Federated Learning (FL) is a privacy-preserving distributed machine learning technique that enables individual clients (e.g., user participants, edge devices, or organizations) to train a model on their local data in a secure environment and then share the trained model with an aggregator to build a global model collaboratively. In this work, we propose FedDefender, a defense mechanism against targeted poisoning attacks in FL by leveraging differential testing. Our proposed method fingerprints the neuron activations of clients' models on the same input and uses differential testing to identify a potentially malicious client containing a backdoor. We evaluate FedDefender using MNIST and FashionMNIST datasets with 20 and 30 clients, and our results demonstrate that FedDefender effectively mitigates such attacks, reducing the attack success rate (ASR) to 10\% without deteriorating the global model performance.

翻译：联邦学习（FL）是一种保护隐私的分布式机器学习技术，它使各个客户端（例如用户参与者、边缘设备或组织）能够在安全环境中基于本地数据训练模型，然后与聚合器共享训练后的模型，以协作构建全局模型。本文提出FedDefender——一种利用差分测试在联邦学习中应对定向投毒攻击的防御机制。该方法通过指纹识别客户端模型在同一输入上的神经元激活模式，并利用差分测试检测潜在包含后门的恶意客户端。我们基于MNIST与FashionMNIST数据集，在20个和30个客户端场景下评估了FedDefender，结果表明该机制能有效缓解此类攻击：在不降低全局模型性能的前提下，将攻击成功率（ASR）降至10%。