Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beyond Passive Aggregation: Active Auditing and Topology-Aware Defense in Decentralized Federated Learning

Sheng Pan, Niansheng Tang

Abstract

Decentralized Federated Learning (DFL) remains highly vulnerable to adaptive backdoor attacks designed to bypass traditional passive defense metrics. To address this limitation, we shift the defensive paradigm toward a novel active, interventional auditing framework. First, we establish a dynamical model to characterize the spatiotemporal diffusion of adversarial updates across complex graph topologies. Second, we introduce a suite of proactive auditing metrics, stochastic entropy anomaly, randomized smoothing Kullback-Leibler divergence, and activation kurtosis. These metrics utilize private probes to stress-test local models, effectively exposing latent backdoors that remain invisible to conventional static detection. Furthermore, we implement a topology-aware defense placement strategy to maximize global aggregation resilience. We provide theoretical property for the system's convergence under co-evolving attack and defense dynamics. Numeric empirical evaluations across diverse architectures demonstrate that our active framework is highly competitive with state-of-the-art defenses in mitigating stealthy, adaptive backdoors while preserving primary task utility.

Beyond Passive Aggregation: Active Auditing and Topology-Aware Defense in Decentralized Federated Learning

Abstract

Decentralized Federated Learning (DFL) remains highly vulnerable to adaptive backdoor attacks designed to bypass traditional passive defense metrics. To address this limitation, we shift the defensive paradigm toward a novel active, interventional auditing framework. First, we establish a dynamical model to characterize the spatiotemporal diffusion of adversarial updates across complex graph topologies. Second, we introduce a suite of proactive auditing metrics, stochastic entropy anomaly, randomized smoothing Kullback-Leibler divergence, and activation kurtosis. These metrics utilize private probes to stress-test local models, effectively exposing latent backdoors that remain invisible to conventional static detection. Furthermore, we implement a topology-aware defense placement strategy to maximize global aggregation resilience. We provide theoretical property for the system's convergence under co-evolving attack and defense dynamics. Numeric empirical evaluations across diverse architectures demonstrate that our active framework is highly competitive with state-of-the-art defenses in mitigating stealthy, adaptive backdoors while preserving primary task utility.
Paper Structure (32 sections, 6 theorems, 89 equations, 3 figures, 4 tables, 1 algorithm)

This paper contains 32 sections, 6 theorems, 89 equations, 3 figures, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. System Model and Preliminaries
  3. Notations
  4. System Model
  5. Attack Diffusion Dynamics
  6. System Dynamics of Infection Intensity
  7. Backdoor Detection Metrics
  8. Case A: Distance Evasion
  9. Case B: Directional Evasion
  10. Stochastic Entropy Anomaly ($\rho_{SEA}$)
  11. Randomized Smoothing Kullback-Leibler (KL) Divergence ($\rho_{RS}$)
  12. Activation Kurtosis ($\rho_{\mathcal{A}_K}$)
  13. Defense Strategy
  14. Robust Consensus and Temporal Trust Evolution
  15. Adaptive Aggregation via Multi-Armed Bandit
  16. ...and 17 more sections

Key Result

Lemma 3.1

Assume the network graph induced by $\mathbf{W}$ is strongly connected and there exists at least one benign node $i$ with a positive decay rate $\Lambda_{ii} = \lambda > 0$. Then, the spectral radius satisfies $\rho(\mathbf{A}) < 1$, guaranteeing the existence of the stationary state $\boldsymbol{s}

Figures (3)

  • Figure 1: Validation of the diffusion model and the ACC, ASR trend on the Transformer architecture using the PubMed dataset.
  • Figure 2: Computational Efficiency Analysis Across Different Mechanisms
  • Figure 3: Diffusion model validation and Phase Transition phenomenon on the CNN architecture using the GTSRB dataset.

Theorems & Definitions (9)

  • Lemma 3.1: System Stability
  • Lemma 3.2: Spatiotemporal Diffusion Bound
  • Theorem 5.1
  • Lemma A.1
  • proof
  • Lemma A.2: Non-Convex Convergence of Nominal Sequence
  • proof
  • Lemma A.3: Boundedness of Backdoor Bias with Topological Heterogeneity
  • proof