Search papers, labs, and topics across Lattice.
This paper conducts a systematic vulnerability assessment of personalized federated learning (PFL) methods, revealing their increased susceptibility to transfer-based adversarial attacks compared to centralized learning. The authors demonstrate that malicious clients can exploit local model knowledge to generate adversarial examples that significantly degrade the performance of peer clients' personalized models, with empirical evaluations showing notable accuracy drops across multiple benchmarks. To counteract these vulnerabilities, a novel defense framework is proposed, incorporating stochastic input noise, input-scaled trace regularization, and parameter sensitivity maximization to enhance the robustness of federated learning systems.
PFL methods are alarmingly vulnerable to adversarial attacks, with malicious clients capable of sabotaging peer models through crafted examples.
The proliferation of IoT devices has fueled distributed edge systems to collect vast amounts of sensitive data, creating fertile ground for on-device machine learning applications. While federated learning (FL) mitigates privacy concerns by exchanging model parameters instead of raw data, we identify a critical blind spot in current research. We examine the most commonly used personalized federated learning (PFL) methods, which allow clients to maintain private, personalized models to address data heterogeneity across clients. Through systematic analysis, we reveal that PFL methods exhibit heightened vulnerability to transfer-based adversarial attacks compared to centralized learning paradigms. Wherein, malicious clients can exploit local model knowledge to craft adversarial examples that can compromise peer clients' personalized models. We establish this vulnerability through both theoretical analysis and empirical evaluation across multiple benchmark datasets, demonstrating significant accuracy drops across various PFL methods. To address this challenge, we propose a defense framework combining stochastic input noise, input-scaled trace regularization, and parameter sensitivity maximization to improve FL's robustness. Our findings establish the first systematic study of adversarial threats in PFL systems, providing both diagnostic tools and practical countermeasures.