Abstract
Clustered Federated Learning (CFL), as a type of Federated Learning (FL) paradigm, divides the clients into multiple clusters through the clustering process and trains them within the clusters, thus improving the overall model training accuracy. But the clustering process is also the weak link, which can lead to the failure of the whole model training if it is interfered or destroyed by the attacker. In this paper, we study the attack methods and defense strategies for attackers to implement data poisoning by tampering with client data, resulting in overall clustering failure. Our defense approach is designed to identify anomalous clients and recover their poisoned data. In order to resist the malicious behavior of attackers, we propose a dual-threshold pixel difference and watermark authentication defense method for detecting the presence of anomalous clients. The method can accurately identify the abnormal fluctuations in the data and effectively screen out the abnormal clients. Meanwhile, we propose a self-embedding watermarking defense algorithm based on shuffling idea for recovering poisoned data. Among them, our self-embedding watermarking algorithm not only accurately locates and recovers the tampered region of the image, but also improves the watermark security to prevent attackers from cracking it easily. Simulation results show that our proposed algorithm can accurately identify the abnormal client and recover the data. Even if the client’s data is massively tampered with, we can recover the tampered data images with high quality and ensure that the CFL clustering is not corrupted.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Sattler, F., Müller, K.R., Samek, W.: Clustered federated learning: model-agnostic distributed multitask optimization under privacy constraints. IEEE Trans. Neural Netw. Learn. Syst. 32(8), 3710–3722 (2020)
He, Z., Wang, L., Cai, Z.: Clustered federated learning with adaptive local differential privacy on heterogeneous iot data. IEEE Internet Things J. (IoTJ). 11(1), 137–146 (2024)
Chen, S., Yu, D., Zou, Y., Yu, J., Cheng, X.: Decentralized wireless federated learning with differential privacy. IEEE Trans. Industr. Inf. 18(9), 6273–6282 (2022)
Yu, D., et al.: Decentralized parallel SGD with privacy preservation in vehicular networks. IEEE Trans. Veh. Technol. 70(6), 5211–5220 (2021)
Yuan, Y., et al.: Distributed learning for large-scale models at edge with privacy protection. IEEE Trans. Comput. 73(4), 1060–1070 (2024)
Xiong, Z., Li, W., Cai, Z.: Federated generative model on multi-source heterogeneous data in IoT. Thirty-Seventh AAAI Conference on Artificial Intelligence (AAAI 2023), vol. 37, no. 9, pp. 10537–10545 (2023)
Sattler, F., Müller, K.R., Wiegand, T.: On the byzantine robustness of clustered federated learning. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 8861–8865 (2020)
Sun, G., Cong, Y., Dong, J.: Data poisoning attacks on federated machine learning. IEEE Internet Things J. 9(13), 11365–11375 (2021)
Guo, H., Mao, Y., He, X.: Improving federated learning through abnormal client detection and incentive. CMES-Compu. Model. Eng. Sci. 139(1) (2024)
Linghu, Y., Xu, M., Li, X.: Weighted local outlier factor for detecting anomaly on in-vehicle network. In: 2020 16th International Conference on Mobility, Sensing and Networking, pp. 479–487. IEEE (2020)
Cai, Z., Xiong, Z., Xu, H., Wang, P., Li, W., Pan, Y.: Generative adversarial networks: a survey toward private and secure applications. ACM Comput. Surv. (CSUR). 54(6), 1–38 (2021)
Cao, D., Chang, S., Lin, Z.: Understanding distributed poisoning attack in federated learning. In: 2019 IEEE 25th International Conference on Parallel and Distributed Systems, pp. 233–239 (2019)
Li, S., Chen, Y., Liu, Y.: Abnormal client behavior detection in federated learning. arxiv preprint arxiv:1910.09933 (2019)
Wang, Y., Zhu, T., Chang, W.: Model poisoning defense on federated learning: a validation based approach. In: International Conference on Network and System Security, pp. 207–223 (2020)
Shen, J., Lee, C., Hsu, F., Agrawal, S.: A self-embedding fragile image authentication based on singular value decomposition. Multimedia Tools Appl. 79(35), 25969–25988 (2020)
Huang, L., Kuang, D., Li, C. L., Zhuang, Y. J., Duan, S. H., Zhou, X.: A self-embedding secure fragile watermarking scheme with high quality recovery. J. Vis. Commun. Image Represent. 83, 103437 (2022)
Rakhmawati, L., Wirawan, W., Suwadi, S.: A recent survey of self-embedding fragile watermarking scheme for image authentication with recovery capability. EURASIP J. Image Video Process. 1–22 (2019)
Acknowledgement.
This article was supported by the Anhui Provincial Natural Science Foundation (Grant NO. 2308085MF212) and the Fundamental Research Funds for the Central Universities of China (Grant No. PA2023GDSK0055).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, Y., Shi, L., Xu, H., Ye, J., Xu, J. (2025). A Method for Abnormal Detection and Poisoned Data Recovery in Clustered Federated Learning. In: Cai, Z., Takabi, D., Guo, S., Zou, Y. (eds) Wireless Artificial Intelligent Computing Systems and Applications. WASA 2024. Lecture Notes in Computer Science, vol 14998. Springer, Cham. https://doi.org/10.1007/978-3-031-71467-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-71467-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-71466-5
Online ISBN: 978-3-031-71467-2
eBook Packages: Computer ScienceComputer Science (R0)