Exploiting Layer-Specific Vulnerabilities to Backdoor Attack in Federated Learning

TL;DR

This paper introduces the Layer Smoothing Attack (LSA), a novel backdoor attack in federated learning that exploits layer-specific vulnerabilities to achieve high success rates while evading defenses.

Contribution

The paper presents a systematic methodology to identify critical layers and a new attack that effectively injects backdoors in federated learning models.

Findings

LSA achieves up to 97% backdoor success rate

LSA bypasses current state-of-the-art defenses

Identifies layer-specific vulnerabilities in neural networks

Abstract

Federated learning (FL) enables distributed model training across edge devices while preserving data locality. This decentralized approach has emerged as a promising solution for collaborative learning on sensitive user data, effectively addressing the longstanding privacy concerns inherent in centralized systems. However, the decentralized nature of FL exposes new security vulnerabilities, especially backdoor attacks that threaten model integrity. To investigate this critical concern, this paper presents the Layer Smoothing Attack (LSA), a novel backdoor attack that exploits layer-specific vulnerabilities in neural networks. First, a Layer Substitution Analysis methodology systematically identifies backdoor-critical (BC) layers that contribute most significantly to backdoor success. Subsequently, LSA strategically manipulates these BC layers to inject persistent backdoors while remaining undetected by state-of-the-art defense mechanisms. Extensive experiments across diverse model architectures and datasets demonstrate that LSA achieves a remarkably backdoor success rate of up to 97% while maintaining high model accuracy on the primary task, consistently bypassing modern FL defenses. These findings uncover fundamental vulnerabilities in current FL security frameworks, demonstrating that future defenses must incorporate layer-aware detection and mitigation strategies.