Strengthening Federated Learning: Surrogate Data-Guided Aggregation for Robust Backdoor Defense

Haoqiang Zhang; Yonggang Zhang; Qizhou Wang; Bo Han; Defu Lian; Enhong Chen

Strengthening Federated Learning: Surrogate Data-Guided Aggregation for Robust Backdoor Defense

Haoqiang Zhang, Yonggang Zhang, Qizhou Wang, Bo Han, Defu Lian, Enhong Chen

25 Sept 2024 (modified: 05 Feb 2025)Submitted to ICLR 2025EveryoneRevisionsBibTeXCC BY 4.0

Keywords: Federated Learning, Backdoor Attacks, Generative Learning

TL;DR: We propose a Surrogate Data-Guided Aggregation (SuDA) method in federated learning to defend against backdoor attacks.

Abstract: Backdoor attacks in federated learning (FL) have garnered significant attention due to their destructive potential. Current advanced backdoor defense strategies typically involve calculating predefined metrics related to local models and modifying the server's aggregation rule accordingly. However, these metrics may exhibit biases due to the inclusion of malicious models in the calculation, leading to defense failures. To address this issue, we propose a novel backdoor defense method in FL named $\textit{Su}$rrogate $\textit{D}$ata-guided $\textit{A}$ggregation (SuDA). SuDA independently evaluates local models using surrogate data, thereby mitigating the influence of malicious models. Specifically, it constructs a surrogate dataset composed of pure noise, which is shared between the server and clients. By leveraging this shared surrogate data, clients train their models using both the shared and local data, while the server reconstructs potential triggers for each local model to identify backdoors, facilitating the filtering of backdoored models before aggregation. To ensure the generalizability of local models across both local and surrogate data, SuDA aligns local data with surrogate data in the representation space, supported by theoretical analysis. Comprehensive experiments demonstrate the substantial superiority of SuDA over previous works.

Primary Area: alignment, fairness, safety, privacy, and societal considerations

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2025/AuthorGuide.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 4826

Loading