SupRTE: Suppressing Backdoor Injection in Federated Learning via Robust Trust Evaluation

This article proposes a novel scheme, SupRTE, to suppress backdoor injection in federated learning via robust trust evaluation, which effectively prevents malicious updates from infiltrating the model aggregation process. The robust trust evaluation process in SupRTE consists of two components: 1) the behavior representation extractor, which creates individual profiles for each client through multidimensional information, and 2) the trust scorer, which measures the discrepancies between malicious and benign clients as trust scores by utilizing grading and clustering strategies. According to these trust scores, SupRTE can dynamically adjust the weight of each participating client to effectively suppress the malicious backdoor injection. Remarkably, SupRTE can be easily deployed on the server without requiring any auxiliary information and is highly adaptable to various nonindependent identically distributed scenarios. Extensive experiments over three datasets against two kinds of backdoor variants are conducted. Experimental results demonstrate that SupRTE can significantly reduce the attack success rate to below 2% with a minimal impact on the main task accuracy and outperforms state-of-the-art defense methods.