Learning to evade: Adaptive and stealthy attack on reputation-based federated learning
Author Identifier (ORCID)
Abstract
Existing reputation-based defense mechanisms in Federated Learning (FL) operate predominantly under the premise of static adversarial strategies, and underestimate the adaptability of intelligent attackers and their threat. This reveals a novel dynamic attack framework that interpretes an attack process as a partially observable Markov decision process (POMDP), which captures an adversary’s sequential decisionmaking under uncertainty and is implemented online using Monte Carlo tree search. Navigating an environment where the server’s trust evaluation is undisclosed, the POMDP-based attack adaptively alternates between malicious injection and benign participation to optimize the long-term trade-off between damage infliction and detection avoidance. Empirical evaluations demonstrate that this new attack can outmaneuver state-ofthe-art reputation defenses, achieving a superior efficacy-stealth trade-off. On MNIST under MAB-RFL with 20% attackers, the attack suppresses model accuracy to 26.64%, whereas static and adaptive baselines fail to prevent convergence (with accuracy of 92.71% and 89.82%, respectively). Awareness of the existence of this attack is important for the safe operation of FL.
Keywords
Adaptive strategy, federated learning, poisoning attack, POMDP, trust management
Document Type
Journal Article
Date of Publication
1-1-2026
Publication Title
IEEE Communications Letters
Publisher
IEEE
School
School of Engineering
Copyright
subscription content
Comments
Liu, X., Liu, E., Ni, W., Zhang, H., Wei, Z., & Hossain, E. (2026). Learning to evade: Adaptive and stealthy attack on reputation-based federated learning. IEEE Communications Letters, 30, 1836–1840. https://doi.org/10.1109/LCOMM.2026.3685107