Defending Machine Learning Models: Anomaly Detection Strategies Against Poisoning Attacks
Abstract
This work presents the GAIA defense framework to detect and mitigate poisoning attacks using random parameters in Federated Learning (FL). These attacks, involving the submission of tensors with random values by malicious agents, compromise the integrity and accuracy of global models. The methodology uses L1 and L2 vector norms to extract features from the model updates. Updates from benign clients follow consistent statistical patterns, while those from attackers exhibit divergent distributions. Analyzing these signatures allows the aggregation server to identify malicious updates and ensure the stability and accuracy of the federated model. Through experimental demonstration, the effectiveness of the proposed framework was validated by achieving 40% accuracy, representing an improvement of over 30% compared to the model without defense.
Keywords:
Federated Learning, Poisoning, Machine Learning
References
AbdulRahman, S., Tout, H., Ould-Slimane, H., Mourad, A., Talhi, C., and Guizani, M. (2020). A survey on federated learning: The journey from centralized to distributed on-site learning and beyond. IEEE Internet of Things Journal, 8(7):5476–5497.
Assumpção, N. R. and Villas, L. A. (2024). Rápido, privado e protegido: Uma abordagem para aprendizado federado eficiente em ambiente hostil. In Workshop de Computação Urbana (CoUrb), pages 15–28. SBC.
Blanchard, P., El Mhamdi, E. M., Guerraoui, R., and Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in neural information processing systems, 30.
de Souza, A. M., Bittencourt, L. F., Cerqueira, E., Loureiro, A. A., and Villas, L. A. (2023). Dispositivos, eu escolho vocês: Seleçao de clientes adaptativa para comunicaçao eficiente em aprendizado federado. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), pages 1–14. SBC.
de Souza, A. M., Maciel, F., da Costa, J. B., Bittencourt, L. F., Cerqueira, E., Loureiro, A. A., and Villas, L. A. (2024). Adaptive client selection with personalization for communication efficient federated learning. Ad Hoc Networks, 157:103462.
Korkmaz, A., Alhonainy, A., and Rao, P. (2022). An evaluation of federated learning techniques for secure and privacy-preserving machine learning on medical datasets. In 2022 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), pages 1–7. IEEE.
Morais, M. G., da Costa, J. B., Gonzalez, L. F., de Souza, A. M., and Villas, L. A. (2024). Mecanismo para mitigar ataques de envenenamento de modelo no aprendizado federado. In Workshop de Computação Urbana (CoUrb), pages 224–237. SBC.
Assumpção, N. R. and Villas, L. A. (2024). Rápido, privado e protegido: Uma abordagem para aprendizado federado eficiente em ambiente hostil. In Workshop de Computação Urbana (CoUrb), pages 15–28. SBC.
Blanchard, P., El Mhamdi, E. M., Guerraoui, R., and Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in neural information processing systems, 30.
de Souza, A. M., Bittencourt, L. F., Cerqueira, E., Loureiro, A. A., and Villas, L. A. (2023). Dispositivos, eu escolho vocês: Seleçao de clientes adaptativa para comunicaçao eficiente em aprendizado federado. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), pages 1–14. SBC.
de Souza, A. M., Maciel, F., da Costa, J. B., Bittencourt, L. F., Cerqueira, E., Loureiro, A. A., and Villas, L. A. (2024). Adaptive client selection with personalization for communication efficient federated learning. Ad Hoc Networks, 157:103462.
Korkmaz, A., Alhonainy, A., and Rao, P. (2022). An evaluation of federated learning techniques for secure and privacy-preserving machine learning on medical datasets. In 2022 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), pages 1–7. IEEE.
Morais, M. G., da Costa, J. B., Gonzalez, L. F., de Souza, A. M., and Villas, L. A. (2024). Mecanismo para mitigar ataques de envenenamento de modelo no aprendizado federado. In Workshop de Computação Urbana (CoUrb), pages 224–237. SBC.
Published
2025-08-13
How to Cite
HIPOLITO, Livia; LOPES, Amanda; CLIPES, Manoel; BASTOS, Lucas.
Defending Machine Learning Models: Anomaly Detection Strategies Against Poisoning Attacks. In: REGIONAL SCHOOL OF INFORMATICS NORTH 2 (ERIN 2), 18. , 2025, Macapá/AP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 49-54.
DOI: https://doi.org/10.5753/erin.2025.16049.
