Defending Against Backdoor Attacks in Federated Learning Using Differential Privacy Combined with OOD Data Attributes

초록

While federated learning has significant privacy benefits, it is also vulnerable to backdoor attacks. Existing differential privacy-based defenses are effective against backdoor attacks, but they also significantly degrade the good performance of aggregated models. To address this shortcoming, we employ a backdoor detection mechanism that exploits the fact that backdoor samples are OOD samples relative to benign samples, effectively excludes malicious backdoor updates, and removes remaining backdoors by adding differential privacy. Experimental results on the CIFAR10 and FEMNIST datasets show that our proposed method can effectively remove backdoors and has a negligible impact on the benign performance of the model. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

키워드