Secure Federated Learning against Model Poisoning Attacks via Client Filtering. (arXiv:2304.00160v1 [cs.CR])

Given the distributed nature, detecting and defending against the backdoor
attack under federated learning (FL) systems is challenging. In this paper, we
observe that the cosine similarity of the last layer's weight between the
global model and each local update could be used effectively as an indicator of
malicious model updates. Therefore, we propose CosDefense, a
cosine-similarity-based attacker detection algorithm. Specifically, under
CosDefense, the server calculates the cosine similarity score of the last
layer's weight between the global model and …

algorithm attack attacks backdoor client clients detection distributed effectively federated learning global local malicious nature poisoning score server similarity systems under update updates