pFedDDS: Personalized Federated Learning via Dual Defense Strategies
摘要
Federated learning (FL) addresses data silos and privacy but faces challenges like data heterogeneity and poisoning attacks from malicious clients. We propose a dual defense strategy within personalized federated learning to address these challenges in the following ways: 1) Employing a dynamic model fusion approach during client-side local training to effectively mitigate statistical heterogeneity; 2) Introducing a gradient normalization mechanism based on logarithmic transformation to suppress malicious perturbations by compressing gradient amplitude ranges; 3) Utilizing a dual time-scale credit evaluation model to accurately assess evolving client trustworthiness by integrating real-time responsiveness with historical decay; 4) Implementing a robust aggregation strategy combining adaptive weight allocation and gradient correction to exclude anomalous updates and preserve model convergence simultaneously. Experimental results demonstrate that, in the IID data scenario, the proposed method achieves a 1.06% improvement in model accuracy compared to the suboptimal method and reduces the attack success rate (ASR) to 0.43%. In the non-IID scenario, attack detection accuracy is improved by 23.08% to 35.19%, with the false positive rate in the range of 0.82% to 1.36%. The experimental results indicate that the proposed method can effectively address the challenges posed by data heterogeneity and detect and mitigate poisoning attacks compared to the baseline method.