A Federated Learning Method Resistant to Label Flip Attack

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (3): 205-.

Previous Articles Next Articles

A Federated Learning Method Resistant to Label Flip Attack

Zhou Jingxian1, Han Wei1, Zhang Dedong2, and Li Zhiping1

1(School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300)
2(Institute of Electronic Computing Technology, China Academy of Railway Sciences Group Co., Ltd., Beijing 100081)

Online:2025-03-18 Published:2025-03-30

一种抗标签翻转攻击的联邦学习方法

周景贤1韩威1张德栋2李志平1

1(中国民航大学计算机科学与技术学院天津300300)
2(中国铁道科学研究院集团有限公司电子计算技术研究所北京100081)

通讯作者: 韩威硕士研究生.主要研究方向为联邦学习、网络安全. 89503906@qq.com
作者简介:周景贤博士，副研究员.主要研究方向为数据安全、民航信息系统安全. jxzhou@cauc.edu.cn 韩威硕士研究生.主要研究方向为联邦学习、网络安全. 89503906@qq.com 张德栋博士，高级工程师.主要研究方向为网络安全、计算机应用技术. zhangdedong@rails.cn 李志平硕士，实验师.主要研究方向为网络与信息安全. 18322731101@126.com

Abstract

Abstract: Since users participating in federated learning training have high autonomy and their identities are difficult to identify, they are vulnerable to label flip attacks, causing the model to learn wrong rules from wrong labels and reducing the overall performance of the model. In order to effectively resist label flip attacks, a dilutionprotected federated learning method for multistage training models is proposed. This method randomly divides the training data set and uses a dilution protection federated learning algorithm to distribute part of the data to clients participating in the training to limit the amount of data owned by the client and avoid malicious participants with large amounts of data from causing major damage to the model. After each training session, the gradients of all training epochs in that phase are gradient clustered by a dimensionality reduction algorithm in order to identify potentially malicious actors and restrict their training in the next phase. At the same time, the global model parameters are saved after each stage of training to ensure that the training of each stage is based on the model foundation of the previous stage. Experimental results on the data set show that this method reduces the impact of attacks without damaging the model accuracy, and helps improve the convergence speed of the model.

Key words: federated learning, data security, malicious behavior, label flip attack, defense

摘要： 由于联邦学习参与训练的用户自主性较高且身份难以辨别，从而易遭受标签翻转攻击，使模型从错误的标签中学习到错误的规律，降低模型整体性能.为有效抵抗标签翻转攻击，提出了一种多阶段训练模型的稀释防护联邦学习方法.该方法通过对训练数据集进行随机划分，采用稀释防护联邦学习算法将部分数据分发给参与训练的客户端，以限制客户端所拥有的数据量，避免拥有大量数据的恶意参与者对模型造成较大影响.在每次训练结束后，对该阶段中所有训练轮次的梯度通过降维算法进行梯度聚类，以便识别潜在的恶意参与者，并在下一阶段中限制其训练.同时，在每个阶段训练结束后保存全局模型参数，确保每个阶段的训练都基于上一个阶段的模型基础.在数据集上的实验结果表明，该方法在降低攻击影响的同时不损害模型准确率，并且模型收敛速度平均提升了25.2%~32.3%.

关键词: 联邦学习, 数据安全, 恶意行为, 标签翻转攻击, 防御

CLC Number:

TP309.2

周景贤, 韩威, 张德栋, 李志平, . 一种抗标签翻转攻击的联邦学习方法[J]. 信息安全研究, 2025, 11(3): 205-.

References

［1］McMahan B, Moore E, Ramage D, et al. Communicationefficient learning of deep networks from decentralized data［COL］ Proc of Int Conf on Artificial Intelligence and Statistics. PMLR, 2017 ［20240513］. https:proceedings.mlr.pressv54mcmahan17a.html［2］Wang Wenxin, Liu Caiyun, Yue Ziyan. Industrial Internet structure optimization based on federated learning［J］. Industry Information Security, 2022 (1): 103107［3］Bagdasaryan E, Veit A, Hua Y, et al. How to backdoor federated learning［COL］ Proc of Int Conf on Artificial Intelligence and Statistics. PMLR, 2020 ［20240513］. https:proceedings.mlr.pressv108bagdasaryan20a.html［4］Blanchard P, ElMhamdi E M, Guerraoui R, et al. Machine learning with adversaries: Byzantine tolerant gradient descent［JOL］. Advances in Neural Information Processing Systems, 2017 ［20240513］. https:papers.nips.ccpaper_filespaper2017hashf4b9ec30ad9f68f89b29639786cb62efAbstract.html［5］Fung C, Yoon C J M, Beschastnikh I. Mitigating sybils in federated learning poisoning［J］. arXiv preprint, arXiv:1808.04866, 2018［6］Fang M, Cao X, Jia J, et al. Local model poisoning attacks to {ByzantineRobust} federated learning［C］ Proc of the 29th USENIX Security Symposium (USENIX Security 20). Berkeley, CA: USENIX Association, 2020: 16051622［7］Awan S, Luo B, Li F. Contra: Defending against poisoning attacks in federated learning［C］ Proc of the 26th European Symp on Research in Computer Security(ESORICS 2021). Berlin: Springer, 2021: 455475［8］Uprety A, Rawat D B. Mitigating poisoning attack in federated learning［C］ Proc of the 2021 IEEE Symp Series on Computational Intelligence (SSCI). Piscataway, NJ: IEEE, 2021: 17［9］Hallaji E, RazaviFar R, Saif M, et al. Label noise analysis meets adversarial training: A defense against label poisoning in federated learning［J］. KnowledgeBased Systems, 2023, 266: 110384［10］Ovi P R, Gangopadhyay A, Erbacher R F, et al. Confident federated learning to tackle label flipped data poisoning attacks［C］ Proc of the Artificial Intelligence and Machine Learning for MultiDomain Operations Applications. Bellingham, WA: SPIE, 2023: 263272［11］Tolpegin V, Truex S, Gursoy M E, et al. Data poisoning attacks against federated learning systems［C］ Proc of the 25th European Symp on Research in Computer Security (ESORICS 2020). Berlin: Springer, 2020: 480501［12］Anowar F, Sadaoui S, Selim B. Conceptual and empirical comparison of dimensionality reduction algorithms (pca, kpca, lda, mds, svd, lle, isomap, le, ica, tsne)［J］. Computer Science Review, 2021, 40: 100378［13］Schlkopf B, Smola A, Müller K R. Kernel principal component analysis［C］ Proc of Int Conf on Artificial Neural Networks. Berlin: Springer, 1997: 583588［14］Fung C, Yoon C J M, Beschastnikh I. The limitations of federated learning in sybil settings［C］ Proc of the 23rd Int Symp on Research in Attacks, Intrusions and Defenses (RAID 2020). Berlin: Springer, 2020: 301316［15］Xiao H, Rasul K, Vollgraf R. Fashionmnist: A novel image dataset for benchmarking machine learning algorithms［J］. arXiv preprint, arXiv:1708.07747, 2017

[1]	. Privacypreserving Federated Learning Research Based on #br# Confused Modulo Projection Homomorphic Encryption#br# [J]. Journal of Information Security Reserach, 2025, 11(3): 198-.
[2]	. Overview of Regulation of Crossborder Data Flow [J]. Journal of Information Security Reserach, 2025, 11(2): 164-.
[3]	. Research and Application of Trusted Data Security Management #br# Technology Based on Chameleon Hash#br# [J]. Journal of Information Security Reserach, 2025, 11(2): 189-.
[4]	. A Review of Adversarial Attack on Autonomous Driving Perception System [J]. Journal of Information Security Reserach, 2024, 10(9): 786-.
[5]	. A Poisoningresistant Verifiable Secure Federated Learning Scheme #br# in IoT Perception Environments#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 804-.
[6]	. Analysis and Security System Design for the Open Sharing Mode of Public Data [J]. Journal of Information Security Reserach, 2024, 10(9): 870-.
[7]	. A Cloud Edge Coordinated Federated Computing Method for Fault Detection in the Railway Signal System [J]. Journal of Information Security Reserach, 2024, 10(8): 753-.
[8]	. Design and Implementation of Quantum Software Cryptography Module [J]. Journal of Information Security Reserach, 2024, 10(8): 760-.
[9]	. Federated Foundation Model Finetuning Based on Differential Privacy#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(7): 616-.
[10]	. Baseline Evaluation of Financial Data Security Based on Combined WeightingTOPSIS Method [J]. Journal of Information Security Reserach, 2024, 10(7): 634-.
[11]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[12]	. Design of Diversity Data Security Compliance Detection System [J]. Journal of Information Security Reserach, 2024, 10(7): 658-.
[13]	. Research on Science and Technology Management Information Security Guarantee System [J]. Journal of Information Security Reserach, 2024, 10(7): 675-.
[14]	. A Secure and Efficient Method of Fully Anonymous Vertical Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(6): 506-.
[15]	. Analysis of Special Protection Mechanisms in the USEU Crossborder Data Transfer Agreement#br# [J]. Journal of Information Security Reserach, 2024, 10(5): 462-.

A Federated Learning Method Resistant to Label Flip Attack

一种抗标签翻转攻击的联邦学习方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics