Journal article
AntidoteFL: Enhancing defense against poisoning attacks in federated learning
Computer networks (Amsterdam, Netherlands : 1999), Vol.269, 111427
Sep 2025
Featured in Collection : Drexel's Newest Publications
Abstract
Privacy-Preserving Federated Learning (PPFL) has emerged as a widely recognized paradigm in distributed machine learning security in recent years. Among various approaches, Homomorphic Encryption (HE) stands out as one of the most promising solutions to address privacy challenges. However, PPFL remains vulnerable to poisoning attacks, where the robust privacy protection offered by HE may inadvertently create opportunities for attackers. The submission of encrypted model updates by participants complicates anomaly detection. Existing defense mechanisms often rely on overly strong assumptions and tend to overlook the challenges posed by Non-Independent and Identically Distributed (Non-IID) data. To tackle these issues, we propose a novel privacy-preserving defense method, AntidoteFL, for cloud–edge–end computing, which employs the Cheon–Kim–Kim–Song (CKKS) scheme as the foundation for privacy protection. Specifically, we first introduce a Secure Differential Enhancement Mapping (SDEM) method that integrate Principal Component Analysis (PCA) and cosine similarity. It effectively distinguishes between benign and malicious model updates while preserving privacy. Then, we design a weight optimization mechanism with a piecewise continuous function to address the challenges of Non-IID data. Additionally, we propose a novel dynamic key mechanism that mitigates the risk of key leakage by randomizing the edge servers with decryption rights. Experiments on three benchmark datasets show that AntidoteFL effectively defends against various poisoning attacks in both IID and Non-IID scenarios, outperforming existing schemes.
Metrics
1 Record Views
Details
- Title
- AntidoteFL: Enhancing defense against poisoning attacks in federated learning
- Creators
- Yilong Liu - Hebei UniversityHong Zhang - Hebei UniversityMiao Wang - Hebei UniversityQiqi Xie - Hebei UniversityZhibo Sun - Drexel University
- Publication Details
- Computer networks (Amsterdam, Netherlands : 1999), Vol.269, 111427
- Publisher
- Elsevier
- Number of pages
- 16
- Grant note
- Natural Science Foundation of Hebei Province of China: F2019201361 Innovation Capacity Enhancement Program-Science and Technology Platform Project of Hebei Province: 22567638H
This work was supported in part by the Natural Science Foundation of Hebei Province of China under Grant No. F2019201361, by the Innovation Capacity Enhancement Program-Science and Technology Platform Project of Hebei Province under Grant 22567638H.
- Resource Type
- Journal article
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Web of Science ID
- WOS:001512739700001
- Scopus ID
- 2-s2.0-105007993596
- Other Identifier
- 991022059817704721