defense 2025

ProDiGy: Proximity- and Dissimilarity-Based Byzantine-Robust Federated Learning

Sena Ergisi , Luis Maßny , Rawad Bitar

Technical University of Munich

0 citations
α

Published on arXiv

2509.09534

Data Poisoning Attack

OWASP ML Top 10 — ML02

Key Finding

ProDiGy maintains model accuracy under non-IID data heterogeneity and state-of-the-art Byzantine attacks in scenarios where existing defenses (Krum, Bulyan, FLTrust, etc.) fail to converge

ProDiGy

Novel technique introduced

Federated Learning (FL) emerged as a widely studied paradigm for distributed learning. Despite its many advantages, FL remains vulnerable to adversarial attacks, especially under data heterogeneity. We propose a new Byzantine-robust FL algorithm called ProDiGy. The key novelty lies in evaluating the client gradients using a joint dual scoring system based on the gradients' proximity and dissimilarity. We demonstrate through extensive numerical experiments that ProDiGy outperforms existing defenses in various scenarios. In particular, when the clients' data do not follow an IID distribution, while other defense mechanisms fail, ProDiGy maintains strong defense capabilities and model accuracy. These findings highlight the effectiveness of a dual perspective approach that promotes natural similarity among honest clients while detecting suspicious uniformity as a potential indicator of an attack.

Key Contributions

  • Dual scoring system that jointly evaluates client gradients by proximity (honest updates cluster together) and dissimilarity (suspicious uniformity among adversarial updates is penalized)
  • Byzantine-robust aggregation algorithm ProDiGy that maintains model accuracy under non-IID data heterogeneity where state-of-the-art defenses fail
  • Extensive empirical evaluation across diverse FL settings (IID and non-IID) against prominent attacks (ALIE, FOE, mimic), outperforming existing robust aggregation rules in worst-case utility

🛡️ Threat Analysis

Data Poisoning Attack

ProDiGy defends against Byzantine attacks in federated learning, where malicious clients send adversarial gradient updates to degrade the global model's performance — this is the canonical FL poisoning / Byzantine-fault-tolerant aggregation threat covered by ML02.

Details

Domains
federated-learning
Model Types
federated
Threat Tags
training_timegrey_boxuntargeted
Datasets
FEMNISTCIFAR-10
Applications
federated learningdistributed machine learning
Read PDF arXiv Code

Similar Papers

defense

FLARE: Adaptive Multi-Dimensional Reputation for Robust Client Reliability in Federated Learning

2025 0 cit.
Data Poisoning Attack
100%
defense

Gradient Purification: Defense Against Poisoning Attack in Decentralized Federated Learning

2025 0 cit.
Data Poisoning Attack
100%
defense

DFedReweighting: A Unified Framework for Objective-Oriented Reweighting in Decentralized Federated Learning

2025 0 cit.
Data Poisoning Attack
100%
defense

Nesterov-Accelerated Robust Federated Learning Over Byzantine Adversaries

2025 1 cit.
Data Poisoning Attack
100%
defense

Pigeon-SL: Robust Split Learning Framework for Edge Intelligence under Malicious Clients

2025 0 cit.
Data Poisoning Attack
100%
defense

Byzantine-Robust Federated Learning with Learnable Aggregation Weights

2025 0 cit.
Data Poisoning Attack
100%
defense

The Robustness of Spiking Neural Networks in Federated Learning with Compression Against Non-omniscient Byzantine Attacks

2025 0 cit.
Data Poisoning Attack
100%
defense

Robust Federated Learning under Adversarial Attacks via Loss-Based Client Clustering

2025 0 cit.
Data Poisoning Attack
91%