ML Security PapersHybrid Reputation Aggregation: A Robust Defense Mechanism for Adversarial Federated Learning in 5G and Edge Network Environments
Saeid Sheikhi , Panos Kostakos , Lauri Loven
Published on arXiv
2509.18044
Data Poisoning Attack
OWASP ML Top 10 — ML02
Model Poisoning
OWASP ML Top 10 — ML10
Key Finding
HRA achieves 98.66% accuracy on the 5G dataset and 96.60% on NF-CSE-CIC-IDS2018, outperforming Krum, Trimmed Mean, and Bulyan under diverse adversarial FL attack scenarios.
Hybrid Reputation Aggregation (HRA)
Novel technique introduced
Federated Learning (FL) in 5G and edge network environments face severe security threats from adversarial clients. Malicious participants can perform label flipping, inject backdoor triggers, or launch Sybil attacks to corrupt the global model. This paper introduces Hybrid Reputation Aggregation (HRA), a novel robust aggregation mechanism designed to defend against diverse adversarial behaviors in FL without prior knowledge of the attack type. HRA combines geometric anomaly detection with momentum-based reputation tracking of clients. In each round, it detects outlier model updates via distance-based geometric analysis while continuously updating a trust score for each client based on historical behavior. This hybrid approach enables adaptive filtering of suspicious updates and long-term penalization of unreliable clients, countering attacks ranging from backdoor insertions to random noise Byzantine failures. We evaluate HRA on a large-scale proprietary 5G network dataset (3M+ records) and the widely used NF-CSE-CIC-IDS2018 benchmark under diverse adversarial attack scenarios. Experimental results reveal that HRA achieves robust global model accuracy of up to 98.66% on the 5G dataset and 96.60% on NF-CSE-CIC-IDS2018, outperforming state-of-the-art aggregators such as Krum, Trimmed Mean, and Bulyan by significant margins. Our ablation studies further demonstrate that the full hybrid system achieves 98.66% accuracy, while the anomaly-only and reputation-only variants drop to 84.77% and 78.52%, respectively, validating the synergistic value of our dual-mechanism approach. This demonstrates HRA's enhanced resilience and robustness in 5G/edge federated learning deployments, even under significant adversarial conditions.
Key Contributions
- Hybrid Reputation Aggregation (HRA) combining distance-based geometric anomaly detection with momentum-based client trust scoring for attack-agnostic FL defense
- Evaluation on a large-scale proprietary 5G network dataset (3M+ records) and NF-CSE-CIC-IDS2018 under label flipping, backdoor, Byzantine, and Sybil attack scenarios
- Ablation study demonstrating that the synergistic dual-mechanism approach (98.66%) significantly outperforms anomaly-only (84.77%) and reputation-only (78.52%) variants
🛡️ Threat Analysis
HRA explicitly defends against label flipping, Byzantine failures, and Sybil attacks — all forms of data/update poisoning by malicious FL clients aiming to degrade global model performance via corrupted training contributions.
HRA also defends against backdoor trigger injection by FL participants, where malicious clients embed hidden targeted behaviors into the global model — this is explicitly listed as one of the primary threat scenarios evaluated.