Search papers, labs, and topics across Lattice.
This paper introduces Secure-CHG, a novel framework designed to enhance the robustness and fairness of Federated Learning (FL) against backdoor attacks, particularly addressing a critical vulnerability known as "Late-stage Failure." By shifting from traditional morphological detection to a more intrinsic verification of contributions, Secure-CHG employs a dual defense strategy that stabilizes early training phases and utilizes a CHG-Shapley mechanism during late convergence to amplify adversarial signals. Experimental results on datasets like CIFAR-10 and MedMNIST show that Secure-CHG significantly reduces the success rate of advanced backdoor attacks, outperforming existing methods like Krum and Trimmed Mean by 2.3x and 2.0x, respectively.
Late-stage vulnerabilities in Federated Learning can be effectively mitigated by a hybrid defense that amplifies adversarial signals, achieving a 2.3x reduction in backdoor attack success rates.
Federated Learning (FL) is highly susceptible to stealthy backdoor attacks, which aim to force a model into predicting an attacker-chosen target class for inputs containing a specific trigger. However, existing statistical defenses primarily focus on the early stages of model convergence. In this paper, we identify a fundamental vulnerability termed ``Late-stage Failure.'' We demonstrate that as the global model converges, decaying gradient norms render malicious and benign updates morphologically indistinguishable. This vanishing statistical variance effectively blinds traditional defenses, enabling adaptive adversaries to remain dormant and subsequently hijack the training process. To overcome these constraints, we propose Secure-CHG, a hybrid framework that pivots the defense paradigm from superficial morphological detection toward intrinsic semantic contribution verification. Secure-CHG employs an adaptive defense pipeline: a cascaded statistical filter stabilizes optimization during the early oscillatory phase, while a novel CHG-Shapley mechanism takes over during late-stage convergence. By leveraging sample hardness (i.e., local training loss) to project updates into a composite Hardness-Gradient space, it effectively amplifies adversarial semantic traces, enabling the isolation of stealthy attackers even as gradient norms vanish. Furthermore, we derive a closed-form solution for CHG-Shapley, facilitating low-complexity, retraining-free node valuation and trust-modulated aggregation. Extensive evaluations on CIFAR-10, MedMNIST, and NEU-SDDB demonstrate that Secure-CHG effectively mitigates Late-stage Failure. Specifically, it significantly suppresses advanced backdoor attacks, reducing their attack success rate by 2.3$\times$ and 2.0$\times$ relative to the mainstream Krum and Trimmed Mean baselines, respectively.