Saved in:
Bibliographic Details
Main Authors: Liu, Tao, Lv, Jiguang, Man, Dapeng, Xi, Weiye, Li, Yaole, Zhao, Feiyu, Wang, Kuiming, Bian, Yingchao, Xu, Chen, Yang, Wu
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2603.23574
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918407413170176
author Liu, Tao
Lv, Jiguang
Man, Dapeng
Xi, Weiye
Li, Yaole
Zhao, Feiyu
Wang, Kuiming
Bian, Yingchao
Xu, Chen
Yang, Wu
author_facet Liu, Tao
Lv, Jiguang
Man, Dapeng
Xi, Weiye
Li, Yaole
Zhao, Feiyu
Wang, Kuiming
Bian, Yingchao
Xu, Chen
Yang, Wu
contents Federated Learning (FL), as a popular distributed learning paradigm, has shown outstanding performance in improving computational efficiency and protecting data privacy, and is widely applied in industrial image classification. However, due to its distributed nature, FL is vulnerable to threats from malicious clients, with poisoning attacks being a common threat. A major limitation of existing poisoning attack methods is their difficulty in bypassing model performance tests and defense mechanisms based on model anomaly detection. This often results in the detection and removal of poisoned models, which undermines their practical utility. To ensure both the performance of industrial image classification and attacks, we propose a targeted poisoning attack, PoiCGAN, based on feature-label collaborative perturbation. Our method modifies the inputs of the discriminator and generator in the Conditional Generative Adversarial Network (CGAN) to influence the training process, generating an ideal poison generator. This generator not only produces specific poisoned samples but also automatically performs label flipping. Experiments across various datasets show that our method achieves an attack success rate 83.97% higher than baseline methods, with a less than 8.87% reduction in the main task's accuracy. Moreover, the poisoned samples and malicious models exhibit high stealthiness.
format Preprint
id arxiv_https___arxiv_org_abs_2603_23574
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle PoiCGAN: A Targeted Poisoning Based on Feature-Label Joint Perturbation in Federated Learning
Liu, Tao
Lv, Jiguang
Man, Dapeng
Xi, Weiye
Li, Yaole
Zhao, Feiyu
Wang, Kuiming
Bian, Yingchao
Xu, Chen
Yang, Wu
Machine Learning
Artificial Intelligence
Federated Learning (FL), as a popular distributed learning paradigm, has shown outstanding performance in improving computational efficiency and protecting data privacy, and is widely applied in industrial image classification. However, due to its distributed nature, FL is vulnerable to threats from malicious clients, with poisoning attacks being a common threat. A major limitation of existing poisoning attack methods is their difficulty in bypassing model performance tests and defense mechanisms based on model anomaly detection. This often results in the detection and removal of poisoned models, which undermines their practical utility. To ensure both the performance of industrial image classification and attacks, we propose a targeted poisoning attack, PoiCGAN, based on feature-label collaborative perturbation. Our method modifies the inputs of the discriminator and generator in the Conditional Generative Adversarial Network (CGAN) to influence the training process, generating an ideal poison generator. This generator not only produces specific poisoned samples but also automatically performs label flipping. Experiments across various datasets show that our method achieves an attack success rate 83.97% higher than baseline methods, with a less than 8.87% reduction in the main task's accuracy. Moreover, the poisoned samples and malicious models exhibit high stealthiness.
title PoiCGAN: A Targeted Poisoning Based on Feature-Label Joint Perturbation in Federated Learning
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2603.23574