A Physical Backdoor Attack Against Practical Federated Learning

Yang Li, Xiangtao Lu, Guibo Luo, Yuesheng Zhu

Published: 01 Jan 2025, Last Modified: 13 Jul 2025CSCWD 2025EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Federated learning (FL) is a distributed machine learning paradigm designed to build a global model while safeguarding data privacy. However, the decentralized nature and data heterogeneity of FL increase its susceptibility to backdoor attacks. Existing works on backdoor attacks and defenses typically focus on digital attacks that use digitally generated patterns as backdoor triggers. While using digitally generated patterns as triggers is convenient, its practicality remains questionable. In this work, a physical backdoor attack is proposed to enhance the practicality of backdoor attacks in FL. We employ real-world objects as backdoor triggers, integrating Backdoor-Robust Training Set Selection and Prox Attack, to execute backdoor attacks across various scenarios. Extensive experiments show that the physical backdoor attack in FL pose a serious real-world threat. This finding underscores the urgent need for more robust backdoor defenses in the physical world.