Securing Federated Sensitive Topic Classification against Poisoning Attacks
Tianyue Chu, Alvaro Garcia-Recuero, Costas Iordanou, Georgios Smaragdakis, Nikolaos Laoutaris
TL;DR
This work tackles privacy-preserving classification of GDPR-sensitive web content by introducing a federated learning framework that remains robust to poisoning attacks. It combines a residual-based attack detector with a subjective-logic reputation model to weight client updates, and proves convergence under standard FL assumptions. Empirical results on the SURL dataset and CIFAR-10 show faster convergence (roughly 1.6–2.4×) and lower attack success rates compared to state-of-the-art baselines, while a real-user prototype (EITR) demonstrates practical learning of new topics like COVID-19 health content with around 0.80 accuracy and 0.79 AUC. Collectively, the approach enables privacy-preserving, rapidly adaptable sensitive-content classifiers suitable for browser-based deployment and real-world use.
Abstract
We present a Federated Learning (FL) based solution for building a distributed classifier capable of detecting URLs containing GDPR-sensitive content related to categories such as health, sexual preference, political beliefs, etc. Although such a classifier addresses the limitations of previous offline/centralised classifiers,it is still vulnerable to poisoning attacks from malicious users that may attempt to reduce the accuracy for benign users by disseminating faulty model updates. To guard against this, we develop a robust aggregation scheme based on subjective logic and residual-based attack detection. Employing a combination of theoretical analysis, trace-driven simulation, as well as experimental validation with a prototype and real users, we show that our classifier can detect sensitive content with high accuracy, learn new labels fast, and remain robust in view of poisoning attacks from malicious users, as well as imperfect input from non-malicious ones.
