defense 2025

Cost-TrustFL: Cost-Aware Hierarchical Federated Learning with Lightweight Reputation Evaluation across Multi-Cloud

Jixiao Yang 1, Jinyu Chen 2, Zixiao Huang 3, Chengda Xu 4, Chi Zhang 2, Sijia Li 5

1 Westcliff University

2 University of Washington

3 University of Virginia

4 Northeastern University

5 University of Michigan

0 citations · 18 references · arXiv
α

Published on arXiv

2512.20218

Data Poisoning Attack

OWASP ML Top 10 — ML02

Key Finding

Achieves 86.7% accuracy under 30% malicious clients while reducing cross-cloud communication costs by 32% compared to baseline Byzantine-robust methods.

Cost-TrustFL

Novel technique introduced

Federated learning across multi-cloud environments faces critical challenges, including non-IID data distributions, malicious participant detection, and substantial cross-cloud communication costs (egress fees). Existing Byzantine-robust methods focus primarily on model accuracy while overlooking the economic implications of data transfer across cloud providers. This paper presents Cost-TrustFL, a hierarchical federated learning framework that jointly optimizes model performance and communication costs while providing robust defense against poisoning attacks. We propose a gradient-based approximate Shapley value computation method that reduces the complexity from exponential to linear, enabling lightweight reputation evaluation. Our cost-aware aggregation strategy prioritizes intra-cloud communication to minimize expensive cross-cloud data transfers. Experiments on CIFAR-10 and FEMNIST datasets demonstrate that Cost-TrustFL achieves 86.7% accuracy under 30% malicious clients while reducing communication costs by 32% compared to baseline methods. The framework maintains stable performance across varying non-IID degrees and attack intensities, making it practical for real-world multi-cloud deployments.

Key Contributions

  • Hierarchical aggregation architecture that exploits cloud boundaries to minimize cross-cloud egress costs while maintaining robustness
  • Gradient-based approximate Shapley value method for reputation evaluation that reduces complexity from exponential to linear
  • Joint optimization objective balancing model accuracy and communication costs, achieving 86.7% accuracy under 30% malicious clients with 32% cost reduction

🛡️ Threat Analysis

Data Poisoning Attack

The paper explicitly defends against Byzantine poisoning attacks from malicious FL clients (label flipping, Gaussian noise injection, sign flipping, scaling attacks), which corrupt the global model through manipulated gradient updates. The gradient-based Shapley value reputation mechanism is a robust aggregation defense, a canonical ML02 countermeasure.

Details

Domains
federated-learningvision
Model Types
federatedcnn
Threat Tags
training_timegrey_box
Datasets
CIFAR-10FEMNIST
Applications
federated learningmulti-cloud deployments
Read PDF arXiv DOI

Similar Papers

defense

FedAgain: A Trust-Based and Robust Federated Learning Strategy for an Automated Kidney Stone Identification in Ureteroscopy

2026 0 cit.
Data Poisoning Attack
100%
defense

Lightweight and Robust Federated Data Valuation

2025 0 cit.
Data Poisoning Attack
100%
defense

HealSplit: Towards Self-Healing through Adversarial Distillation in Split Federated Learning

2025 0 cit.
Data Poisoning Attack
92%
defense

SpectralKrum: A Spectral-Geometric Defense Against Byzantine Attacks in Federated Learning

2025 0 cit.
Data Poisoning Attack
92%
defense

RIFLE: Robust Distillation-based FL for Deep Model Deployment on Resource-Constrained IoT Networks

2026 0 cit.
Data Poisoning Attack
92%
defense

FedGreed: A Byzantine-Robust Loss-Based Aggregation Method for Federated Learning

2025 0 cit.
Data Poisoning Attack
85%
defense

ASMR: Angular Support for Malfunctioning Client Resilience in Federated Learning

2025 0 cit.
Data Poisoning Attack
85%
defense

FedTrident: Resilient Road Condition Classification Against Poisoning Attacks in Federated Learning

2026 0 cit.
Data Poisoning Attack
85%