paper presents FedThief, a new attack framework that enables attackers to harm the global model and enhance their private models simultaneously in federated learning.

## Key findings

- FedThief effectively degrades global model performance.
- Attacker's private models outperform the global model.
- Divergence-aware ensemble techniques improve attacker gains.

## Abstract

In federated learning, participants' uploaded model updates cannot be directly verified, leaving the system vulnerable to malicious attacks. Existing attack strategies have adversaries upload tampered model updates to degrade the global model's performance. However, attackers also degrade their own private models, gaining no advantage. In real-world scenarios, attackers are driven by self-centered motives: their goal is to gain a competitive advantage by developing a model that outperforms those of other participants, not merely to cause disruption. In this paper, we study a novel Self-Centered Federated Learning (SCFL) attack paradigm, in which attackers not only degrade the performance of the global model through attacks but also enhance their own models within the federated learning process. We propose a framework named FedThief, which degrades the performance of the global model by uploading modified content during the upload stage. At the same time, it enhances the private model's performance through divergence-aware ensemble techniques, where "divergence" quantifies the deviation between private and global models, that integrate global updates and local knowledge. Extensive experiments show that our method effectively degrades the global model performance while allowing the attacker to obtain an ensemble model that significantly outperforms the global model.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2509.00540/full.md

## Figures

5 figures with captions in the complete paper: https://tomesphere.com/paper/2509.00540/full.md

## References

59 references — full list in the complete paper: https://tomesphere.com/paper/2509.00540/full.md

---
Source: https://tomesphere.com/paper/2509.00540