User isolation poisoning on decentralized federated learning: An adversarial message-passing graph neural network approach

Abstract

This article proposes a new cyberattack on decentralized federated learning (DFL), named user isolation poisoning (UIP). While following the standard DFL protocol of receiving and aggregating benign local models, a malicious user strategically generates and distributes compromised updates to undermine the learning process. The objective of the new UIP attack is to diminish the impact of benign users by isolating their model updates, thereby manipulating the shared model to reduce the learning accuracy. To realize this attack, we design a novel threat model that leverages an adversarial message-passing graph (MPG) neural network. Through iterative message passing, the adversarial MPG progressively refines the representations (also known as embeddings or hidden states) of each benign local model update. By orchestrating feature exchanges among connected nodes in a targeted manner, the malicious users effectively curtail the genuine data features of benign local models, thereby diminishing their overall influence within the DFL process. The MPG-based UIP attack is implemented in PyTorch, demonstrating that it effectively reduces the test accuracy of DFL by 49.5% and successfully evades existing cosine similarity- and Euclidean distance-based defense strategies.

Document Type

Journal Article

Date of Publication

1-1-2025

Publication Title

IEEE Transactions on Neural Networks and Learning Systems

Publisher

IEEE

School

School of Engineering

Funders

Portuguese Foundation for Science and Technology through the Carnegie Mellon Portugal Program / AXA Research Fund

Comments

Li, K., Liang, Y., Liò, P., Ni, W., Dressler, F., Crowcroft, J., & Akan, O. B. (2025). User isolation poisoning on decentralized federated learning: An adversarial message-passing graph neural network approach. IEEE Transactions on Neural Networks and Learning Systems. Advance online publication. https://doi.org/10.1109/TNNLS.2025.3636440

Copyright

subscription content

Link to Full Text

Share

 
COinS
 

Link to publisher version (DOI)

10.1109/TNNLS.2025.3636440