ML Security PapersResilient Federated Chain: Transforming Blockchain Consensus into an Active Defense Layer for Federated Learning
Mario García-Márquez , Nuria Rodríguez-Barroso , M.Victoria Luzón , Francisco Herrera
Published on arXiv
2602.21841
Data Poisoning Attack
OWASP ML Top 10 — ML02
Model Poisoning
OWASP ML Top 10 — ML10
Key Finding
RFC significantly improves robustness against Byzantine and backdoor attacks compared to baseline aggregation rules across image classification tasks under various adversarial FL scenarios.
Resilient Federated Chain (RFC)
Novel technique introduced
Federated Learning (FL) has emerged as a key paradigm for building Trustworthy AI systems by enabling privacy-preserving, decentralized model training. However, FL is highly susceptible to adversarial attacks that compromise model integrity and data confidentiality, a vulnerability exacerbated by the fact that conventional data inspection methods are incompatible with its decentralized design. While integrating FL with Blockchain technology has been proposed to address some limitations, its potential for mitigating adversarial attacks remains largely unexplored. This paper introduces Resilient Federated Chain (RFC), a novel blockchain-enabled FL framework designed specifically to enhance resilience against such threats. RFC builds upon the existing Proof of Federated Learning architecture by repurposing the redundancy of its Pooled Mining mechanism as an active defense layer that can be combined with robust aggregation rules. Furthermore, the framework introduces a flexible evaluation function in its consensus mechanism, allowing for adaptive defense against different attack strategies. Extensive experimental evaluation on image classification tasks under various adversarial scenarios, demonstrates that RFC significantly improves robustness compared to baseline methods, providing a viable solution for securing decentralized learning environments.
Key Contributions
- Resilient Federated Chain (RFC): a blockchain-enabled FL framework that repurposes the redundancy of PoFL's Pooled Mining mechanism as an active defense layer against adversarial attacks
- A modular consensus design with a flexible, interchangeable evaluation function that allows adaptive defense against different attack strategies (Byzantine and backdoor)
- Empirical demonstration that mining pool redundancy can be transformed into a probabilistic Byzantine Fault Tolerance guarantee without relying on a central trusted authority
🛡️ Threat Analysis
Defends against Byzantine attacks in federated learning where malicious clients send corrupted model updates to degrade global model performance — core ML02 threat. The RFC framework uses mining pool redundancy and robust aggregation rules to isolate and discard corrupted updates.
Explicitly defends against backdoor attacks in federated learning — the paper simulates both Byzantine and backdoor adversarial scenarios and evaluates RFC's resilience against both. Backdoor/trojan attacks in FL are a primary ML10 threat.