您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

《山东大学学报(理学版)》 ›› 2026, Vol. 61 ›› Issue (6): 35-50.doi: 10.6040/j.issn.1671-9352.5.2025.121

• • 上一篇    

FACDVis: 面向联邦学习的异常客户端检测可视分析方法

方鹏1,2,3,赵凡1,3*,王轶1,3,黄汉城1,2,3,王保全1,3,马玉鹏1,3   

  1. 1.中国科学院新疆理化技术研究所多语种信息技术研究室, 新疆 乌鲁木齐 830011;2.中国科学院大学, 北京 100049;3.新疆民族语音信息处理实验室, 新疆 乌鲁木齐 830011
  • 发布日期:2026-06-04
  • 通讯作者: 赵凡(1980— ),男,研究员,博士,研究方向为数据分析与可视化. E-mail:zhaofan@ms.xjb.ac.cn
  • 作者简介:方鹏(2001— ),男,硕士研究生,研究方向为联邦学习异常客户端检测. E-mail:fangpeng23@mails.ucas.ac.cn*通信作者:赵凡(1980— ),男,研究员,博士,研究方向为数据分析与可视化. E-mail:zhaofan@ms.xjb.ac.cn
  • 基金资助:
    新疆维吾尔自治区重点研发计划项目(2023B01026);新疆维吾尔自治区“天山英才”创新团队项目(2023TSYCTD0011);新疆维吾尔自治区“天山英才”领军人才项目(2023TSYCLJ0022,2024TSYCLJ0039);新疆“天池英才”引进计划项目

FACDVis: a visual analysis method for abnormal client detection in Federated Learning

FANG Peng1,2,3, ZHAO Fan1,3*, WANG Yi1,3, HUANG Hancheng1,2,3, WANG Baoquan1,3, MA Yupeng1,3   

  1. 1. Laboratory of Multilingual Information Technology, Xinjiang Technical Institute of Physics and Chemistry, Chinese Academy of Sciences, Urumqi 830011, Xinjiang, China;
    2. University of Chinese Academy of Sciences, Beijing 100049, China;
    3. Xinjiang Laboratory of Minority Speech and Language Information Processing, Urumqi 830011, Xinjiang, China
  • Published:2026-06-04

PDF (PC)

1

摘要: 联邦学习通过隐私保护实现多方数据价值共享,已在医疗、能源等多个领域得到广泛应用,但异常客户端的存在导致联邦学习模型性能受损,系统效率降低。传统异常客户端检测算法依赖于良性客户端占大多数的假设、在应对复杂攻击时易失效,且缺乏可解释性。针对上述问题,提出一种面向联邦学习的异常客户端检测可视分析方法—FACDVis。所提方法首先基于客户端模型性能演化评估体系,实现可疑客户端与异常迭代轮次的初步筛查;其次,通过模型行为模式分析体系,进一步定位异常客户端及其迭代轮次;最后,借助参数异质性诊断体系,深度分析攻击手段,构建可解释的多维证据链检测框架。实验结果表明,该方法能够在异常客户端数量占到80%以上时,仍然有效应对数据投毒、模型投毒等多种攻击手段,识别平均准确率达到94%。

关键词: 可视化, 联邦学习, 异常客户端检测, 可解释性

Abstract: Federated Learning enables multi-party data value sharing with privacy protection and has been widely applied in many fields such as healthcare and energy. However, the existence of abnormal clients can degrade the models performance and reduce system efficiency. Traditional abnormal clients detection algorithms rely on the assumption that the majority of clients are benign, which makes them ineffective against complex attacks and lacks interpretability. To address these issues, a visual analysis method for abnormal client detection in Federated Learning, named FACDVis, is proposed. The method first identifies suspicious clients and anomalous training rounds through the model performance evolution evaluation framework. Next, through the model behavior pattern analysis framework, it further locates the abnormal clients and their corresponding iterations. Finally, parameter heterogeneity diagnosis framework is employed to deeply analyze the attack methods and construct an interpretable multidimensional evidence chain detection framework. Experiments demonstrated that the proposed method effectively resolves data poisoning, model poisoning, and other attacks even when the number of abnormal clients exceeds 80%, the average recognition accuracy rate reaches 94%.

Key words: visualization, Federated Learning, abnormal client detection, interpretability

中图分类号: 

  • TP391
[1] MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication efficient learning of deep networks from decentralized data[C] //Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. Brookline: Microtome Publishing, 2017:1273-1282.
[2] YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated machine learning: concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2):1-19.
[3] 中国信息通信研究院.联邦学习应用安全研究报告(2023)[EB/OL].(2023-01-01)[2025-07-29]. https://aigc.idigital.com.cn/djyanbao/. China Academy of Information and Communications Technology. Federated Learning application security research report(2023)[EB/OL].(2023-01-01)[2025-07-29]. https://aigc.idigital.com.cn/djyanbao/.
[4] KONECNY J, MCMAHAN H B, YU F X, et al. Federated Learning: strategies for improving communication efficiency[EB/OL].(2016-10-18)[2025-07-29]. https://arxiv.org/abs/1610.05492.
[5] ABHISHEK V A, BINNY S, JOHAN T R, et al. Federated Learning: collaborative machine learning without centralized training data[J]. International Journal of Engineering Technology and Management Sciences, 2022, 6(5):355-359.
[6] 王生生,路淑贞,曹斌. 面向隐私保护联邦学习的医学影像目标检测算法[J]. 计算机辅助设计与图形学学报,2021,33(10):1553-1562. WANG Shengsheng, LU Shuzhen, CAO Bin. Medical image object detection algorithm for privacy preserving Federated Learning[J]. Journal of Computer-Aided Design & Computer Graphics, 2021, 33(10):1553-1562.
[7] 刘新,刘冬兰,付婷,等. 基于联邦学习的时间序列预测算法[J]. 山东大学学报(工学版),2024,54(3):55-63. LIU Xin, LIU Donglan, FU Ting, et al. Time series forecasting algorithm based on Federated Learning[J]. Journal of Shandong University(Engineering Science), 2024, 54(3):55-63.
[8] 微众银行,鹏城实验室,中国信息通信研究院,等. 联邦学习白皮书(2.0版)[R]. 深圳:微众银行,2020. WeBank, Peng Cheng Laboratory, China Academy of Information and Communications Technology, et al. Federated Learning white paper(V2.0)[R]. Shenzhen: WeBank, 2020.
[9] 肖雄,唐卓,肖斌,等. 联邦学习的隐私保护与安全防御研究综述[J]. 计算机学报,2023,46(5):1019-1044. XIAO Xiong, TANG Zhuo, XIAO Bin, et al. Survey on privacy protection and security defense in Federated Learning[J]. Chinese Journal of Computers, 2023, 46(5):1019-1044.
[10] 顾育豪,白跃彬. 联邦学习模型安全与隐私研究进展[J]. 软件学报,2023,34(6):2833-2864. GU Yuhao, BAIYuebin. Research progress on Federated Learning model security and privacy[J]. Journal of Software, 2023, 34(6):2833-2864.
[11] 邱晓慧,杨波,赵孟晨,等. 联邦学习安全防御与隐私保护技术研究[J]. 计算机应用研究,2022,39(11):3220-3231. QIU Xiaohui, YANG Bo, ZHAO Mengchen, et al. Survey on Federated Learning security defense and privacy protection technology[J]. Application Research of Computers, 2022, 39(11):3220-3231.
[12] GUEMBE B, MISRA S, AZETA A. Privacy issues, attacks, countermeasures and open problems in Federated Learning: a survey[J]. Applied Artificial Intelligence, 2024, 38(1):2410504.
[13] ABAD G, PICEK S, RAMÍREZ-DURÁN V J, et al. On the security & privacy in Federated Learning[EB/OL].(2024-08-12)[2025-07-29]. https://arxiv.org/abs/2112.05423.
[14] BAGDASARYAN E, VEIT A, HUA Y, et al. How to backdoor Federated Learning[C] //Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics. Cambridge: PMLR, 2020:2938-2948.
[15] TOLPEGIN V, TRUEX S, GURSOY M E, et al. Data poisoning attacks against Federated Learning systems[C] //Proceedings of the 25th European Symposium on Research in Computer Security. Guildford: Springer, 2020: 480-501.
[16] LI L, FAN Y X, TSE M, et al. A review of applications in Federated Learning[J]. Computers & Industrial Engineering, 2020, 149:106854.
[17] KAIROUZ P, MCMAHAN H B, AVENT B, et al. Advances and open problems in Federated Learning[J]. Foundations and Trends in Machine Learning, 2021, 14(1/2):1-210.
[18] BLANCHARD P, EL MHAMDI E M, GUERRAOUI R, et al. Machine learning with adversaries: byzantine tolerant gradient descent[C] //Proceedings of the 31st International Conference on Neural Information Processing Systems. New York: Curran Associates Inc, 2017:118-128.
[19] KRAUß T, DMITRIENKO A. Mesas: poisoning defense for Federated Learning resilient against adaptive attackers[C] //Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2023: 1526-1540.
[20] GUPTA A, LUO T, NGO M V, et al. Long short history of gradients is all you need: detecting malicious and unreliable clients in Federated Learning[C] //Proceedings of the 27th European Symposium on Research in Computer Security. Cham: Springer, 2022:445-465.
[21] RAZA A, LI S, TRAN K P, et al. Using anomaly detection to detect poisoning attacks in Federated Learning applications[EB/OL].(2022-01-18)[2025-07-29]. https://arxiv.org/abs/2207.08486.
[22] SHEJWALKAR V, HOUMANSADR A. Manipulating the byzantine:optimizing model poisoning attacks and defenses for Federated Learning[C] // Proceedings of the 2021 Network and Distributed System Security Symposium. San Diego: Internet Society, 2021:1-18.
[23] 王波. 联邦学习系统的安全防御与隐私保护技术研究[D]. 太原:太原科技大学,2024:26-39. WANG Bo. Research on security defense and privacy preserving of Federated Learning system[D]. Taiyuan: Taiyuan University of Science and Technology, 2024:26-39.
[24] 邵伟,朱高宇,于雷,等. 高维数据的降维与检索算法[J].山东大学学报(理学版),2024,59(7):27-43. SHAO Wei, ZHU Gaoyu, YU Lei, et al. Dimensionality reduction and retrieval algorithms for high dimensional data[J]. Journal of Shandong University(Natural Science), 2024, 59(7):27-43.
[25] CAO Xiaoyu, FANG Minghong, LIU Jia, et al. FLTrust: byzantine robust Federated Learning via trust bootstrapping[EB/OL].(2020-12-27)[2025-07-29]. https://arxiv.org/abs/2012.13995.
[26] WU Ruihan, CHEN Xiangyu, GUO Chuan, et al. Learning to invert: Simple adaptive attacks for gradient inversion in Federated Learning[C] //Proceedings of the 39th Conference on Uncertainty in Artificial Intelligence. Cambridge: PMLR, 2023:2293-2303.
[27] YU S, CUI L. Security and privacy in Federated Learning[M]. Singapore: Springer Nature, 2023:13-36.
[28] ZHANG Lin, SHEN Li, DING Liang, et al. Fine-tuning global model via data free knowledge distillation for Non-IID Federated Learning[C] //Proceedings of the 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2022:10164-10173.
[29] LIU Yang, FAN Tao, CHEN Tianjian, et al. FATE: an industrial grade platform for collaborative learning with data protection[J]. Journal of Machine Learning Research, 2021, 22(1):1-23.
[30] 潘如晟,韩东明,潘嘉铖,等. 联邦学习可视化:挑战与框架[J]. 计算机辅助设计与图形学学报,2020,32(4):513-519. PAN Rusheng, HAN Dongming, PAN Jiacheng, et al. Visualization for Federated Learning: challenges and framework[J]. Journal of ComputerAided Design & Computer Graphics, 2020, 32(4):513-519.
[31] LI Quan, WEI Xiguang, LIN Huanbin, et al. Inspecting the running process of horizontal Federated Learning via visual analytics[J]. IEEE Transactions on Visualization and Computer Graphics, 2021, 28(12):4085-4100.
[32] TIAN Yun, WANG He, XIE Laixin, et al. VFLens: co-design the modeling process for efficient vertical Federated Learning via visualization[C] //Proceedings of the 22nd International Symposium on Chinese CHI. New York: ACM, 2022:1-14.
[33] WANG Xumeng, CHEN Wei, XIA Jiazhi, et al. HetVis: a visual analysis approach for identifying data heterogeneity in horizontal Federated Learning[J]. IEEE Transactions on Visualization and Computer Graphics, 2022, 29(1):310-319.
[34] 刘灿,赖楚凡,蒋瑞珂,等. 深度学习驱动的可视化[J]. 计算机辅助设计与图形学学报, 2020, 32(10):1537-1548 LIU Cai, LAI Chufan, JIANG Ruike, et al. Visualization driven by deep learning[J]. Journal of Computer Aided Design & Computer Graphics, 2020, 32(10):1537-1548.
[35] BARUCH M, BARUCH G, GOLDBERG Y. A little is enough: circumventing defenses for distributed learning[C] //Proceedings of the 33rd Conference on Neural Information Processing Systems. Vancouver: NeurIPS, 2019:8632-8645.
[36] FUNG C, YOON C J M, BESCHASTNIKH I. Mitigating sybils in Federated Learning poisoning[EB/OL].(2018-08-14)[2025-07-29]. https://arxiv.org/pdf/1808.04866.
[37] CAO Xinyang, LAI Lifeng. Distributed gradient descent algorithm robust to an arbitrary number of byzantine attackers[J]. IEEE Transactions on Signal Processing, 2019, 67(22):5850-5864.
[38] JEONG H, SON H, LEE S, et al. FedCC: robust Federated Learning against model poisoning attacks[EB/OL].(2022-12-05)[2025-07-29]. https://arxiv.org/abs/2212.01976.
[39] 方红燕,张巧巧,杨心雨. 稳健主成分分析方法的稳健性比较[J/OL]. 山东大学学报(理学版),2025. http://kns.cnki.net/kcms/detail/37.1389.N.20250227.1534.008.html. FANG Hongyan, ZHANG Qiaoqiao, YANG Xinyu, et al. Robustness comparison of robust PCA methods[J]. Journal of Shandong University(Natural Science), 2025. http://kns.cnki.net/kcms/detail/37.1389.N.20250227.1534.008.html.
[40] CAO Di, CHANG Shan, LIN Zhijian, et al. Understanding distributed poisoning attack in Federated Learning[C] //Proceedings of the 25th International Conference on Parallel and Distributed Systems. Piscataway: IEEE, 2019:233-239.
[41] ZHAO Bo, SUN Peng, WANG Tao, et al. FedInv: byzantine robust Federated Learning by inversing local model updates[C] //Proceedings of the 36th AAAI Conference on Artificial Intelligence. Palo Alto: AAAI Press, 2022:9171-9179.
[42] LI Liping, XU Wei, CHEN Tianyi, et al. RSA: Byzantine robust stochastic aggregation methods for distributed learning from heterogeneous datasets[C] //Proceedings of the 33rd AAAI Conference on Artificial Intelligence. Palo Alto: AAAI Press, 2019:1544-1551.
[43] GUERRAOUI R, ROUAULT S. The hidden vulnerability of distributed learning inbyzantium[C] //Proceedings of the 35th International Conference on Machine Learning. Cambridge: PMLR, 2018:3521-3530.
[44] FUNG C, YOON C J, BESCHASTNIKH I. The limitations of Federated Learning in sybil settings[C] //Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. Berkeley: USENIX Association, 2020:301-316.
[45] LI Xiangyu, QU Zhe, ZHAO Shangqing, et al. LoMar: a local defense against poisoning attack on Federated Learning[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20:437-450.
[46] JIANG Yifeng, ZHANG Weiwen, Chen Yanxi. Data quality detection mechanism against label flipping attacks in Federated Learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 18:1625-1637. 附录 用户实验结果如表A1所示。在最终的实验设计中,系统模拟了100个客户端在ResNet-18在Cifar-10数据集上进行全局40轮,本地10轮迭代的图像分类联邦学习任务,最终实验详情与结果如表A2所示。 表A1用户实验结果 Table A1Result of user experiment用户名称可识别成功 异常客户端可识别成功 异常迭代轮次可识别异常攻击手段P10—65, 15, 25, 35搭便车攻击、后门攻击、数据加噪攻击、标签翻转攻击P20—65, 15, 25, 35搭便车攻击、后门攻击、数据加噪攻击、标签翻转攻击P30—65, 15, 25, 35搭便车攻击P40—65, 15, 25, 35搭便车攻击P50—65, 15, 25, 35搭便车攻击、后门攻击P60—65, 15, 25, 35搭便车攻击 表A2实验结果(平均准确率94%) Table A2Result of experiment(average accuracy is 94%)总客户端数异常客户 端数攻击轮次攻击类型识别率/%100807后门攻击(语义触发)100.017模型加噪(标准差为0.10的高斯噪声)87.522标签翻转87.527数据加噪(标准差为1.00的高斯噪声)100.037梯度加噪(标准差为0.05的高斯噪声)95.0
[1] 张政胤,王玲玲,黄梅,张玉兴,宋佼蓉. 恶意被动方场景下的纵向联邦学习安全加权聚合[J]. 《山东大学学报(理学版)》, 2026, 61(3): 29-43.
[2] 严晓东. 策略极限理论与策略统计学习[J]. 《山东大学学报(理学版)》, 2024, 59(1): 1-10, 45.
[3] 吴頔,王丽娜,余荣威,章鑫,徐来. 面向云平台安全监控多维数据的离群节点自识别可视化技术[J]. 山东大学学报(理学版), 2017, 52(6): 56-63.
[4] 高元照,李炳龙,吴熙曦. 基于物理内存的注册表逆向重建取证分析算法[J]. 山东大学学报(理学版), 2016, 51(9): 127-136.
[5] 苏卫1,申龙斌1,2,刘卫波3,单修慧4. 储量信息可视化技术研究与实现[J]. J4, 2010, 45(11): 12-15.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2018 《山东大学学报(理学版)》编辑部 
地址: 山东省济南市山大南路27号山东大学中心校区(250100) 电话: +86-0531-88366917 E-mail: xblxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发