METHOD FOR DETECTING ANOMALOUS LOCAL UPDATES AND ISOLATING MALICIOUS PARTICIPANTS IN FEDERATED LEARNING SYSTEMS
DOI:
https://doi.org/10.18372/2310-5461.70.21194Keywords:
anomaly detection, machine learning, deep learning, artificial intelligence, cybersecurity, information security, cyberattacks, cyber threats, critical infrastructure, data protection, neural network, distributed learning, edge computing, fog computingAbstract
This paper proposes a method for detecting anomalous local updates and isolating malicious participants in federated learning systems. The method is aimed at improving the resilience of distributed machine learning models to model poisoning attacks and distorted local updates. The proposed approach combines two protection levels: anomaly assessment of local updates based on their deviation from the collective update pattern and isolation of participants that repeatedly demonstrate suspicious behavior. An anomaly score is used to evaluate local updates, while an accumulated anomaly counter is applied to control long-term participant behavior. The paper presents the formalization of the proposed method, describes the adaptive anomaly threshold mechanism, and defines the procedure for forming a trusted participant set for further global model aggregation. An illustrative numerical example is provided to demonstrate the operation of the proposed approach and to show the possibility of detecting anomalous local updates while reducing their influence on the global model. A comparative analysis of the proposed approach with existing aggregation and malicious participant detection methods in federated learning systems is also presented. It is shown that, unlike conventional aggregation schemes, the proposed method provides not only suspicious update filtering but also control of repeated anomalous participant behavior. The proposed approach can be applied in federated learning systems for edge and fog environments, as well as in information systems of critical infrastructure facilities.
References
McMahan B., Moore E., Ramage D., Hampson S., Arcas B. y. A. Communication-Efficient Learning of Deep Networks from Decentralized Data // Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS). 2017. P. 1273–1282. URL: https://proceedings.mlr.press/v54/mcmahan17a.html
Kairouz P. et al. Advances and Open Problems in Federated Learning // Foundations and Trends in Machine Learning. 2021. Vol. 14, No. 1–2. P. 1–210. DOI: 10.1561/2200000083.
Li T., Sahu A. K., Talwalkar A., Smith V. Federated Learning: Challenges, Methods, and Future Directions // IEEE Signal Processing Magazine. 2020. Vol. 37, No. 3. P. 50–60. DOI: 10.1109/MSP.2020.2975749.
Mothukuri V., Parizi R. M., Pouriyeh S., Huang Y., Dehghantanha A., Srivastava G. A Survey on Security and Privacy of Federated Learning // Future Generation Computer Systems. 2021. Vol. 115. P. 619–640. DOI: 10.1016/j.future.2020.10.007.
Cui L., Suh S. C., Tan Y. et al. A Survey on Federated Learning for Cyber Security // IEEE Communications Surveys & Tutorials. 2024. Vol. 26, No. 1. P. 565–596. DOI: 10.1109/COMST.2023.3326741.
Blanchard P., El Mhamdi E. M., Guerraoui R., Stainer J. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent // Advances in Neural Information Processing Systems (NeurIPS). 2017. Vol. 30. URL: https://proceedings.neurips.cc/paper/2017/hash/f4b9ec30ad9f68f89b29639786cb62ef-Abstract.html
Yin D., Chen Y., Kannan R., Bartlett P. Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates // Proceedings of the 35th International Conference on Machine Learning (ICML). 2018. P. 5650–5659. URL: https://proceedings.mlr.press/v80/yin18a.html
El Mhamdi E. M., Guerraoui R., Rouault S. The Hidden Vulnerability of Distributed Learning in Byzantium // Proceedings of the 35th International Conference on Machine Learning (ICML). 2018. P. 3521–3530. URL: https://proceedings.mlr.press/v80/mhamdi18a.html
Fang M., Cao X., Jia J., Gong N. Local Model Poisoning Attacks to Byzantine-Robust Federated Learning // Proceedings of the 29th USENIX Security Symposium. 2020. P. 1605–1622. URL: https://www.usenix.org/conference/usenixsecurity20/presentation/fang
Zhang X., Hong M., Dhople S., Yin W., Liu Y. FedPD: A Federated Learning Framework with Adaptivity to Non-IID Data // IEEE Transactions on Signal Processing. 2021. Vol. 69. P. 6055–6070. DOI: 10.1109/TSP.2021.3115952.
Kudrenko S., Nimych O., Makieiev I. Method for Predicting Node Compromise in Edge and Fog Environments for Critical Infrastructure // Information Protection. 2025. Vol. 27, No. 2. P. 87–95. DOI: 10.18372/2410-7840.27.21183.
Kozlovsky V., Pavlov V., Kozlovska D., Kudrenko S. Development of Chain Models of Irregular Antiradiolocation Coatings // Information Protection. 2025. Vol. 27, No. 2. DOI: 10.18372/2410-7840.27.21176.
Yang Q., Liu Y., Chen T., Tong Y. Federated Machine Learning: Concept and Applications // ACM Transactions on Intelligent Systems and Technology. 2019. Vol. 10, No. 2. P. 1–19. DOI: 10.1145/3298981.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 S Kudrenko
This work is licensed under a Creative Commons Attribution 4.0 International License.
The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
