Secure-CHG: A Comprehensive Framework for Robust and Fair Federated Learning via Hybrid Defense and Contribution-Aware Trust

📅 2026-06-29
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the vulnerability of federated learning to stealthy backdoor attacks in late-stage convergence, where conventional statistical defenses fail due to vanishing gradient norms. The authors propose Secure-CHG, a novel framework that for the first time identifies and mitigates this “Late-stage Failure” issue. Secure-CHG integrates early-stage cascaded statistical filtering with a late-stage closed-form CHG-Shapley mechanism operating in the Hardness-Gradient space, which amplifies the semantic signatures of malicious updates through contribution-aware validation—enabling efficient attacker identification without retraining. Coupled with trust-modulated aggregation, the method substantially suppresses state-of-the-art backdoor attacks on CIFAR-10, MedMNIST, and NEU-SDDB, reducing attack success rates by 2.3× and 2.0× compared to Krum and Trimmed Mean, respectively.
📝 Abstract
Federated Learning (FL) is highly susceptible to stealthy backdoor attacks, which aim to force a model into predicting an attacker-chosen target class for inputs containing a specific trigger. However, existing statistical defenses primarily focus on the early stages of model convergence. In this paper, we identify a fundamental vulnerability termed ``Late-stage Failure.'' We demonstrate that as the global model converges, decaying gradient norms render malicious and benign updates morphologically indistinguishable. This vanishing statistical variance effectively blinds traditional defenses, enabling adaptive adversaries to remain dormant and subsequently hijack the training process. To overcome these constraints, we propose Secure-CHG, a hybrid framework that pivots the defense paradigm from superficial morphological detection toward intrinsic semantic contribution verification. Secure-CHG employs an adaptive defense pipeline: a cascaded statistical filter stabilizes optimization during the early oscillatory phase, while a novel CHG-Shapley mechanism takes over during late-stage convergence. By leveraging sample hardness (i.e., local training loss) to project updates into a composite Hardness-Gradient space, it effectively amplifies adversarial semantic traces, enabling the isolation of stealthy attackers even as gradient norms vanish. Furthermore, we derive a closed-form solution for CHG-Shapley, facilitating low-complexity, retraining-free node valuation and trust-modulated aggregation. Extensive evaluations on CIFAR-10, MedMNIST, and NEU-SDDB demonstrate that Secure-CHG effectively mitigates Late-stage Failure. Specifically, it significantly suppresses advanced backdoor attacks, reducing their attack success rate by 2.3$\times$ and 2.0$\times$ relative to the mainstream Krum and Trimmed Mean baselines, respectively.
Problem

Research questions and friction points this paper is trying to address.

Federated Learning
Backdoor Attacks
Late-stage Failure
Model Convergence
Adversarial Robustness
Innovation

Methods, ideas, or system contributions that make the work stand out.

Late-stage Failure
Hybrid Defense
CHG-Shapley
Hardness-Gradient Space
Contribution-Aware Trust
🔎 Similar Papers
No similar papers found.