Paper 2025/510

Adaptive Adversaries in Byzantine-Robust Federated Learning: A survey.

Jakub Kacper Szeląg, University of Plymouth
Ji-Jian Chin, University of Plymouth
Sook-Chin Yip, Multimedia University
Abstract

Federated Learning (FL) has recently emerged as one of the leading paradigms for collaborative machine learning, serving as a tool for model computation without a need to expose one’s privately stored data. However, despite its advantages, FL systems face severe challenges within its own security solutions that address both privacy and robustness of models. This paper focuses on vulnerabilities within the domain of FL security with emphasis on model-robustness. Identifying critical gaps in current defences, particularly against adaptive adversaries which modify their attack strategies after being disconnected and rejoin systems to continue attacks. To our knowledge, other surveys in this domain do not cover the concept of adaptive adversaries, this along with the significance of their impact serves as the main motivation for this work. Our contributions are fivefold: (1) we present a comprehensive overview of FL systems, presenting a complete summary of its fundamental building blocks, (2) an extensive overview of existing vulnerabilities that target FL systems in general, (3) highlight baseline attack vectors as well as state-of-the-art approaches to development of attack methods and defence mechanisms, (4) introduces a novel baseline method of attack leveraging reconnecting malicious clients, and (5) identifies future research directions to address and counter adaptive attacks. We demonstrate through experimental results that existing baseline secure aggregation rules used in other works for comparison such as Krum and Trimmed Mean are insufficient against those attacks. Further, works improving upon those algorithms do not address this concern either. Our findings serve as a basis for redefining FL security paradigms in the direction of adaptive adversaries.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Machine LearningFederated LearningSecure AggregationAdaptive AdversariesByzantine-Robust Aggregation
Contact author(s)
jakub szelag @ students plymouth ac uk
ji-jian chin @ plymouth ac uk
scyip @ mmu edu my
History
2025-03-21: revised
2025-03-18: received
See all versions
Short URL
https://ia.cr/2025/510
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/510,
      author = {Jakub Kacper Szeląg and Ji-Jian Chin and Sook-Chin Yip},
      title = {Adaptive Adversaries in Byzantine-Robust Federated Learning: A survey.},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/510},
      year = {2025},
      url = {https://eprint.iacr.org/2025/510}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.