Federated Learning (FL) is witnessing wider adoption due to its ability to benefit from large amounts of scattered data while preserving privacy. However, despite its advantages, federated learning suffers from several setbacks that directly impact the accuracy, and the integrity of the global model it produces. One of these setbacks is the presence of malicious clients who actively try to harm the global model by injecting backdoor data into their local models while trying to evade detection. The objective of such clients is to trick the global model into making false predictions during inference, thereby compromising the integrity and trustworthiness of the global model on which honest stakeholders rely. To mitigate such mischievous behavior, we propose FedBBA (Federated Backdoor and Behavior Analysis). The proposed model aims to dampen the effect of such clients on the final accuracy, creating more resilient federated learning environments. We engineer our approach through the combination of (1) a reputation system to evaluate and track client behavior, (2) an incentive mechanism to reward honest participation and penalize malicious behavior, and (3) game theoretical models with projection pursuit analysis (PPA) to dynamically identify and minimize the impact of malicious clients on the global model. Extensive simulations on the German Traffic Sign Recognition Benchmark (GTSRB) and Belgium Traffic Sign Classification (BTSC) datasets demonstrate that FedBBA reduces the backdoor attack success rate to approximately 1.1%--11% across various attack scenarios, significantly outperforming state-of-the-art defenses like RDFL and RoPE, which yielded attack success rates between 23% and 76%, while maintaining high normal task accuracy (~95%--98%).

翻译：联邦学习凭借其能够从大量分散数据中获益同时保护隐私的能力，正获得更广泛的应用。然而，尽管优势明显，联邦学习仍存在若干直接影响其生成的全局模型准确性与完整性的问题。其中一个问题是存在恶意客户端，这些客户端试图通过将后门数据注入本地模型并规避检测，主动损害全局模型。此类客户端的目的是在推理阶段诱使全局模型做出错误预测，从而破坏诚实利益相关方所依赖的全局模型的完整性与可信度。为缓解此类恶意行为，我们提出了FedBBA（联邦后门与行为分析）。该模型旨在削弱此类客户端对最终准确性的影响，从而构建更具韧性的联邦学习环境。我们通过以下方法的组合来设计我们的方案：（1）用于评估和追踪客户端行为的信誉系统，（2）用于奖励诚实参与并惩罚恶意行为的激励机制，以及（3）结合投影追踪分析（PPA）的博弈论模型，以动态识别并最小化恶意客户端对全局模型的影响。在德国交通标志识别基准（GTSRB）和比利时交通标志分类（BTSC）数据集上的广泛模拟表明，FedBBA在各种攻击场景下将后门攻击成功率降低至约1.1%-11%，显著优于RDFL和RoPE等最先进防御方法（其攻击成功率为23%-76%），同时保持了较高的正常任务准确率（约95%-98%）。