@Article{cmes.2025.063811,
AUTHOR = {Qingyu Tan, Yan Li, Byeong-Seok Shin},
TITLE = {Defending against Backdoor Attacks in Federated Learning by Using Differential Privacy and OOD Data Attributes},
JOURNAL = {Computer Modeling in Engineering \& Sciences},
VOLUME = {143},
YEAR = {2025},
NUMBER = {2},
PAGES = {2417--2428},
URL = {http://www.techscience.com/CMES/v143n2/61439},
ISSN = {1526-1506},
ABSTRACT = {Federated Learning (FL), a practical solution that leverages distributed data across devices without the need for centralized data storage, which enables multiple participants to jointly train models while preserving data privacy and avoiding direct data sharing. Despite its privacy-preserving advantages, FL remains vulnerable to backdoor attacks, where malicious participants introduce backdoors into local models that are then propagated to the global model through the aggregation process. While existing differential privacy defenses have demonstrated effectiveness against backdoor attacks in FL, they often incur a significant degradation in the performance of the aggregated models on benign tasks. To address this limitation, we propose a novel backdoor defense mechanism based on differential privacy. Our approach first utilizes the inherent out-of-distribution characteristics of backdoor samples to identify and exclude malicious model updates that significantly deviate from benign models. By filtering out models that are clearly backdoor-infected before applying differential privacy, our method reduces the required noise level for differential privacy, thereby enhancing model robustness while preserving performance. Experimental evaluations on the CIFAR10 and FEMNIST datasets demonstrate that our method effectively limits the backdoor accuracy to below 15% across various backdoor scenarios while maintaining high main task accuracy.},
DOI = {10.32604/cmes.2025.063811}
}