Go to TMLR homepageLoRA-FL: A Low-Rank Adversarial Attack for Compromising Group Fairness in Federated Learning
Abstract: Federated Learning (FL) enables collaborative model training without requiring participants
to share raw data, and is increasingly deployed in regulated domains such as healthcare, fi
nance, and large-scale personalization. FL offers privacy and governance benefits, it can
also obscure fairness risks: heterogeneity in client data distributions may lead to models
that systematically disadvantage minority groups. Ensuring fairness in such settings is not
only an ethical concern but also a regulatory requirement under frameworks such as GDPR
and anti-discrimination law. Existing adversarial manipulations in FL, such as noise injec
tion or scaling attacks, typically degrade predictive performance or are mitigated by robust
aggregation rules (e.g., KRUM or FLAME), limiting their practical relevance. In this work,
we introduce LoRA-FL, a stealthy fairness attack that leverages low-rank adapters to in
ject group-level bias while preserving accuracy. By constraining adversarial updates to a
compact subspace that aligns with benign client variation, LoRA-FL evades both standard
and robust aggregators, even under heterogeneous (non-IID) data distributions. We provide
empirical results, across widely used fairness benchmarks, including tabular datasets such
as Adult and Bank. With LoRA-FL as few as 10–20% adversarial clients can increase viola
tions of demographic parity and equalized odds by over 40%, while maintaining comparable
predictive performance.
Submission Type: Long submission (more than 12 pages of main content)
Assigned Action Editor: ~Junyuan_Hong1
Submission Number: 7820
Loading