Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

GANcrop: A Contrastive Defense Against Backdoor Attacks in Federated Learning

Xiaoyun Gan, Shanyu Gan, Taizhi Su, Peng Liu

TL;DR

This paper tackles backdoor attacks in Federated Learning by introducing GANcrop, a defense framework that combines model-level contrastive learning for attack detection with GAN-based trigger recovery for targeted mitigation. The approach identifies malicious client models, recovers backdoor triggers, and retrains with corrected data before aggregating repaired models to form a robust global model, achieving strong defense while preserving main-task accuracy, especially in non-IID settings. Experimental results on CIFAR-10 with 40 clients show GANcrop outperforms several baselines in reducing backdoor success while maintaining competitive task performance, albeit with higher per-round computation due to detection and remediation steps. The method demonstrates practical potential for securing FL deployments where data heterogeneity and privacy constraints complicate defense against backdoor threats.

Abstract

With heightened awareness of data privacy protection, Federated Learning (FL) has attracted widespread attention as a privacy-preserving distributed machine learning method. However, the distributed nature of federated learning also provides opportunities for backdoor attacks, where attackers can guide the model to produce incorrect predictions without affecting the global model training process. This paper introduces a novel defense mechanism against backdoor attacks in federated learning, named GANcrop. This approach leverages contrastive learning to deeply explore the disparities between malicious and benign models for attack identification, followed by the utilization of Generative Adversarial Networks (GAN) to recover backdoor triggers and implement targeted mitigation strategies. Experimental findings demonstrate that GANcrop effectively safeguards against backdoor attacks, particularly in non-IID scenarios, while maintaining satisfactory model accuracy, showcasing its remarkable defensive efficacy and practical utility.

GANcrop: A Contrastive Defense Against Backdoor Attacks in Federated Learning

TL;DR

This paper tackles backdoor attacks in Federated Learning by introducing GANcrop, a defense framework that combines model-level contrastive learning for attack detection with GAN-based trigger recovery for targeted mitigation. The approach identifies malicious client models, recovers backdoor triggers, and retrains with corrected data before aggregating repaired models to form a robust global model, achieving strong defense while preserving main-task accuracy, especially in non-IID settings. Experimental results on CIFAR-10 with 40 clients show GANcrop outperforms several baselines in reducing backdoor success while maintaining competitive task performance, albeit with higher per-round computation due to detection and remediation steps. The method demonstrates practical potential for securing FL deployments where data heterogeneity and privacy constraints complicate defense against backdoor threats.

Abstract

With heightened awareness of data privacy protection, Federated Learning (FL) has attracted widespread attention as a privacy-preserving distributed machine learning method. However, the distributed nature of federated learning also provides opportunities for backdoor attacks, where attackers can guide the model to produce incorrect predictions without affecting the global model training process. This paper introduces a novel defense mechanism against backdoor attacks in federated learning, named GANcrop. This approach leverages contrastive learning to deeply explore the disparities between malicious and benign models for attack identification, followed by the utilization of Generative Adversarial Networks (GAN) to recover backdoor triggers and implement targeted mitigation strategies. Experimental findings demonstrate that GANcrop effectively safeguards against backdoor attacks, particularly in non-IID scenarios, while maintaining satisfactory model accuracy, showcasing its remarkable defensive efficacy and practical utility.
Paper Structure (18 sections, 2 equations, 6 figures, 1 table, 1 algorithm)

This paper contains 18 sections, 2 equations, 6 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminary Knowledge
  3. Proposed Method
  4. Attack Detection
  5. Backdoor Mitigation
  6. Model Aggregation
  7. Experiment
  8. Experimental Setup
  9. Dataset:
  10. Data Division:
  11. Attack Method:
  12. Experimental Results and Analysis
  13. Verifying the Effectiveness of GANcrop in Defending Against Backdoor Attacks:
  14. Verifying the main task accuracy of GANcrop:
  15. Verify the main task accuracy and the backdoor task accuracy of the two sub-models:
  16. ...and 3 more sections

Figures (6)

  • Figure 1: GANcrop architecture diagram
  • Figure 2: Model Contrastive Learning
  • Figure 3: Trigger Generator
  • Figure 4: Attack Schematic
  • Figure 5: Successful rounds of defending against attacks and main task accuracy of six methods
  • ...and 1 more figures