Federated learning (FL) enables distributed model training across edge devices while preserving data locality. This decentralized approach has emerged as a promising solution for collaborative learning on sensitive user data, effectively addressing the longstanding privacy concerns inherent in centralized systems. However, the decentralized nature of FL exposes new security vulnerabilities, especially backdoor attacks that threaten model integrity. To investigate this critical concern, this paper presents the Layer Smoothing Attack (LSA), a novel backdoor attack that exploits layer-specific vulnerabilities in neural networks. First, a Layer Substitution Analysis methodology systematically identifies backdoor-critical (BC) layers that contribute most significantly to backdoor success. Subsequently, LSA strategically manipulates these BC layers to inject persistent backdoors while remaining undetected by state-of-the-art defense mechanisms. Extensive experiments across diverse model architectures and datasets demonstrate that LSA achieves a remarkably backdoor success rate of up to 97% while maintaining high model accuracy on the primary task, consistently bypassing modern FL defenses. These findings uncover fundamental vulnerabilities in current FL security frameworks, demonstrating that future defenses must incorporate layer-aware detection and mitigation strategies.
翻译:联邦学习(FL)能够在保持数据本地性的同时,在边缘设备间进行分布式模型训练。这种去中心化方法已成为在敏感用户数据上进行协作学习的一种有前景的解决方案,有效解决了集中式系统固有的长期隐私问题。然而,FL的去中心化特性也暴露了新的安全漏洞,尤其是威胁模型完整性的后门攻击。为研究这一关键问题,本文提出了层平滑攻击(LSA),这是一种利用神经网络中层特异性漏洞的新型后门攻击。首先,通过层替换分析方法,系统地识别出对后门成功贡献最大的后门关键(BC)层。随后,LSA策略性地操纵这些BC层以注入持久后门,同时能够规避最先进的防御机制的检测。在不同模型架构和数据集上进行的大量实验表明,LSA实现了高达97%的惊人后门成功率,同时在主要任务上保持高模型精度,并能持续绕过现代FL防御。这些发现揭示了当前FL安全框架中的根本性漏洞,表明未来的防御策略必须纳入层感知的检测与缓解机制。