A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning

Xiang WU; Aiting YAO; Shantanu PAL; Frank JIANG; Xuejun LI; Jia XU; Chengzu DONG; Xuefei CHEN; Xiuyi ZHANG; Xiao LIU

doi:10.1007/978-981-96-1525-4_14

A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning

Xiang WU, Aiting YAO, Shantanu PAL, Frank JIANG, Xuejun LI^*, Jia XU, Chengzu DONG, Xuefei CHEN, Xiuyi ZHANG, Xiao LIU

^*Corresponding author for this work

School of Data Science

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

Abstract

With the rapid expansion of Artificial Intelligence (AI) services, smart devices generate a large amount of user data at the edge network, which urgently needs to be protected while effectively extracting information. Federated learning (FL) is an important technology for handling dispersed data and strict privacy requirements in this context. However, the security threats caused by model inversion attacks and poisoning attacks can affect the mutual trust between the client and server. Yet, for these two types of attacks, the existing defense mechanisms are contradictory in terms of whether the model parameters are publicly disclosed. In addition, the data distribution of the clients is imbalanced which will increase the bias of model, reducing its practicality. To address this issue, this study proposes a dual defense self-balanced federated learning (DDSFL) framework, aiming to introduce a novel lightweight defense mechanism during the model parameter aggregation stage, combating these two types of attacks simultaneously by applying differential privacy and adjusting learning rates. In addition, this method also integrates a middleware-based reordering algorithm to enhance the robustness of the framework. Experimental results show that DDSFL effectively improves the ability to resist imbalanced data, forged data, and malicious behavior, significantly enhancing the generalization performance and security of the FL system.

Original language	English
Title of host publication	Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I
Editors	Tianqing ZHU, Jin LI, Aniello CASTIGLIONE
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	261-270
Number of pages	10
ISBN (Print)	9789819615247
DOIs	https://doi.org/10.1007/978-981-96-1525-4_14
Publication status	Published - 2025
Event	24th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2024 - Macau, China Duration: 29 Oct 2024 → 31 Oct 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15251 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Name	International Conference on Algorithms and Architectures for Parallel Processing
Publisher	Springer
Volume	ICA3PP 2024

Conference

Conference	24th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2024
Country/Territory	China
City	Macau
Period	29/10/24 → 31/10/24

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

Funding

This work was supported by the National Natural Science Foundation of China Project (No. 62372004).

Keywords

Differential Privacy
Edge Network
Federated Learning
Model Inversion Attacks
Model Poisoning Attacks

Access to Document

10.1007/978-981-96-1525-4_14

Cite this

WU, X., YAO, A., PAL, S., JIANG, F., LI, X., XU, J., DONG, C., CHEN, X., ZHANG, X., & LIU, X. (2025). A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning. In T. ZHU, J. LI, & A. CASTIGLIONE (Eds.), Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I (pp. 261-270). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15251 LNCS), (International Conference on Algorithms and Architectures for Parallel Processing; Vol. ICA3PP 2024). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-96-1525-4_14

WU, Xiang ; YAO, Aiting ; PAL, Shantanu et al. / A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning. Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I. editor / Tianqing ZHU ; Jin LI ; Aniello CASTIGLIONE. Springer Science and Business Media Deutschland GmbH, 2025. pp. 261-270 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). (International Conference on Algorithms and Architectures for Parallel Processing).

@inproceedings{544f8ad8139d4c4e9e5285d3cbca5e77,

title = "A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning",

abstract = "With the rapid expansion of Artificial Intelligence (AI) services, smart devices generate a large amount of user data at the edge network, which urgently needs to be protected while effectively extracting information. Federated learning (FL) is an important technology for handling dispersed data and strict privacy requirements in this context. However, the security threats caused by model inversion attacks and poisoning attacks can affect the mutual trust between the client and server. Yet, for these two types of attacks, the existing defense mechanisms are contradictory in terms of whether the model parameters are publicly disclosed. In addition, the data distribution of the clients is imbalanced which will increase the bias of model, reducing its practicality. To address this issue, this study proposes a dual defense self-balanced federated learning (DDSFL) framework, aiming to introduce a novel lightweight defense mechanism during the model parameter aggregation stage, combating these two types of attacks simultaneously by applying differential privacy and adjusting learning rates. In addition, this method also integrates a middleware-based reordering algorithm to enhance the robustness of the framework. Experimental results show that DDSFL effectively improves the ability to resist imbalanced data, forged data, and malicious behavior, significantly enhancing the generalization performance and security of the FL system.",

keywords = "Differential Privacy, Edge Network, Federated Learning, Model Inversion Attacks, Model Poisoning Attacks",

author = "Xiang WU and Aiting YAO and Shantanu PAL and Frank JIANG and Xuejun LI and Jia XU and Chengzu DONG and Xuefei CHEN and Xiuyi ZHANG and Xiao LIU",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.; 24th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2024 ; Conference date: 29-10-2024 Through 31-10-2024",

year = "2025",

doi = "10.1007/978-981-96-1525-4_14",

language = "English",

isbn = "9789819615247",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "261--270",

editor = "Tianqing ZHU and Jin LI and Aniello CASTIGLIONE",

booktitle = "Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I",

address = "Germany",

}

WU, X, YAO, A, PAL, S, JIANG, F, LI, X, XU, J, DONG, C, CHEN, X, ZHANG, X & LIU, X 2025, A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning. in T ZHU, J LI & A CASTIGLIONE (eds), Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15251 LNCS, International Conference on Algorithms and Architectures for Parallel Processing, vol. ICA3PP 2024, Springer Science and Business Media Deutschland GmbH, pp. 261-270, 24th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2024, Macau, China, 29/10/24. https://doi.org/10.1007/978-981-96-1525-4_14

A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning. / WU, Xiang; YAO, Aiting; PAL, Shantanu et al.
Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I. ed. / Tianqing ZHU; Jin LI; Aniello CASTIGLIONE. Springer Science and Business Media Deutschland GmbH, 2025. p. 261-270 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15251 LNCS), (International Conference on Algorithms and Architectures for Parallel Processing; Vol. ICA3PP 2024).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

TY - GEN

T1 - A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning

AU - WU, Xiang

AU - YAO, Aiting

AU - PAL, Shantanu

AU - JIANG, Frank

AU - LI, Xuejun

AU - XU, Jia

AU - DONG, Chengzu

AU - CHEN, Xuefei

AU - ZHANG, Xiuyi

AU - LIU, Xiao

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

PY - 2025

Y1 - 2025

N2 - With the rapid expansion of Artificial Intelligence (AI) services, smart devices generate a large amount of user data at the edge network, which urgently needs to be protected while effectively extracting information. Federated learning (FL) is an important technology for handling dispersed data and strict privacy requirements in this context. However, the security threats caused by model inversion attacks and poisoning attacks can affect the mutual trust between the client and server. Yet, for these two types of attacks, the existing defense mechanisms are contradictory in terms of whether the model parameters are publicly disclosed. In addition, the data distribution of the clients is imbalanced which will increase the bias of model, reducing its practicality. To address this issue, this study proposes a dual defense self-balanced federated learning (DDSFL) framework, aiming to introduce a novel lightweight defense mechanism during the model parameter aggregation stage, combating these two types of attacks simultaneously by applying differential privacy and adjusting learning rates. In addition, this method also integrates a middleware-based reordering algorithm to enhance the robustness of the framework. Experimental results show that DDSFL effectively improves the ability to resist imbalanced data, forged data, and malicious behavior, significantly enhancing the generalization performance and security of the FL system.

AB - With the rapid expansion of Artificial Intelligence (AI) services, smart devices generate a large amount of user data at the edge network, which urgently needs to be protected while effectively extracting information. Federated learning (FL) is an important technology for handling dispersed data and strict privacy requirements in this context. However, the security threats caused by model inversion attacks and poisoning attacks can affect the mutual trust between the client and server. Yet, for these two types of attacks, the existing defense mechanisms are contradictory in terms of whether the model parameters are publicly disclosed. In addition, the data distribution of the clients is imbalanced which will increase the bias of model, reducing its practicality. To address this issue, this study proposes a dual defense self-balanced federated learning (DDSFL) framework, aiming to introduce a novel lightweight defense mechanism during the model parameter aggregation stage, combating these two types of attacks simultaneously by applying differential privacy and adjusting learning rates. In addition, this method also integrates a middleware-based reordering algorithm to enhance the robustness of the framework. Experimental results show that DDSFL effectively improves the ability to resist imbalanced data, forged data, and malicious behavior, significantly enhancing the generalization performance and security of the FL system.

KW - Differential Privacy

KW - Edge Network

KW - Federated Learning

KW - Model Inversion Attacks

KW - Model Poisoning Attacks

UR - http://www.scopus.com/inward/record.url?scp=85218965873&partnerID=8YFLogxK

U2 - 10.1007/978-981-96-1525-4_14

DO - 10.1007/978-981-96-1525-4_14

M3 - Conference paper (refereed)

AN - SCOPUS:85218965873

SN - 9789819615247

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 261

EP - 270

BT - Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I

A2 - ZHU, Tianqing

A2 - LI, Jin

A2 - CASTIGLIONE, Aniello

PB - Springer Science and Business Media Deutschland GmbH

T2 - 24th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2024

Y2 - 29 October 2024 through 31 October 2024

ER -

WU X, YAO A, PAL S, JIANG F, LI X, XU J et al. A Dual-Defense Self-balancing Framework Against Bilateral Model Attacks in Federated Learning. In ZHU T, LI J, CASTIGLIONE A, editors, Algorithms and Architectures for Parallel Processing: 24th International Conference, ICA3PP 2024, Proceedings, Part I. Springer Science and Business Media Deutschland GmbH. 2025. p. 261-270. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). (International Conference on Algorithms and Architectures for Parallel Processing). Epub 2025 Feb 17. doi: 10.1007/978-981-96-1525-4_14