JOURNAL ARTICLE

FedRAB: Robust federated learning against backdoor attacks based on collaborative defense with smoothing.

  • Published In: Journal of Computer Security, 2025, v. 33, n. 5. P. 316 1 of 3

  • Database: Academic Search Ultimate 2 of 3

  • Authored By: Tan, Xue; Chen, Ping 3 of 3

Abstract

This article presents FedRAB, a collaborative defense framework designed to robustly protect federated learning (FL) systems against backdoor attacks while preserving model utility. FedRAB addresses both data poisoning attacks, where adversaries manipulate local training data, and model poisoning attacks, where attackers control local model updates. It categorizes clients into fully trusted, malicious but trusted (data-poisoned), and malicious and untrusted (model-poisoned), employing dynamic smoothing noise addition at the client side to mitigate data poisoning and server-side dimensionality reduction via singular value decomposition (SVD), density-based clustering (OPTICS), adaptive clipping, and perturbation to filter and weaken malicious model updates. Experimental results on datasets including MNIST and EMNIST demonstrate that FedRAB effectively reduces backdoor attack success rates even when over 50% of clients are malicious, outperforming existing defenses by maintaining high accuracy on benign tasks while significantly lowering backdoor accuracy. The framework’s dynamic smoothing strategy adjusts noise levels during training rounds to balance robustness and model performance, and its collaborative client-server approach enables defense against large-scale and sophisticated backdoor threats in FL environments.

Additional Information

  • Source:Journal of Computer Security. 2025/09, Vol. 33, Issue 5, p316
  • Document Type:Article
  • Subject Area:Computer Science
  • Publication Date:2025
  • ISSN:0926-227X
  • DOI:10.1177/0926227X251335198
  • Accession Number:187531852
  • Copyright Statement:Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Looking to go deeper into this topic? Look for more articles on EBSCOhost.