ML Security PapersAdversarial Node Placement in Decentralized Federated Learning: Maximum Spanning-Centrality Strategy and Performance Analysis
Adam Piaseczny 1, Eric Ruzomberka 2, Rohit Parasnis 3, Christopher G. Brinton 1
Published on arXiv
2511.06742
Data Poisoning Attack
OWASP ML Top 10 — ML02
Key Finding
MaxSpAN-FL consistently induces the largest model performance degradation in decentralized FL compared to all baseline adversarial placement schemes across diverse network topologies and adversary counts.
MaxSpAN-FL
Novel technique introduced
As Federated Learning (FL) becomes more widespread, there is growing interest in its decentralized variants. Decentralized FL leverages the benefits of fast and energy-efficient device-to-device communications to obviate the need for a central server. However, this opens the door to new security vulnerabilities as well. While FL security has been a popular research topic, the role of adversarial node placement in decentralized FL remains largely unexplored. This paper addresses this gap by evaluating the impact of various coordinated adversarial node placement strategies on decentralized FL's model training performance. We adapt two threads of placement strategies to this context: maximum span-based algorithms, and network centrality-based approaches. Building on them, we propose a novel attack strategy, MaxSpAN-FL, which is a hybrid between these paradigms that adjusts node placement probabilistically based on network topology characteristics. Numerical experiments demonstrate that our attack consistently induces the largest degradation in decentralized FL models compared with baseline schemes across various network configurations and numbers of coordinating adversaries. We also provide theoretical support for why eigenvector centrality-based attacks are suboptimal in decentralized FL. Overall, our findings provide valuable insights into the vulnerabilities of decentralized FL systems, setting the stage for future research aimed at developing more secure and robust decentralized FL frameworks.
Key Contributions
- Proposes MaxSpAN-FL, a novel hybrid adversarial node placement attack combining maximum-span and network centrality paradigms, adapting probabilistically to network topology
- Demonstrates empirically that MaxSpAN-FL induces greater degradation in decentralized FL than baseline placement strategies across various network configurations and adversary counts
- Provides theoretical analysis showing why eigenvector centrality-based adversarial placement is suboptimal in decentralized FL settings
🛡️ Threat Analysis
Adversarial nodes are placed strategically within a decentralized FL network topology to maximally degrade global model training performance — this is a Byzantine attack variant in federated learning where the primary contribution is optimizing malicious client placement (not inserting backdoors with triggers), directly mapping to ML02's scope of Byzantine attacks that degrade FL model performance.