JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2026, Vol. 61 ›› Issue (6): 35-50.doi: 10.6040/j.issn.1671-9352.5.2025.121

Previous Articles    

FACDVis: a visual analysis method for abnormal client detection in Federated Learning

FANG Peng1,2,3, ZHAO Fan1,3*, WANG Yi1,3, HUANG Hancheng1,2,3, WANG Baoquan1,3, MA Yupeng1,3   

  1. 1. Laboratory of Multilingual Information Technology, Xinjiang Technical Institute of Physics and Chemistry, Chinese Academy of Sciences, Urumqi 830011, Xinjiang, China;
    2. University of Chinese Academy of Sciences, Beijing 100049, China;
    3. Xinjiang Laboratory of Minority Speech and Language Information Processing, Urumqi 830011, Xinjiang, China
  • Published:2026-06-04

PDF (PC)

1

Abstract: Federated Learning enables multi-party data value sharing with privacy protection and has been widely applied in many fields such as healthcare and energy. However, the existence of abnormal clients can degrade the models performance and reduce system efficiency. Traditional abnormal clients detection algorithms rely on the assumption that the majority of clients are benign, which makes them ineffective against complex attacks and lacks interpretability. To address these issues, a visual analysis method for abnormal client detection in Federated Learning, named FACDVis, is proposed. The method first identifies suspicious clients and anomalous training rounds through the model performance evolution evaluation framework. Next, through the model behavior pattern analysis framework, it further locates the abnormal clients and their corresponding iterations. Finally, parameter heterogeneity diagnosis framework is employed to deeply analyze the attack methods and construct an interpretable multidimensional evidence chain detection framework. Experiments demonstrated that the proposed method effectively resolves data poisoning, model poisoning, and other attacks even when the number of abnormal clients exceeds 80%, the average recognition accuracy rate reaches 94%.

Key words: visualization, Federated Learning, abnormal client detection, interpretability

CLC Number: 

  • TP391
[1] MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication efficient learning of deep networks from decentralized data[C] //Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. Brookline: Microtome Publishing, 2017:1273-1282.
[2] YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated machine learning: concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2):1-19.
[3] 中国信息通信研究院.联邦学习应用安全研究报告(2023)[EB/OL].(2023-01-01)[2025-07-29]. https://aigc.idigital.com.cn/djyanbao/. China Academy of Information and Communications Technology. Federated Learning application security research report(2023)[EB/OL].(2023-01-01)[2025-07-29]. https://aigc.idigital.com.cn/djyanbao/.
[4] KONECNY J, MCMAHAN H B, YU F X, et al. Federated Learning: strategies for improving communication efficiency[EB/OL].(2016-10-18)[2025-07-29]. https://arxiv.org/abs/1610.05492.
[5] ABHISHEK V A, BINNY S, JOHAN T R, et al. Federated Learning: collaborative machine learning without centralized training data[J]. International Journal of Engineering Technology and Management Sciences, 2022, 6(5):355-359.
[6] 王生生,路淑贞,曹斌. 面向隐私保护联邦学习的医学影像目标检测算法[J]. 计算机辅助设计与图形学学报,2021,33(10):1553-1562. WANG Shengsheng, LU Shuzhen, CAO Bin. Medical image object detection algorithm for privacy preserving Federated Learning[J]. Journal of Computer-Aided Design & Computer Graphics, 2021, 33(10):1553-1562.
[7] 刘新,刘冬兰,付婷,等. 基于联邦学习的时间序列预测算法[J]. 山东大学学报(工学版),2024,54(3):55-63. LIU Xin, LIU Donglan, FU Ting, et al. Time series forecasting algorithm based on Federated Learning[J]. Journal of Shandong University(Engineering Science), 2024, 54(3):55-63.
[8] 微众银行,鹏城实验室,中国信息通信研究院,等. 联邦学习白皮书(2.0版)[R]. 深圳:微众银行,2020. WeBank, Peng Cheng Laboratory, China Academy of Information and Communications Technology, et al. Federated Learning white paper(V2.0)[R]. Shenzhen: WeBank, 2020.
[9] 肖雄,唐卓,肖斌,等. 联邦学习的隐私保护与安全防御研究综述[J]. 计算机学报,2023,46(5):1019-1044. XIAO Xiong, TANG Zhuo, XIAO Bin, et al. Survey on privacy protection and security defense in Federated Learning[J]. Chinese Journal of Computers, 2023, 46(5):1019-1044.
[10] 顾育豪,白跃彬. 联邦学习模型安全与隐私研究进展[J]. 软件学报,2023,34(6):2833-2864. GU Yuhao, BAIYuebin. Research progress on Federated Learning model security and privacy[J]. Journal of Software, 2023, 34(6):2833-2864.
[11] 邱晓慧,杨波,赵孟晨,等. 联邦学习安全防御与隐私保护技术研究[J]. 计算机应用研究,2022,39(11):3220-3231. QIU Xiaohui, YANG Bo, ZHAO Mengchen, et al. Survey on Federated Learning security defense and privacy protection technology[J]. Application Research of Computers, 2022, 39(11):3220-3231.
[12] GUEMBE B, MISRA S, AZETA A. Privacy issues, attacks, countermeasures and open problems in Federated Learning: a survey[J]. Applied Artificial Intelligence, 2024, 38(1):2410504.
[13] ABAD G, PICEK S, RAMÍREZ-DURÁN V J, et al. On the security & privacy in Federated Learning[EB/OL].(2024-08-12)[2025-07-29]. https://arxiv.org/abs/2112.05423.
[14] BAGDASARYAN E, VEIT A, HUA Y, et al. How to backdoor Federated Learning[C] //Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics. Cambridge: PMLR, 2020:2938-2948.
[15] TOLPEGIN V, TRUEX S, GURSOY M E, et al. Data poisoning attacks against Federated Learning systems[C] //Proceedings of the 25th European Symposium on Research in Computer Security. Guildford: Springer, 2020: 480-501.
[16] LI L, FAN Y X, TSE M, et al. A review of applications in Federated Learning[J]. Computers & Industrial Engineering, 2020, 149:106854.
[17] KAIROUZ P, MCMAHAN H B, AVENT B, et al. Advances and open problems in Federated Learning[J]. Foundations and Trends in Machine Learning, 2021, 14(1/2):1-210.
[18] BLANCHARD P, EL MHAMDI E M, GUERRAOUI R, et al. Machine learning with adversaries: byzantine tolerant gradient descent[C] //Proceedings of the 31st International Conference on Neural Information Processing Systems. New York: Curran Associates Inc, 2017:118-128.
[19] KRAUß T, DMITRIENKO A. Mesas: poisoning defense for Federated Learning resilient against adaptive attackers[C] //Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2023: 1526-1540.
[20] GUPTA A, LUO T, NGO M V, et al. Long short history of gradients is all you need: detecting malicious and unreliable clients in Federated Learning[C] //Proceedings of the 27th European Symposium on Research in Computer Security. Cham: Springer, 2022:445-465.
[21] RAZA A, LI S, TRAN K P, et al. Using anomaly detection to detect poisoning attacks in Federated Learning applications[EB/OL].(2022-01-18)[2025-07-29]. https://arxiv.org/abs/2207.08486.
[22] SHEJWALKAR V, HOUMANSADR A. Manipulating the byzantine:optimizing model poisoning attacks and defenses for Federated Learning[C] // Proceedings of the 2021 Network and Distributed System Security Symposium. San Diego: Internet Society, 2021:1-18.
[23] 王波. 联邦学习系统的安全防御与隐私保护技术研究[D]. 太原:太原科技大学,2024:26-39. WANG Bo. Research on security defense and privacy preserving of Federated Learning system[D]. Taiyuan: Taiyuan University of Science and Technology, 2024:26-39.
[24] 邵伟,朱高宇,于雷,等. 高维数据的降维与检索算法[J].山东大学学报(理学版),2024,59(7):27-43. SHAO Wei, ZHU Gaoyu, YU Lei, et al. Dimensionality reduction and retrieval algorithms for high dimensional data[J]. Journal of Shandong University(Natural Science), 2024, 59(7):27-43.
[25] CAO Xiaoyu, FANG Minghong, LIU Jia, et al. FLTrust: byzantine robust Federated Learning via trust bootstrapping[EB/OL].(2020-12-27)[2025-07-29]. https://arxiv.org/abs/2012.13995.
[26] WU Ruihan, CHEN Xiangyu, GUO Chuan, et al. Learning to invert: Simple adaptive attacks for gradient inversion in Federated Learning[C] //Proceedings of the 39th Conference on Uncertainty in Artificial Intelligence. Cambridge: PMLR, 2023:2293-2303.
[27] YU S, CUI L. Security and privacy in Federated Learning[M]. Singapore: Springer Nature, 2023:13-36.
[28] ZHANG Lin, SHEN Li, DING Liang, et al. Fine-tuning global model via data free knowledge distillation for Non-IID Federated Learning[C] //Proceedings of the 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition. New York: IEEE, 2022:10164-10173.
[29] LIU Yang, FAN Tao, CHEN Tianjian, et al. FATE: an industrial grade platform for collaborative learning with data protection[J]. Journal of Machine Learning Research, 2021, 22(1):1-23.
[30] 潘如晟,韩东明,潘嘉铖,等. 联邦学习可视化:挑战与框架[J]. 计算机辅助设计与图形学学报,2020,32(4):513-519. PAN Rusheng, HAN Dongming, PAN Jiacheng, et al. Visualization for Federated Learning: challenges and framework[J]. Journal of ComputerAided Design & Computer Graphics, 2020, 32(4):513-519.
[31] LI Quan, WEI Xiguang, LIN Huanbin, et al. Inspecting the running process of horizontal Federated Learning via visual analytics[J]. IEEE Transactions on Visualization and Computer Graphics, 2021, 28(12):4085-4100.
[32] TIAN Yun, WANG He, XIE Laixin, et al. VFLens: co-design the modeling process for efficient vertical Federated Learning via visualization[C] //Proceedings of the 22nd International Symposium on Chinese CHI. New York: ACM, 2022:1-14.
[33] WANG Xumeng, CHEN Wei, XIA Jiazhi, et al. HetVis: a visual analysis approach for identifying data heterogeneity in horizontal Federated Learning[J]. IEEE Transactions on Visualization and Computer Graphics, 2022, 29(1):310-319.
[34] 刘灿,赖楚凡,蒋瑞珂,等. 深度学习驱动的可视化[J]. 计算机辅助设计与图形学学报, 2020, 32(10):1537-1548 LIU Cai, LAI Chufan, JIANG Ruike, et al. Visualization driven by deep learning[J]. Journal of Computer Aided Design & Computer Graphics, 2020, 32(10):1537-1548.
[35] BARUCH M, BARUCH G, GOLDBERG Y. A little is enough: circumventing defenses for distributed learning[C] //Proceedings of the 33rd Conference on Neural Information Processing Systems. Vancouver: NeurIPS, 2019:8632-8645.
[36] FUNG C, YOON C J M, BESCHASTNIKH I. Mitigating sybils in Federated Learning poisoning[EB/OL].(2018-08-14)[2025-07-29]. https://arxiv.org/pdf/1808.04866.
[37] CAO Xinyang, LAI Lifeng. Distributed gradient descent algorithm robust to an arbitrary number of byzantine attackers[J]. IEEE Transactions on Signal Processing, 2019, 67(22):5850-5864.
[38] JEONG H, SON H, LEE S, et al. FedCC: robust Federated Learning against model poisoning attacks[EB/OL].(2022-12-05)[2025-07-29]. https://arxiv.org/abs/2212.01976.
[39] 方红燕,张巧巧,杨心雨. 稳健主成分分析方法的稳健性比较[J/OL]. 山东大学学报(理学版),2025. http://kns.cnki.net/kcms/detail/37.1389.N.20250227.1534.008.html. FANG Hongyan, ZHANG Qiaoqiao, YANG Xinyu, et al. Robustness comparison of robust PCA methods[J]. Journal of Shandong University(Natural Science), 2025. http://kns.cnki.net/kcms/detail/37.1389.N.20250227.1534.008.html.
[40] CAO Di, CHANG Shan, LIN Zhijian, et al. Understanding distributed poisoning attack in Federated Learning[C] //Proceedings of the 25th International Conference on Parallel and Distributed Systems. Piscataway: IEEE, 2019:233-239.
[41] ZHAO Bo, SUN Peng, WANG Tao, et al. FedInv: byzantine robust Federated Learning by inversing local model updates[C] //Proceedings of the 36th AAAI Conference on Artificial Intelligence. Palo Alto: AAAI Press, 2022:9171-9179.
[42] LI Liping, XU Wei, CHEN Tianyi, et al. RSA: Byzantine robust stochastic aggregation methods for distributed learning from heterogeneous datasets[C] //Proceedings of the 33rd AAAI Conference on Artificial Intelligence. Palo Alto: AAAI Press, 2019:1544-1551.
[43] GUERRAOUI R, ROUAULT S. The hidden vulnerability of distributed learning inbyzantium[C] //Proceedings of the 35th International Conference on Machine Learning. Cambridge: PMLR, 2018:3521-3530.
[44] FUNG C, YOON C J, BESCHASTNIKH I. The limitations of Federated Learning in sybil settings[C] //Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. Berkeley: USENIX Association, 2020:301-316.
[45] LI Xiangyu, QU Zhe, ZHAO Shangqing, et al. LoMar: a local defense against poisoning attack on Federated Learning[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20:437-450.
[46] JIANG Yifeng, ZHANG Weiwen, Chen Yanxi. Data quality detection mechanism against label flipping attacks in Federated Learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 18:1625-1637. 附录 用户实验结果如表A1所示。在最终的实验设计中,系统模拟了100个客户端在ResNet-18在Cifar-10数据集上进行全局40轮,本地10轮迭代的图像分类联邦学习任务,最终实验详情与结果如表A2所示。 表A1用户实验结果 Table A1Result of user experiment用户名称可识别成功 异常客户端可识别成功 异常迭代轮次可识别异常攻击手段P10—65, 15, 25, 35搭便车攻击、后门攻击、数据加噪攻击、标签翻转攻击P20—65, 15, 25, 35搭便车攻击、后门攻击、数据加噪攻击、标签翻转攻击P30—65, 15, 25, 35搭便车攻击P40—65, 15, 25, 35搭便车攻击P50—65, 15, 25, 35搭便车攻击、后门攻击P60—65, 15, 25, 35搭便车攻击 表A2实验结果(平均准确率94%) Table A2Result of experiment(average accuracy is 94%)总客户端数异常客户 端数攻击轮次攻击类型识别率/%100807后门攻击(语义触发)100.017模型加噪(标准差为0.10的高斯噪声)87.522标签翻转87.527数据加噪(标准差为1.00的高斯噪声)100.037梯度加噪(标准差为0.05的高斯噪声)95.0
[1] ZHANG Zhengyin, WANG Lingling, HUANG Mei, ZHANG Yuxing, SONG Jiaorong. Secure weighted aggregation for VFL with malicious passive parties [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2026, 61(3): 29-43.
[2] Xiaodong YAN. Strategic limit theory and strategic statistical learning [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2024, 59(1): 1-10, 45.
[3] WU Di, WANG Li-na, YU Rong-wei, ZHANG Xin, XU Lai. Multidimensional data visualization in cloud platform security monitoring [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 56-63.
[4] GAO Yuan-zhao, LI Bing-long, WU Xi-xi. A forensic analysis algorithm of registry reverse reconstruction based on physical memory [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 127-136.
[5] SU Wei1, SHEN Long-bin1,2, LIU Wei-bo3, SHAN Xiu-hui4. The study and implement of visualization  technology of reserve information [J]. J4, 2010, 45(11): 12-15.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd