后门
计算机科学
特征(语言学)
光学(聚焦)
人工智能
任务(项目管理)
异常检测
水准点(测量)
理论(学习稳定性)
数据挖掘
机器学习
瓶颈
公制(单位)
深度学习
透视图(图形)
特征学习
数据建模
联合学习
特征提取
模式识别(心理学)
恶意软件
航程(航空)
过程(计算)
监督学习
特征向量
钥匙(锁)
训练集
信息敏感性
信息隐私
作者
Yifan Sui,Yongqi Sun,Naiyue Chen,Yingying Zhao,Hongbo Cao,Baomin Xu
标识
DOI:10.1109/tifs.2026.3655920
摘要
Backdoor attacks pose severe security challenges to federated learning systems due to their stealthy nature. Existing detection methods primarily focus on identifying anomalies by analyzing discrepancies in client model updates. However, in federated learning, the non-independent and identically distributed (non-IID) nature of client data leads to inconsistencies among local model updates, which can mask the distinguishing features of backdoor attacks and consequently degrade the performance of detection methods. Unlike benign models, which are trained solely for a single classification task, backdoored models are simultaneously optimized for both the classification (main) task and the backdoor task. Therefore, training the backdoored models can be regarded as a multi-task learning problem. Inspired by information bottleneck theory, we observe that backdoored models exhibit more stable feature representations than benign models when performing the main task. Based on this insight, we propose a novel stability metric that quantitatively captures the disparity in feature map stability between backdoored and benign models. Leveraging this metric, we develop a new backdoor detection framework for federated learning. Our method computes anomaly scores for each client and selectively aggregates models with benign characteristics, effectively defending against backdoor attacks. We validate our approach through extensive experiments on multiple benchmark datasets under non-IID settings. The results demonstrate that our method consistently achieves high detection performance across a range of backdoor scenarios and data heterogeneity levels.
科研通智能强力驱动
Strongly Powered by AbleSci AI