AntiFLipper: A Secure and Efficient Defense Against Label-Flipping Attacks in Federated Learning

Federated learning (FL) enables privacy-preserving model training by keeping data decentralized. However, it remains vulnerable to label-flipping attacks, where malicious clients manipulate labels to poison the global model. Despite their simplicity, these attacks can severely degrade model performance, and defending against them remains challenging. We introduce AntiFLipper, a novel and computationally efficient defense against multi-class label-flipping attacks in FL. Unlike existing methods that ensure security at the cost of high computational overhead, AntiFLipper employs a novel client-side detection strategy, significantly reducing the central server's burden during aggregation. Comprehensive empirical evaluations across multiple datasets under different distributions demonstrate that AntiFLipper achieves accuracy comparable to state-of-the-art defenses while requiring substantially fewer computational resources in server side. By balancing security and efficiency, AntiFLipper addresses a critical gap in existing defenses, making it particularly suitable for resource-constrained FL deployments where both model integrity and operational efficiency are essential.

Key Contributions

• AntiFLipper: a trust-based weighted aggregation method that detects and eliminates malicious clients performing multi-class label-flipping attacks, including in dynamic scenarios
• Client-side detection strategy that shifts computational burden away from the central server, significantly reducing aggregation time compared to existing defenses
• Empirical evaluation across multiple datasets and data distributions showing accuracy on par with SOTA defenses at substantially lower server-side cost

🛡️ Threat Analysis

Details

Similar Papers