ML Security PapersDetecting Untargeted Attacks and Mitigating Unreliable Updates in Federated Learning for Underground Mining Operations
Md Sazedur Rahman 1, Mohamed Elmahallawy 2, Sanjay Madria 1, Samuel Frimpong 1
Published on arXiv
2508.10212
Data Poisoning Attack
OWASP ML Top 10 — ML02
Key Finding
MineDetect outperforms existing robust FL methods in both accuracy and robustness against sign-flipping and additive noise attacks under non-IID data distributions in mining environments.
MineDetect
Novel technique introduced
Underground mining operations rely on distributed sensor networks to collect critical data daily, including mine temperature, toxic gas concentrations, and miner movements for hazard detection and operational decision-making. However, transmitting raw sensor data to a central server for training deep learning models introduces significant privacy risks, potentially exposing sensitive mine-specific information. Federated Learning (FL) offers a transformative solution by enabling collaborative model training while ensuring that raw data remains localized at each mine. Despite its advantages, FL in underground mining faces key challenges: (i) An attacker may compromise a mine's local model by employing techniques such as sign-flipping attacks or additive noise, leading to erroneous predictions; (ii) Low-quality (yet potentially valuable) data, caused by poor lighting conditions or sensor inaccuracies in mines may degrade the FL training process. In response, this paper proposes MineDetect, a defense FL framework that detects and isolates the attacked models while mitigating the impact of mines with low-quality data. MineDetect introduces two key innovations: (i) Detecting attacked models (maliciously manipulated) by developing a history-aware mechanism that leverages local and global averages of gradient updates; (ii) Identifying and eliminating adversarial influences from unreliable models (generated by clients with poor data quality) on the FL training process. Comprehensive simulations across diverse datasets demonstrate that MineDetect outperforms existing methods in both robustness and accuracy, even in challenging non-IID data scenarios. Its ability to counter adversarial influences while maintaining lower computational efficiency makes it a vital advancement for improving safety and operational effectiveness in underground mining.
Key Contributions
- History-aware anomaly detection mechanism leveraging local and global averages of gradient updates to identify sign-flipping and additive noise attacks in FL rounds
- Method to identify and suppress adversarial influence of unreliable clients (low-quality/noisy sensor data) from FL aggregation without discarding their potentially unique data contributions
- MineDetect framework evaluated across diverse datasets in non-IID scenarios, outperforming existing Byzantine-robust FL baselines in accuracy and robustness
🛡️ Threat Analysis
Sign-flipping and additive noise attacks are untargeted Byzantine attacks in federated learning where malicious clients send manipulated model updates to degrade global model performance — the canonical ML02 threat. MineDetect's primary contribution is a robust aggregation defense (history-aware gradient anomaly detection) against these Byzantine participants, which maps directly to the Byzantine-fault-tolerant FL defense subcategory of ML02.