Abstract

This article proposes a novel scheme, SupRTE, to suppress backdoor injection in federated learning via robust trust evaluation, which effectively prevents malicious updates from infiltrating the model aggregation process. The robust trust evaluation process in SupRTE consists of two components: 1) behavior representation extractor, creating individual profiles for each client through multidimensional information; 2) trust scorer, measuring the discrepancies between malicious and benign clients as trust scores by utilizing grading and clustering strategies. According to these trust scores, SupRTE can dynamically adjust the weight of each participating client to effectively suppress the malicious backdoor injection. Remarkably, SupRTE can be easily deployed on the server without requiring any auxiliary information and is highly adaptable to various Non-IID scenarios. Extensive experiments over 3 datasets against 2 kinds of backdoor variants are conducted. Experimental results demonstrate that SupRTE can significantly reduce the attack success rate to below 2% with a minimal impact on the main task accuracy and outperforms the state-of-the-art defense methods.