联邦学习中的模型中毒攻击防御策略综述
Survey of Model Poisoning Attack Defense Strategies in Federated Learning
摘要
Abstract
Model poisoning attack is a serious threat in federated learning.In model poisoning attacks,malicious attackers inject malicious information into training data or model updates,thereby interfering with the normal convergence of the global model until their prediction results are manipulated.The concealment and diversity of model poisoning attacks make defense extremely difficult,so it has attracted extensive attention from researchers.The principle of model poisoning attack is analyzed,and the internal mechanism of how attackers destroy the performance of the global model by tampering with local training data or forging model parameters is analyzed.On this basis,this paper systematically divides the existing defense strategies into three categories:defense strategies based on malicious model analysis,which mainly identify potential malicious behaviors through model update similarity comparison and quality assessment techniques.The core of the defense strategy based on model update robust aggregation is to significantly reduce the impact of attacks by removing extreme values or automatically weighting innovations.The defense strategy based on model update encryption aggregation creatively combines the frontier technologies of differential privacy and homomorphic encryption,which greatly improves the robustness of the model while ensuring data privacy security.The advantages and disadvantages and application scenarios are analyzed and explained.The privacy protection problems and specific solutions of model poisoning attacks are analyzed in detail,and the future development direction is proposed from the perspectives of attack and defense.关键词
联邦学习/模型中毒攻击/鲁棒聚合/差分隐私/同态加密/模型更新Key words
federated learning/model poisoning attack/robust aggregation/differential privacy/homomorphic encryption/model updating分类
信息技术与安全科学引用本文复制引用
张磊,姜鸽,蒲冰倩,常亮..联邦学习中的模型中毒攻击防御策略综述[J].计算机科学与探索,2026,20(4):943-964,22.基金项目
黑龙江省自然科学基金联合基金培育项目(PL2024F002) (PL2024F002)
黑龙江省省属高等学校基本科研业务费优秀创新团队建设项目(2022-KYYWF-0654) (2022-KYYWF-0654)
佳木斯大学国家基金培育项目(JMSUGPZR2022-014) (JMSUGPZR2022-014)
佳木斯大学"东极"学术团队项目(DJXSTD202417) (DJXSTD202417)
黑龙江省省属本科高校优秀青年教师基础研究支持计划(YQJH2024239) (YQJH2024239)
黑龙江省教育厅基础研究基金基础研究项目(2023-KYYWF-0580).This work was supported by the Cultivation Project of Joint Natural Science Foundation of Heilongjiang Province(PL2024F002),the Excellent Innovation Team Construction Project of Basic Scientific Research Business Fees for Provincial Colleges and Universities in Heilongjiang Province(2022-KYYWF-0654),the National Foundation Cultivation Project of Jiamusi University(JMSUGPZR2022-014),the"Polar East"Academic Team Project of Jiamusi University(DJXSTD202417),the Heilongjiang Provincial Outstanding Young Faculty Basic Research Support Program for Provincial Universities(YQJH2024239),and the Heilongjiang Provincial Basic Scientific Research Foundation Project(2023-KYYWF-0580). (2023-KYYWF-0580)
