信息安全研究2026,Vol.12Issue(4):348-358,11.DOI:10.12379/j.issn.2096-1057.2026.04.07
基于自适应高斯混合的联邦学习后门防御方法
Adaptive Gaussian Mixture-based Federated Learning Backdoor Defense Approach
摘要
Abstract
Aiming at the existing federated learning backdoor defense methods,which have the problems of misjudgment of abnormal client detection and are difficult to take into account the privacy protection of the client,we propose a federated learning backdoor defense approach based on adaptive Gaussian mixture model FedAGMM,which introduces Gaussian mixture model clustering at the server side,models the probability of gradient update of the client,and combines with the Bayesian information criterion to adaptively select the optimal number of clusters adaptively,so that the malicious model update is identified more accurately.Constructing a dynamic noise injection mechanism based on risk perception,adaptively adjusting the Gaussian noise intensity according to the client's risk level.This approach minimizes interference to normal clients while safeguarding privacy.Comparison experimental results with the latest defense methods show that in the face of three kinds of backdoor attacks,PGD,PGD-EDGE,and MR,the success rate of the attack is reduced by 5.80,3.27,and 1.00 percentage points,respectively,without decreasing the accuracy of the main task,and the theoretical analysis proves that FedAGMM meets the requirements of privacy protection while reducing overall noise injection,and significantly improves the detection accuracy and privacy security.关键词
联邦学习/后门防御/高斯混合模型/差分隐私/贝叶斯信息准则Key words
federated learning/backdoor defense/Gaussian mixture model/differential privacy/Bayesian information criterion分类
信息技术与安全科学引用本文复制引用
辛禹池,阎红灿,谷建涛,王欣雨,郭懿萱..基于自适应高斯混合的联邦学习后门防御方法[J].信息安全研究,2026,12(4):348-358,11.基金项目
河北省高等教育教学改革研究与实践项目(2023GJJG226) (2023GJJG226)
河北省社会科学基金项目(HB24GL059) (HB24GL059)
华北理工大学医工融合科研重点项目(ZD-YG-202316) (ZD-YG-202316)
