ML Security PapersRobust Federated Learning for Malicious Clients using Loss Trend Deviation Detection
Deepthy K Bhaskar 1,2, Minimol B 1,2, Binu V P 1,2
Published on arXiv
2601.20915
Data Poisoning Attack
OWASP ML Top 10 — ML02
Key Finding
FL-LTD achieves 0.84 test accuracy under loss manipulation attacks on non-IID federated MNIST, compared to 0.41 for standard FedAvg under the same attack.
FL-LTD (Federated Learning with Loss Trend Detection)
Novel technique introduced
Federated Learning (FL) facilitates collaborative model training among distributed clients while ensuring that raw data remains on local devices.Despite this advantage, FL systems are still exposed to risks from malicious or unreliable participants. Such clients can interfere with the training process by sending misleading updates, which can negatively affect the performance and reliability of the global model. Many existing defense mechanisms rely on gradient inspection, complex similarity computations, or cryptographic operations, which introduce additional overhead and may become unstable under non-IID data distributions. In this paper, we propose the Federated Learning with Loss Trend Detection (FL-LTD), a lightweight and privacy-preserving defense framework that detects and mitigates malicious behavior by monitoring temporal loss dynamics rather than model gradients. The proposed approach identifies anomalous clients by detecting abnormal loss stagnation or abrupt loss fluctuations across communication rounds. To counter adaptive attackers, a short-term memory mechanism is incorporated to sustain mitigation for clients previously flagged as anomalous, while enabling trust recovery for stable participants. We evaluate FL-LTD on a non-IID federated MNIST setup under loss manipulation attacks. Experimental results demonstrate that the proposed method significantly enhances robustness, achieving a final test accuracy of 0.84, compared to 0.41 for standard FedAvg under attack. FL-LTD incurs negligible computational and communication overhead, maintains stable convergence, and avoids client exclusion or access to sensitive data, highlighting the effectiveness of loss-based monitoring for secure federated learning.
Key Contributions
- FL-LTD framework that monitors temporal loss dynamics (stagnation and abrupt fluctuations) to identify malicious FL clients without gradient inspection
- Short-term memory mechanism that sustains mitigation for previously flagged clients while allowing trust recovery for stable participants
- Lightweight, privacy-preserving defense that avoids client exclusion and works under non-IID data distributions with negligible overhead
🛡️ Threat Analysis
The paper defends against Byzantine malicious clients in federated learning who send misleading/manipulated updates (loss manipulation attacks) to degrade global model performance — the canonical FL Byzantine poisoning threat. The primary contribution (FL-LTD) is a robust aggregation defense that detects and mitigates such clients via loss trend monitoring.