General Backdoor-Resilient Federated Learning via Multi-Armed Bandit-Based Knowledge Distillation

Download PDF
Open Webpage

Senmao Qi, Hao Ma, Yifei Zou, Peng Li, Hanlin Gu, Zhenzhen Xie, Lixin Fan, Xiuzhen Cheng, Dongxiao Yu

Published: 01 Jan 2026, Last Modified: 12 Mar 2026IEEE Transactions on Information Forensics and SecurityEveryoneRevisionsCC BY-SA 4.0
Abstract: The decentralized nature of federated learning (FL) makes it difficult to verify the trustworthiness of participating clients, creating an opportunity for backdoor attacks. This paper addresses a general backdoor-resilient decentralized FL problem without any prior knowledge of the type of backdoor attacks or information about malicious clients. After an in-depth investigation of how backdoor attacks are conducted in FL, we introduce a multi-armed bandit-based knowledge distillation approach to help benign clients learn useful knowledge from other clients while rejecting potential backdoors hidden in shared updates. Unlike most previous works that rely on identifying and removing malicious updates—an approach limited to scenarios with fewer than 50% attackers—our knowledge distillation technique enables benign clients to reject backdoored knowledge while preserving useful information, maintaining effective defense even when malicious clients exceed 50% of the population. Additionally, to handle the various updates from clients with Non-IID dataset, a multi-armed bandit scheme is designed for each benign client to select the most appropriate teachers for knowledge distillation, resulting in high accuracy and fast convergence. Extensive experiments demonstrate that our multi-armed bandit-based knowledge distillation approach achieves high accuracy and general backdoor resilience. Comparisons with previous works show that our approach can reduce the attack success rate by 14.71%~96.78% on average.