FIDELIS: Blockchain-Enabled Protection Against Poisoning Attacks in Federated Learning

Federated learning enhances traditional deep learning by enabling the joint training of a model with the use of IoT device's private data. It ensures privacy for clients, but is susceptible to data poisoning attacks during training that degrade model performance and integrity. Current poisoning detection methods in federated learning lack a standardized detection method or take significant liberties with trust. In this paper, we present \Sys, a novel blockchain-enabled poison detection framework in federated learning. The framework decentralizes the role of the global server across participating clients. We introduce a judge model used to detect data poisoning in model updates. The judge model is produced by each client and verified to reach consensus on a single judge model. We implement our solution to show \Sys is robust against data poisoning attacks and the creation of our judge model is scalable.

Key Contributions

FIDELIS framework that decentralizes the global FL server role using blockchain, removing single-point-of-trust assumptions in poisoning detection
A consensus-driven 'judge model' trained on benign gradient movement patterns to detect poisoned model updates from malicious clients
Experimental evaluation demonstrating robustness against label-flipping data poisoning and scalability of the judge model creation process

🛡️ Threat Analysis

Data Poisoning Attack

The paper directly targets data poisoning (label-flipping) attacks in federated learning where malicious clients inject corrupted training data to degrade global model performance. The FIDELIS framework is a defense that detects and excludes poisoned model updates, matching the core ML02 threat of corrupting training data.

Details

Domains

federated-learningvision

Model Types

federated

Threat Tags

training_timetargeteduntargeted

Applications

2025 0 cit.

Data Poisoning Attack

75%