Resisting Poisoning Attacks in Federated Learning via Dual-Domain Distance and Trust Assessment

Download PDF
Open Webpage

Zhaoqi Wang, Zijian Zhang, Zhen Li, Yan Wu, Ye Liu, Meng Li, Xin Li, Yong Liu, Jincheng An, Wei Liang, Liehuang Zhu

Published: 2025, Last Modified: 06 Jan 2026IEEE Trans. Inf. Forensics Secur. 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Subsequently, by executing various attacks on benchmark datasets such as MNIST, we construct Federated Learning Malicious Parameter Identification (FLMPID) dataset to enable malicious client detection. Building on this dataset, we propose FORTRESS (Federated POisoning-Resistance Defense via Dual-Domain Distance and TRust AssESSment), a framework designed to detect and mitigate malicious updates from clients. FORTRESS employs a unique encoder-decoder architecture. The encoder utilizes dual-domain distance metrics on weights and gradients to extract hidden representations, while the decoder leverages Actor-Critic (AC) reinforcement learning for trust assessment. We evaluated FORTRESS under multiple attack scenarios and demonstrated its defense effectiveness, making it a promising solution for enhancing the security of FL systems.