Skip to main navigation Skip to search Skip to main content

Dual Gradient Evaluation-Based Defense Method Against Poisoning Attacks in Federated Learning

  • Zhuangzhuang Zhang
  • , Xinhai Yan
  • , Libing Wu*
  • , Bingyi Liu
  • , Enshu Wang
  • , Jianping Wang*
    • *Corresponding author for this work

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

Abstract

Federated learning (FL), as an emerging distributed machine learning paradigm, aims to achieve collaborative training of a global model without sharing clients' local data, thereby addressing user privacy and data silo issues. However, due to the distributed architecture of FL and the invisibility of local training, it is highly susceptible to poisoning attacks. While numerous poisoning defense methods have been proposed, they often suffer from limited defense effectiveness and overly strong security assumptions. To address this problem, we propose FedTPD, a dual gradient evaluation-based defense method against poisoning attacks in FL. Specifically, we first design an adaptive representative gradient selection mechanism, which involves adaptively clustering local gradients and selecting representative gradients from different clusters. Secondly, we propose a client-assisted model evaluation mechanism, wherein a reliable client is selected as an evaluator to assess the representative gradients from various clusters. Finally, we develop a bias-corrected model aggregation mechanism that aggregates the local gradients of each cluster based on the trust scores of their representative gradients, thereby reducing the impact of poisoning attacks on the global model. Experimental results on three typical datasets demonstrate that the proposed FedTPD can effectively resist various poisoning attacks. In particular, compared with state-of-the-art methods, the global model's maximum and average accuracies on the CIFAR-10 and CIFAR-100 datasets are improved by 2.79%-28.15% and 0.79%-31.34%, and 3.48%-22.18% and 2.56%-22.06%, respectively. © 2025 IEEE.
Original languageEnglish
Title of host publicationProceedings - 2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2025
Place of PublicationLos Alamitos, Calif.
PublisherIEEE
Pages86-94
Number of pages9
ISBN (Electronic)979-8-3315-6532-9
ISBN (Print)979-8-3315-6533-6
DOIs
Publication statusPublished - Nov 2025
Event24th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2025) - Guiyang, China
Duration: 14 Nov 202517 Nov 2025

Publication series

NameProceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom
ISSN (Print)2324-898X
ISSN (Electronic)2324-9013

Conference

Conference24th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2025)
PlaceChina
CityGuiyang
Period14/11/2517/11/25

Funding

The work is supported by a project from Hong Kong Research Grant Council under RIF R1012-21, the National Natural Science Foundation of China under Grants 62441237 and U24A20336, the Key Research and Development Program of Wuhan under Grant 2024050702030090, and Wuhan Science and Technology Joint Project for Building a Strong Transportation Country under Grant 2023-2-7.

Research Keywords

  • Federated learning
  • gradient selection
  • model aggregation
  • model evaluation
  • poisoning attacks

RGC Funding Information

  • RGC-funded

Access Output

Other Access Options

Check CityUHK Library

Permanent Link

Other Files and Links

Fingerprint

Dive into the research topics of 'Dual Gradient Evaluation-Based Defense Method Against Poisoning Attacks in Federated Learning'. Together they form a unique fingerprint.
View full fingerprint

Cite this