Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Visualizing the Shadows: Unveiling Data Poisoning Behaviors in Federated Learning

Xueqing Zhang, Junkai Zhang, Ka-Ho Chow, Juntao Chen, Ying Mao, Mohamed Rahouti, Xiang Li, Yuchen Liu, Wenqi Wei

TL;DR

This work investigates targeted data poisoning in Federated Learning through label flipping and presents a visualization-centric demo system that simulates attacks, collects and analyzes client updates, and offers advisory guidance. By combining a five-component pipeline (Simulation and Data Generation; Data Collection and Upload; User-friendly Interface; Analysis and Insight; Advisory System) with PCA-based signature analyses and $F1$-score tracking, it reveals how attack timing and malicious participation affect global model performance and how separable update patterns can aid detection. The main contributions include empirical insights on label manipulation, timing, and attacker availability, plus concrete recommendations for client verification, anomaly detection, and robustness-aware design—coined as robustness performance co-design. The framework provides practical, deployable guidance for defending FL systems against data-poisoning threats and supports further research into resilient aggregation and monitoring strategies.

Abstract

This demo paper examines the susceptibility of Federated Learning (FL) systems to targeted data poisoning attacks, presenting a novel system for visualizing and mitigating such threats. We simulate targeted data poisoning attacks via label flipping and analyze the impact on model performance, employing a five-component system that includes Simulation and Data Generation, Data Collection and Upload, User-friendly Interface, Analysis and Insight, and Advisory System. Observations from three demo modules: label manipulation, attack timing, and malicious attack availability, and two analysis components: utility and analytical behavior of local model updates highlight the risks to system integrity and offer insight into the resilience of FL systems. The demo is available at https://github.com/CathyXueqingZhang/DataPoisoningVis.

Visualizing the Shadows: Unveiling Data Poisoning Behaviors in Federated Learning

TL;DR

This work investigates targeted data poisoning in Federated Learning through label flipping and presents a visualization-centric demo system that simulates attacks, collects and analyzes client updates, and offers advisory guidance. By combining a five-component pipeline (Simulation and Data Generation; Data Collection and Upload; User-friendly Interface; Analysis and Insight; Advisory System) with PCA-based signature analyses and -score tracking, it reveals how attack timing and malicious participation affect global model performance and how separable update patterns can aid detection. The main contributions include empirical insights on label manipulation, timing, and attacker availability, plus concrete recommendations for client verification, anomaly detection, and robustness-aware design—coined as robustness performance co-design. The framework provides practical, deployable guidance for defending FL systems against data-poisoning threats and supports further research into resilient aggregation and monitoring strategies.

Abstract

This demo paper examines the susceptibility of Federated Learning (FL) systems to targeted data poisoning attacks, presenting a novel system for visualizing and mitigating such threats. We simulate targeted data poisoning attacks via label flipping and analyze the impact on model performance, employing a five-component system that includes Simulation and Data Generation, Data Collection and Upload, User-friendly Interface, Analysis and Insight, and Advisory System. Observations from three demo modules: label manipulation, attack timing, and malicious attack availability, and two analysis components: utility and analytical behavior of local model updates highlight the risks to system integrity and offer insight into the resilience of FL systems. The demo is available at https://github.com/CathyXueqingZhang/DataPoisoningVis.
Paper Structure (5 sections, 4 figures)

This paper contains 5 sections, 4 figures.

Table of Contents

  1. Introduction
  2. Demo System Design
  3. Observation and Insights
  4. Advisory System
  5. Conclusion

Figures (4)

  • Figure 1: Overview.
  • Figure 2: User-friendly Interface
  • Figure 3: F1 score graph through different phases.
  • Figure 4: Abnormal PCA effect in one round.