Privacy-Preserving Federated Learning Scheme With Mitigating Model Poisoning Attacks: Vulnerabilities and Countermeasures
Summary
Federated learning schemes (systems where multiple parties train AI models together while keeping data private) that use two servers for privacy protection were found to leak user data when facing model poisoning attacks (where malicious users deliberately corrupt the learning process). The researchers propose an enhanced framework called PBFL that uses Byzantine-robust aggregation (a method to safely combine data from untrusted sources), normalization checks, similarity measurements, and trapdoor fully homomorphic encryption (a technique for doing calculations on encrypted data without decrypting it) to protect privacy while defending against poisoning attacks.
Solution / Mitigation
The authors propose an enhanced privacy-preserving and Byzantine-robust federated learning (PBFL) framework that addresses the vulnerability. Key components include: a novel Byzantine-tolerant aggregation strategy with normalization judgment, cosine similarity computation, and adaptive user weighting; a dual-scoring trust mechanism and outlier suppression for detecting stealthy attacks; and two privacy-preserving subroutines (secure normalization judgment and secure cosine similarity measurement) that operate over encrypted gradients using a trapdoor fully homomorphic encryption scheme. According to theoretical analyses and experiments, this scheme guarantees security, convergence, and efficiency even with malicious users and one malicious server.
Classification
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: http://ieeexplore.ieee.org/document/11190009
First tracked: February 12, 2026 at 02:22 PM
Classified by LLM (prompt v3) · confidence: 92%