Go to OpenReview Public Article ORCID homepageDAARA: Divergence-Aware Attention for Robust Aggregation in Federated Learning Against Poisoning Attacks
Abstract: Federated Learning (FL) enables collaborative model training across distributed clients without sharing raw data but remains highly vulnerable to poisoning attacks, especially under non-Independent and Identically Distributed (non-IID) settings. To address this challenge, we propose DAARA: Divergence-Aware Attention for Robust Aggregation, a novel aggregation mechanism designed to defend against label flipping attacks in FL. Unlike existing defenses that rely on fixed thresholds or assume knowledge of attacker behavior, DAARA is client-agnostic and adaptively assigns attention weights to client updates based on their statistical divergence and class-wise consistency. We provide the theoretical convergence analysis of our DAARA approach. Additionally, we conduct extensive experiments on the NSL-KDD and UNSW-NB15 cybersecurity datasets, demonstrating that DAARA significantly outperforms state-of-the-art baselines, including Krum, Trimmed Mean, FoolsGold, and RFed, achieving up to a 40% reduction in attack success rate and up to \(4\times \) faster convergence under both untargeted and targeted label flipping attacks. Furthermore, DAARA exhibits remarkable stability across varying attack intensities, maintaining consistently low gradient divergence even under extreme non-IID conditions. The results confirm that DAARA provides a lightweight, effective, and generalizable solution for secure FL in adversarial and heterogeneous environments.
External IDs:doi:10.1007/978-981-95-6786-7_1
Loading