Abstract

Privacy preservation in federated learning (FL) has received considerable attention and many approaches have been proposed. However, these approaches rendered the uploaded gradients invisible to the server, which poses a significant challenge in defending against poisoning attacks. In poisoning attacks, malicious or compromised participants use poisoned training data or forged local updates to disrupt the training process. It is hard for cloud servers to defend against poisoning attacks due to the invisibility of gradients. To address this issue, we propose a privacy-preserving FL scheme (PFLS) against poisoning attacks to eliminate the impact of model poisoning attacks while protecting the privacy of participants. Specifically, a dynamic adaptive defense mechanism is designed to mitigate the impact of malicious gradients and locate malicious participants. To protect participants’ privacy, a multidimensional homomorphic encryption method is constructed with a hierarchical aggregation architecture. The security analysis illustrates that the PFLS scheme can ensure the privacy of FL participants. The experimental results demonstrate that a high-detection rate of malicious participants and a balance between efficiency and robustness are achieved.