作者：Hailong Tang, Lei Shi, Yingfei Zhu, Cheng Gu, Juan Xu

发表刊物：WASA 2025

年份：June 2025

摘要：Clustered Federated Learning (CFL) is a paradigm of Federated Learning (FL) that enhances model training accuracy and efficiency by clustering clients with similar characteristics and training models within each cluster. However, the structural characteristics of CFL make it more susceptible to backdoor attacks, where the attacker embeds a malicious trigger in clean data and modifies the label to the target label, resulting in malicious outputs when the trigger is activated. To address this threat, this paper proposes a defense method combining trigger inversion and data augmentation. First, we conduct a comparative analysis of the impact of backdoor attacks in FL and CFL, revealing that CFL is more susceptible to such attacks. Then, based on this analysis, the proposed defense method employs reverse engineering on the model compromised by a backdoor attack to detect trigger patterns and generate a potential trigger. This trigger is then applied to augment client data, neutralizing the effects of the malicious trigger. Experimental results demonstrate that the proposed defense method can reduce the attack success rate to nearly zero while maintaining high model accuracy, showcasing its robustness in defending against backdoor attacks.

参考文献拷贝字段：Hailong Tang, Lei Shi, Yingfei Zhu, Cheng Gu, Juan Xu. The Defense Against Backdoor Attacks Using Trigger Inversion and Data Augmentation in Clustered Federated Learning [C]. The 19th International Conference on Wireless Artificial Intelligent Computing Systems and Applications (WASA), Tokyo, Japan, June 24-26, 2025: 331-343