TY - GEN
T1 - Deception-Based Defense Against Model Poisoning Attacks in Federated Learning Using Generative Adversarial Network (GAN)
AU - Masse, Grace Colette Tessa
AU - Benslimane, Abderrahim
AU - Tchendji, Vianney Kengne
AU - Hemida, Ahmed H.Anwar
AU - Su, Zhou
AU - Han, Shuai
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - The Federated Learning paradigm enables multiple clients to collaborate on training a machine learning model while maintaining their data decentralized. Although this approach enhances privacy and security, it also introduces vulnerabilities, particularly adversarial attacks. Among these threats, model poisoning attacks are particularly severe, as malicious clients can submit harmful updates to degrade the performance of the global model. Existing defense mechanisms mitigation against such attacks, including model analysis, Byzantine robust aggregation, and verification-based approaches, primarily focus on removing malicious clients. This approach informs the attackers that they have been detected, allowing them to adapt and strengthen their attacks, which reduces the defender's control over the system. Furthermore, revoking certain clients can significantly decrease the number of participants in FL due to detection errors. FL, however, relies on a large number of participants by definition. This paper proposes a novel defense mechanism using Generative Adversarial Networks (GANs) to introduce cyber deception into the FL framework. By creating a synthetic version of the global model, our approach aims to mislead and divert attackers, protecting the genuine model's integrity. The generator within the GAN produces a counterfeit model, while the discriminator assesses its authenticity. This deception strategy significantly reduces the impact of model poisoning attacks, preserving the accuracy and convergence rate of the global model while depleting attackers' resources. Our experimental simulations demonstrate the effectiveness of this GAN-based defense mechanism, providing a proactive and resilient solution for enhancing FL security against adversarial threats.
AB - The Federated Learning paradigm enables multiple clients to collaborate on training a machine learning model while maintaining their data decentralized. Although this approach enhances privacy and security, it also introduces vulnerabilities, particularly adversarial attacks. Among these threats, model poisoning attacks are particularly severe, as malicious clients can submit harmful updates to degrade the performance of the global model. Existing defense mechanisms mitigation against such attacks, including model analysis, Byzantine robust aggregation, and verification-based approaches, primarily focus on removing malicious clients. This approach informs the attackers that they have been detected, allowing them to adapt and strengthen their attacks, which reduces the defender's control over the system. Furthermore, revoking certain clients can significantly decrease the number of participants in FL due to detection errors. FL, however, relies on a large number of participants by definition. This paper proposes a novel defense mechanism using Generative Adversarial Networks (GANs) to introduce cyber deception into the FL framework. By creating a synthetic version of the global model, our approach aims to mislead and divert attackers, protecting the genuine model's integrity. The generator within the GAN produces a counterfeit model, while the discriminator assesses its authenticity. This deception strategy significantly reduces the impact of model poisoning attacks, preserving the accuracy and convergence rate of the global model while depleting attackers' resources. Our experimental simulations demonstrate the effectiveness of this GAN-based defense mechanism, providing a proactive and resilient solution for enhancing FL security against adversarial threats.
KW - Cyber Deception
KW - Federated Learning
KW - GAN
KW - Model Poisoning
UR - https://www.scopus.com/pages/publications/105018475651
U2 - 10.1109/ICC52391.2025.11161880
DO - 10.1109/ICC52391.2025.11161880
M3 - 会议稿件
AN - SCOPUS:105018475651
T3 - IEEE International Conference on Communications
SP - 4933
EP - 4938
BT - ICC 2025 - IEEE International Conference on Communications
A2 - Valenti, Matthew
A2 - Reed, David
A2 - Torres, Melissa
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2025 IEEE International Conference on Communications, ICC 2025
Y2 - 8 June 2025 through 12 June 2025
ER -