Saved in:
Bibliographic Details
Main Authors: Pan, Huazi, Zhang, Yanjun, Zhang, Leo Yu, Adams, Scott, Kouzani, Abbas, Khoo, Suiyang
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.16403
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912400563765248
author Pan, Huazi
Zhang, Yanjun
Zhang, Leo Yu
Adams, Scott
Kouzani, Abbas
Khoo, Suiyang
author_facet Pan, Huazi
Zhang, Yanjun
Zhang, Leo Yu
Adams, Scott
Kouzani, Abbas
Khoo, Suiyang
contents Manipulation of local training data and local updates, i.e., the poisoning attack, is the main threat arising from the collaborative nature of the federated learning (FL) paradigm. Most existing poisoning attacks aim to manipulate local data/models in a way that causes denial-of-service (DoS) issues. In this paper, we introduce a novel attack method, named Federated Learning Sliding Attack (FedSA) scheme, aiming at precisely introducing the extent of poisoning in a subtle controlled manner. It operates with a predefined objective, such as reducing global model's prediction accuracy by 10%. FedSA integrates robust nonlinear control-Sliding Mode Control (SMC) theory with model poisoning attacks. It can manipulate the updates from malicious clients to drive the global model towards a compromised state, achieving this at a controlled and inconspicuous rate. Additionally, leveraging the robust control properties of FedSA allows precise control over the convergence bounds, enabling the attacker to set the global accuracy of the poisoned model to any desired level. Experimental results demonstrate that FedSA can accurately achieve a predefined global accuracy with fewer malicious clients while maintaining a high level of stealth and adjustable learning rates.
format Preprint
id arxiv_https___arxiv_org_abs_2505_16403
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Performance Guaranteed Poisoning Attacks in Federated Learning: A Sliding Mode Approach
Pan, Huazi
Zhang, Yanjun
Zhang, Leo Yu
Adams, Scott
Kouzani, Abbas
Khoo, Suiyang
Machine Learning
Systems and Control
Manipulation of local training data and local updates, i.e., the poisoning attack, is the main threat arising from the collaborative nature of the federated learning (FL) paradigm. Most existing poisoning attacks aim to manipulate local data/models in a way that causes denial-of-service (DoS) issues. In this paper, we introduce a novel attack method, named Federated Learning Sliding Attack (FedSA) scheme, aiming at precisely introducing the extent of poisoning in a subtle controlled manner. It operates with a predefined objective, such as reducing global model's prediction accuracy by 10%. FedSA integrates robust nonlinear control-Sliding Mode Control (SMC) theory with model poisoning attacks. It can manipulate the updates from malicious clients to drive the global model towards a compromised state, achieving this at a controlled and inconspicuous rate. Additionally, leveraging the robust control properties of FedSA allows precise control over the convergence bounds, enabling the attacker to set the global accuracy of the poisoned model to any desired level. Experimental results demonstrate that FedSA can accurately achieve a predefined global accuracy with fewer malicious clients while maintaining a high level of stealth and adjustable learning rates.
title Performance Guaranteed Poisoning Attacks in Federated Learning: A Sliding Mode Approach
topic Machine Learning
Systems and Control
url https://arxiv.org/abs/2505.16403