Backdoor defense method in federated learning based on contrastive training

In response to the inadequacy of existing defense methods for backdoor attacks in federated learning to effectively remove embedded backdoor features from models, while simultaneously reducing the accuracy of the primary task, a federated learning backdoor defense method called ContraFL was proposed, which utilized contrastive training to disrupt the clustering process of backdoor samples in the feature space, thereby rendering the global model classifications in federated learning independent of the backdoor trigger features. Specifically, on the server side, a trigger generation algorithm was developed to construct a generator pool to restore potential backdoor triggers in the training samples of the global model. Consequently, the trigger generator pool was distributed to the participants by the server, where each participant added the generated backdoor triggers to their local samples to achieve backdoor data augmentation. Experimental results demonstrate that ContraFL effectively defends against various backdoor attacks in federated learning, outperforming existing defense methods. © 2024 Editorial Board of Journal on Communications. All rights reserved.