Table of Contents
Fetching ...

GShield: Mitigating Poisoning Attacks in Federated Learning

Sameera K. M., Serena Nicolazzo, Antonino Nocera, Vinod P., Rafidha Rehiman K. A

TL;DR

This work tackles data poisoning in Federated Learning by introducing GShield, a server-side defense that learns a benign gradient distribution through cosine-similarity clustering and Gaussian-distribution learning during a Safe Round. In a subsequent Anomaly Detection phase, GShield selectively aggregates updates that conform to the learned benign profile, effectively isolating malicious or low-quality contributors. Extensive experiments on tabular and image datasets show that GShield improves robustness and maintains high accuracy compared to state-of-the-art defenses, including under differential privacy. The results demonstrate practical robustness to targeted poisoning with manageable computational overhead, suggesting strong applicability for secure FL in heterogeneous environments.

Abstract

Federated Learning (FL) has recently emerged as a revolutionary approach to collaborative training Machine Learning models. In particular, it enables decentralized model training while preserving data privacy, but its distributed nature makes it highly vulnerable to a severe attack known as Data Poisoning. In such scenarios, malicious clients inject manipulated data into the training process, thereby degrading global model performance or causing targeted misclassification. In this paper, we present a novel defense mechanism called GShield, designed to detect and mitigate malicious and low-quality updates, especially under non-independent and identically distributed (non-IID) data scenarios. GShield operates by learning the distribution of benign gradients through clustering and Gaussian modeling during an initial round, enabling it to establish a reliable baseline of trusted client behavior. With this benign profile, GShield selectively aggregates only those updates that align with the expected gradient patterns, effectively isolating adversarial clients and preserving the integrity of the global model. An extensive experimental campaign demonstrates that our proposed defense significantly improves model robustness compared to the state-of-the-art methods while maintaining a high accuracy of performance across both tabular and image datasets. Furthermore, GShield improves the accuracy of the targeted class by 43\% to 65\% after detecting malicious and low-quality clients.

GShield: Mitigating Poisoning Attacks in Federated Learning

TL;DR

This work tackles data poisoning in Federated Learning by introducing GShield, a server-side defense that learns a benign gradient distribution through cosine-similarity clustering and Gaussian-distribution learning during a Safe Round. In a subsequent Anomaly Detection phase, GShield selectively aggregates updates that conform to the learned benign profile, effectively isolating malicious or low-quality contributors. Extensive experiments on tabular and image datasets show that GShield improves robustness and maintains high accuracy compared to state-of-the-art defenses, including under differential privacy. The results demonstrate practical robustness to targeted poisoning with manageable computational overhead, suggesting strong applicability for secure FL in heterogeneous environments.

Abstract

Federated Learning (FL) has recently emerged as a revolutionary approach to collaborative training Machine Learning models. In particular, it enables decentralized model training while preserving data privacy, but its distributed nature makes it highly vulnerable to a severe attack known as Data Poisoning. In such scenarios, malicious clients inject manipulated data into the training process, thereby degrading global model performance or causing targeted misclassification. In this paper, we present a novel defense mechanism called GShield, designed to detect and mitigate malicious and low-quality updates, especially under non-independent and identically distributed (non-IID) data scenarios. GShield operates by learning the distribution of benign gradients through clustering and Gaussian modeling during an initial round, enabling it to establish a reliable baseline of trusted client behavior. With this benign profile, GShield selectively aggregates only those updates that align with the expected gradient patterns, effectively isolating adversarial clients and preserving the integrity of the global model. An extensive experimental campaign demonstrates that our proposed defense significantly improves model robustness compared to the state-of-the-art methods while maintaining a high accuracy of performance across both tabular and image datasets. Furthermore, GShield improves the accuracy of the targeted class by 43\% to 65\% after detecting malicious and low-quality clients.
Paper Structure (19 sections, 7 equations, 6 figures, 4 tables, 2 algorithms)

This paper contains 19 sections, 7 equations, 6 figures, 4 tables, 2 algorithms.

Figures (6)

  • Figure 1: A general Federated Learning architecture
  • Figure 2: Example of Poisoning Attacks in FL
  • Figure 3: Our threat scenario
  • Figure 4: Proposed GShield receives local updates from clients and generates a new global model that eliminates poisoned local updates.
  • Figure 5: Baseline.
  • ...and 1 more figures