Go to ICLR 2026 Conference homepageParaShield: Parameter-Level Directional Defense for Federated Backdoor Robustness
Keywords: Federated learning, backdoor, parameter directional
Abstract: Heterogeneous federated learning improves the stealthiness of backdoor attacks, presenting substantial challenges for existing defense methods to simultaneously ensure effectiveness and robustness. However, divergent optimization objectives lead to pronounced parameter-level differences between the benign heterogeneous clients and those infected with backdoor attacks. To address this issue, we introduce Parameter-level Directional Defense, termed ParaShield, which leverages Neural Influence Factors (NIF) to dynamically and rapidly capture the critical parameters. ParaShield enables the identification of parameters that are essential for maintaining model performance within the benign client updates. On this basis, we further calculate the Cosine Similarity of Critical Parameters (CPCS) and
the Sign Consistency of Critical Parameters (CPSC) to quantify directional alignment across client updates. Specifically, we initially filter out malicious model updates by analyzing the directional information of the critical parameters. Subsequently, we leverage the Mahalanobis distance in the 2D feature space formed by CPCS and CPSC to identify malicious updates deviating from the normal distribution, achieving robust aggregation. To comprehensively evaluate the robustness of ParaShield, we also construct the Projected Directional Backdoor Attack (PDBA), a stealthy backdoor attack that effectively examines defense mechanisms under realistic conditions. Extensive experiments conducted on various challenging Non-IID scenarios demonstrate the effectiveness of ParaShield.
Supplementary Material: zip
Primary Area: other topics in machine learning (i.e., none of the above)
Submission Number: 7076
Loading