Federated Learning (FL) enables collaborative model training across distributed devices while preserving local data privacy, making it ideal for mobile and embedded systems. However, the decentralized nature of FL also opens vulnerabilities to model poisoning attacks, particularly backdoor attacks, where adversaries implant trigger patterns to manipulate model predictions. In this paper, we propose DeTrigger, a scalable and efficient backdoor-robust federated learning framework that leverages insights from adversarial attack methodologies. By employing gradient analysis with temperature scaling, DeTrigger detects and isolates backdoor triggers, allowing for precise model weight pruning of backdoor activations without sacrificing benign model knowledge. Extensive evaluations across four widely used datasets demonstrate that DeTrigger achieves up to 251x faster detection than traditional methods and mitigates backdoor attacks by up to 98.9%, with minimal impact on global model accuracy. Our findings establish DeTrigger as a robust and scalable solution to protect federated learning environments against sophisticated backdoor threats.

翻译：联邦学习（Federated Learning, FL）能够在分布式设备上进行协作式模型训练，同时保护本地数据隐私，因此非常适用于移动和嵌入式系统。然而，FL的去中心化特性也使其易受模型投毒攻击，特别是后门攻击，即攻击者植入触发模式以操纵模型预测。本文提出DeTrigger，一个可扩展且高效的后门鲁棒联邦学习框架，其借鉴了对抗攻击方法论的洞见。通过采用结合温度缩放的梯度分析，DeTrigger能够检测并隔离后门触发器，从而实现对后门激活的精确模型权重剪枝，且不牺牲良性模型知识。在四个广泛使用的数据集上进行的大量评估表明，DeTrigger的检测速度比传统方法快达251倍，并能缓解高达98.9%的后门攻击，同时对全局模型精度的影响极小。我们的研究结果确立了DeTrigger作为一种鲁棒且可扩展的解决方案，能够有效保护联邦学习环境免受复杂的后门威胁。