Skip to main content
Springer Nature Link
Log in

Defending Against Poisoning Attacks in Federated Prototype Learning on Non-IID Data

  • Conference paper
  • First Online:
Wireless Artificial Intelligent Computing Systems and Applications (WASA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14998))

  • 256 Accesses

Abstract

Federated learning (FL) is an emerging distributed machine learning paradigm that enables participants to cooperatively train learning tasks without revealing the raw data. However, the distributed nature of FL makes it susceptible to poisoning attacks, especially when the local data of participants are non-independent and identically diatributed (non-IID). Although several defense methods have been proposed to mitigate poisoning attacks, their effectiveness is limited by the specific assumptions about the data distribution. In this work, we propose a new defense strategy, FedAPA (Federated Prototype Learning Against Poisoning Attacks). Specifically, we use abstract class prototypes to communicate between the clients and server, thus effectively alleviating the impact of non-IID data. Moreover, we propose a new abnormal client detection method that aims to mitigate the impact of malicious clients while distinguishing between malicious and benign clients, thereby effectively defending against poisoning attacks. Extensive experiments on different datasets show that FedAPA can effectively resist the poisoning attacks under various data distributions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273ā€“1282. PMLR (2017)

    Google Scholar 

  2. Tao, Y., et al.: Byzantine-resilient federated learning at edge. IEEE Trans. Comput. (2023)

    Google Scholar 

  3. Zou, Y., Yu, D., Yu, J., Zhang, Y., Dressler, F., Cheng, X.: Distributed byzantine-resilient multiple-message dissemination in wireless networks. IEEE/ACM Trans. Netw. 29(4), 1662ā€“1675 (2021)

    Article  Google Scholar 

  4. Jing, G., Zou, Y., Yu, D., Luo, C., Cheng, X.: Efficient fault-tolerant consensus for collaborative services in edge computing. IEEE Trans. Comput. (2023)

    Google Scholar 

  5. Yin, C., Zeng, Q.: Defending against data poisoning attack in federated learning with non-iid data. IEEE Trans. Comput. Soc. Syst. (2023)

    Google Scholar 

  6. Xiao, X., Tang, Z., Li, C., Xiao, B., Li, K.: Sca: sybil-based collusion attacks of iiot data poisoning in federated learning. IEEE Trans. Industr. Inf. 19(3), 2608ā€“2618 (2022)

    Article  Google Scholar 

  7. Ma, Z., Ma, J., Miao, Y., Li, Y., Deng, R.H.: Shieldfl: Mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Trans. Inf. Forensics Secur. 17, 1639ā€“1654 (2022)

    Article  Google Scholar 

  8. Chen, X., Yu, H., Jia, X., Yu, X.: Apfed: Anti-poisoning attacks in privacy-preserving heterogeneous federated learning. IEEE Trans. Inf. Forensics Secur. (2023)

    Google Scholar 

  9. Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: Byzantine gradient descent. Proc. ACM Measure. Anal. Comput. Syst. 1(2), 1ā€“25 (2017)

    Google Scholar 

  10. Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. Adv. Neural Inform. Process. Syst. 30 (2017)

    Google Scholar 

  11. Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: Towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650ā€“5659. PMLR (2018)

    Google Scholar 

  12. Fung, C., Yoon, C.J., Beschastnikh, I.: The limitations of federated learning in sybil settings. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 301ā€“316 (2020)

    Google Scholar 

  13. Cao, X., Fang, M., Liu, J., Gong, N.Z.: Fltrust: Byzantine-robust federated learning via trust bootstrapping. arXiv preprint arXiv:2012.13995 (2020)

  14. Jebreel, N.M., Domingo-Ferrer, J.: Fl-defender: combating targeted attacks in federated learning. Knowl.-Based Syst. 260, 110178 (2023)

    Article  Google Scholar 

  15. Feng, X., Cheng, W., Cao, C., Wang, L., Sheng, V.S.: Dpfla: defending private federated learning against poisoning attacks. IEEE Trans. Serv. Comput. (2024)

    Google Scholar 

  16. Shen, X., Liu, Y., Li, F., Li, C.: Privacy-preserving federated learning against label-flipping attacks on non-iid data. IEEE Internet of Things J. (2023)

    Google Scholar 

  17. Miao, Y., Liu, Z., Li, H., Choo, K.K.R., Deng, R.H.: Privacy-preserving byzantine-robust federated learning via blockchain systems. IEEE Trans. Inf. Forensics Secur. 17, 2848ā€“2861 (2022)

    Article  Google Scholar 

  18. Tan, Y., Long, G., Liu, L., Zhou, T., Lu, Q., Jiang, J., Zhang, C.: Fedproto: federated prototype learning across heterogeneous clients. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 36, pp. 8432ā€“8440 (2022)

    Google Scholar 

  19. Huang, W., Ye, M., Shi, Z., Li, H., Du, B.: Rethinking federated learning with domain shift: a prototype view. In: 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 16312ā€“16322. IEEE (2023)

    Google Scholar 

  20. Yan, B., Zhang, H., Xu, M., Yu, D., Cheng, X.: Fedrfq: prototype-based federated learning with reduced redundancy, minimal failure, and enhanced quality. IEEE Trans. Comput. (2024)

    Google Scholar 

  21. Li, Y., Jiang, Y., Li, Z., Xia, S.T.: Backdoor learning: a survey. IEEE Trans. Neural Netw. Learn. Syst. (2022)

    Google Scholar 

  22. Liu, X., Li, H., Xu, G., Chen, Z., Huang, X., Lu, R.: Privacy-enhanced federated learning against poisoning adversaries. IEEE Trans. Inf. Forensics Secur. 16, 4574ā€“4588 (2021)

    Article  Google Scholar 

  23. Han, S., Park, S., Wu, F., Kim, S., Zhu, B., Xie, X., Cha, M.: Towards attack-tolerant federated learning via critical parameter analysis. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 4999ā€“5008 (2023)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by the NSF of China under Grants 62202250, 62272256, 62172291, 62302235 and 62072065, the NSF of Shandong Province under Grants ZR2021QF079 and ZR2022QF094, the Major Program of Shandong Provincial Natural Science Foundation for the Fundamental Research (ZR2022ZD03), and in part by the Talent Cultivation Promotion Program of Computer Science and Technology in Qilu University of Technology (Shandong Academy of Sciences) under Grant 2023PY059, the Talent Research Projects of Qilu University of Technology under Grant 2023RCKY137, the Colleges and Universities 20 Terms Foundation of Jinan City under Grant 202228093, Sichuan Science and Technology Program(2023YFQ0029).

Author information

Authors and Affiliations

  1. Key Laboratory of Computing Power Network and Information Security, Ministry of Education Shandong Computer Science Center, Qilu University of Technology (Shandong Academy of Sciences), Jinan, 250353, China

    Jie Zhang, Hongliang Zhang, Guijuan Wang & Anming Dong

  2. Shandong Provincial Key Laboratory of Industrial Network and Information System Security, Shandong Fundamental Research Center for Computer Science, Jinan, 250353, China

    Jie Zhang, Hongliang Zhang, Guijuan Wang & Anming Dong

Authors
  1. Jie Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hongliang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guijuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anming Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guijuan Wang .

Editor information

Editors and Affiliations

  1. Georgia State University, Atlanta, GA, USA

    Zhipeng Cai

  2. Old Dominion University, Norfolk, VA, USA

    Daniel Takabi

  3. Beijing University of Posts and Telecommunications, Beijing, China

    Shaoyong Guo

  4. Shandong University, Qingdao, China

    Yifei Zou

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, J., Zhang, H., Wang, G., Dong, A. (2025). Defending Against Poisoning Attacks in Federated Prototype Learning on Non-IID Data. In: Cai, Z., Takabi, D., Guo, S., Zou, Y. (eds) Wireless Artificial Intelligent Computing Systems and Applications. WASA 2024. Lecture Notes in Computer Science, vol 14998. Springer, Cham. https://doi.org/10.1007/978-3-031-71467-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-71467-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-71466-5

  • Online ISBN: 978-3-031-71467-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics