Edge-Assisted Label-Flipping Attack Detection in Federated Learning

Abstract

Federated Learning (FL) has transformed machine learning by facilitating decentralized, privacy-focused data processing. Despite its advantages, FL remains vulnerable to data poisoning attacks, particularly Label-Flipping Attacks (LFA). In LFA, malicious clients deliberately mislabel local data, causing the global model to misclassify certain classes, thus undermining its integrity. Although centralized detection methods have been explored, there is a notable gap in addressing LFA within the decentralized Client-Edge-Cloud architecture, which is crucial for FL systems. This study introduces an innovative edge-assisted framework for early detection of LFA, crucial for real-time applications. To our knowledge, this is the first study to propose such an edge-assisted LFA detection mechanism. Through detailed conceptual and empirical analyses of LFA behavior, we identified a key characteristic: class-wise accuracy, particularly recall for specific classes, decreases due to label flipping, significantly increases the delta discrepancy with the edge model. Our method remains effective across varying numbers of malicious clients and model sizes, without requiring prior knowledge about the malicious clients. We developed two mitigation strategies: (1) the Zero Tolerance approach, which excludes entire client updates upon detecting adversarial behavior, and (2) the Zero Masking approach, which zeros out gradients for the flipped class while preserving others. This method leverages the direct influence of final layer gradients on class predictions. Extensive evaluation using three benchmark datasets shows that the proposed edge-assisted LFA detection framework outperforms traditional cloud-based methods. We demonstrate its superiority in latency, resource efficiency, and accuracy in detecting malicious clients, outperforming state-of-the-art defenses.