A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks

Ryan McGaughey; Jesus Martinez-del-Rincon; Ihsen  Alouani

doi:10.1109/CYBER-RCI60769.2024.10939959

A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks

Ryan McGaughey, Jesus Martinez-del-Rincon, Ihsen Alouani

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Federated Learning (FL) allows a number of clients to collaboratively train powerful machine learning models without sharing private data by aggregating updates based on local training from clients in the system. However, malicious nodes can send poisoned updates to compromise the global model trained by the Federated Learning System (FLS). To defend against model/data poisoning attacks, robust aggregation schemes have been created that aim to exclude malicious updates to the global model by removing perceived outliers to the standard distribution of updates. In this paper, we question the assumptions that underline these defences and aim to produce targeted in-distribution attacks against FLS’s that evade robust aggregation schemes. We propose a new loss function used in local training to generate malicious updates within the benign distribution. We systematically evaluate our attacks against a range of state-of-the-art robust aggregation schemes, where we demonstrate how their defences can be circumvented by questioning their out-of-distribution assumptions.

Original language	English
Title of host publication	2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798350390100
ISBN (Print)	9798350390117
DOIs	https://doi.org/10.1109/CYBER-RCI60769.2024.10939959
Publication status	Published - 28 Mar 2025
Event	Cyber RCI 2024: IEEE Cyber Research Conference Ireland 2024 - Duration: 25 Nov 2024 → 25 Nov 2024

Publication series

Name	Cyber Research Conference - Ireland, Cyber-RCI: Proceedings

Conference

Conference	Cyber RCI 2024: IEEE Cyber Research Conference Ireland 2024
Period	25/11/2024 → 25/11/2024

Bibliographical note

Publisher Copyright:
© 2024 IEEE.

Keywords

Artificial Intelligence
Cyber Security
Federated Learning
Machine Learning

ASJC Scopus subject areas

Computer Networks and Communications
Computer Vision and Pattern Recognition
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CYBER-RCI60769.2024.10939959Licence: Unspecified

A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks
Copyright 2024 IEEE. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 300 KBLicence: Unspecified

Cite this

McGaughey, R., Martinez-del-Rincon, J., & Alouani, I. (2025). A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks. In 2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings (Cyber Research Conference - Ireland, Cyber-RCI: Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CYBER-RCI60769.2024.10939959

McGaughey, Ryan ; Martinez-del-Rincon, Jesus ; Alouani, Ihsen . / A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks. 2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings. Institute of Electrical and Electronics Engineers Inc., 2025. (Cyber Research Conference - Ireland, Cyber-RCI: Proceedings).

@inproceedings{cfcf1779a3324490816694964e2786a4,

title = "A wolf in sheep{\textquoteright}s clothing: evading robust aggregation in federated learning through in-distribution attacks",

abstract = "Federated Learning (FL) allows a number of clients to collaboratively train powerful machine learning models without sharing private data by aggregating updates based on local training from clients in the system. However, malicious nodes can send poisoned updates to compromise the global model trained by the Federated Learning System (FLS). To defend against model/data poisoning attacks, robust aggregation schemes have been created that aim to exclude malicious updates to the global model by removing perceived outliers to the standard distribution of updates. In this paper, we question the assumptions that underline these defences and aim to produce targeted in-distribution attacks against FLS{\textquoteright}s that evade robust aggregation schemes. We propose a new loss function used in local training to generate malicious updates within the benign distribution. We systematically evaluate our attacks against a range of state-of-the-art robust aggregation schemes, where we demonstrate how their defences can be circumvented by questioning their out-of-distribution assumptions.",

keywords = "Artificial Intelligence, Cyber Security, Federated Learning, Machine Learning",

author = "Ryan McGaughey and Jesus Martinez-del-Rincon and Ihsen Alouani",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; Cyber RCI 2024: IEEE Cyber Research Conference Ireland 2024 ; Conference date: 25-11-2024 Through 25-11-2024",

year = "2025",

month = mar,

day = "28",

doi = "10.1109/CYBER-RCI60769.2024.10939959",

language = "English",

isbn = "9798350390117",

series = "Cyber Research Conference - Ireland, Cyber-RCI: Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings",

address = "United States",

}

McGaughey, R , Martinez-del-Rincon, J & Alouani, I 2025, A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks. in 2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings. Cyber Research Conference - Ireland, Cyber-RCI: Proceedings, Institute of Electrical and Electronics Engineers Inc., Cyber RCI 2024: IEEE Cyber Research Conference Ireland 2024, 25/11/2024. https://doi.org/10.1109/CYBER-RCI60769.2024.10939959

A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks. / McGaughey, Ryan ; Martinez-del-Rincon, Jesus ; Alouani, Ihsen .
2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings. Institute of Electrical and Electronics Engineers Inc., 2025. (Cyber Research Conference - Ireland, Cyber-RCI: Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks

AU - McGaughey, Ryan

AU - Martinez-del-Rincon, Jesus

AU - Alouani, Ihsen

PY - 2025/3/28

Y1 - 2025/3/28

N2 - Federated Learning (FL) allows a number of clients to collaboratively train powerful machine learning models without sharing private data by aggregating updates based on local training from clients in the system. However, malicious nodes can send poisoned updates to compromise the global model trained by the Federated Learning System (FLS). To defend against model/data poisoning attacks, robust aggregation schemes have been created that aim to exclude malicious updates to the global model by removing perceived outliers to the standard distribution of updates. In this paper, we question the assumptions that underline these defences and aim to produce targeted in-distribution attacks against FLS’s that evade robust aggregation schemes. We propose a new loss function used in local training to generate malicious updates within the benign distribution. We systematically evaluate our attacks against a range of state-of-the-art robust aggregation schemes, where we demonstrate how their defences can be circumvented by questioning their out-of-distribution assumptions.

AB - Federated Learning (FL) allows a number of clients to collaboratively train powerful machine learning models without sharing private data by aggregating updates based on local training from clients in the system. However, malicious nodes can send poisoned updates to compromise the global model trained by the Federated Learning System (FLS). To defend against model/data poisoning attacks, robust aggregation schemes have been created that aim to exclude malicious updates to the global model by removing perceived outliers to the standard distribution of updates. In this paper, we question the assumptions that underline these defences and aim to produce targeted in-distribution attacks against FLS’s that evade robust aggregation schemes. We propose a new loss function used in local training to generate malicious updates within the benign distribution. We systematically evaluate our attacks against a range of state-of-the-art robust aggregation schemes, where we demonstrate how their defences can be circumvented by questioning their out-of-distribution assumptions.

KW - Artificial Intelligence

KW - Cyber Security

KW - Federated Learning

KW - Machine Learning

U2 - 10.1109/CYBER-RCI60769.2024.10939959

DO - 10.1109/CYBER-RCI60769.2024.10939959

M3 - Conference contribution

AN - SCOPUS:105007413103

SN - 9798350390117

T3 - Cyber Research Conference - Ireland, Cyber-RCI: Proceedings

BT - 2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - Cyber RCI 2024: IEEE Cyber Research Conference Ireland 2024

Y2 - 25 November 2024 through 25 November 2024

ER -

McGaughey R , Martinez-del-Rincon J , Alouani I. A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks. In 2024 Cyber Research Conference - Ireland (Cyber-RCI): Proceedings. Institute of Electrical and Electronics Engineers Inc. 2025. (Cyber Research Conference - Ireland, Cyber-RCI: Proceedings). doi: 10.1109/CYBER-RCI60769.2024.10939959

A wolf in sheep’s clothing: evading robust aggregation in federated learning through in-distribution attacks

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this