作者：Yingying Chen, Lei Shi, Hao Xu, Junyu Ye, Juan Xu

发表刊物：WASA 2024

年份：June 2024

摘要：Clustered Federated Learning (CFL), as a type of Federated Learning (FL) paradigm, divides the clients into multiple clusters through the clustering process and trains them within the clusters, thus improving the overall model training accuracy. But the clustering process is also the weak link, which can lead to the failure of the whole model training if it is interfered or destroyed by the attacker. In this paper, we study the attack methods and defense strategies for attackers to implement data poisoning by tampering with client data, resulting in overall clustering failure. Our defense approach is designed to identify anomalous clients and recover their poisoned data. In order to resist the malicious behavior of attackers, we propose a dual-threshold pixel difference and watermark authentication defense method for detecting the presence of anomalous clients. The method can accurately identify the abnormal fluctuations in the data and effectively screen out the abnormal clients. Meanwhile, we propose a self-embedding watermarking defense algorithm based on shuffling idea for recovering poisoned data. Among them, our self-embedding watermarking algorithm not only accurately locates and recovers the tampered region of the image, but also improves the watermark security to prevent attackers from cracking it easily. Simulation results show that our proposed algorithm can accurately identify the abnormal client and recover the data. Even if the client’s data is massively tampered with, we can recover the tampered data images with high quality and ensure that the CFL clustering is not corrupted.参考文献拷贝字段：Yingying Chen, Lei Shi, Hao Xu, Junyu Ye, Juan Xu. A Method for Abnormal Detection and Poisoned Data Recovery in Clustered Federated Learning[C]. The 18th International Conference on Wireless Algorithms, Systems, and Applications (WASA), Qingdao, China, June 21-23, 2024: 37-49