PPAPAFL: A Novel Approach to Privacy Protection and Anti-poisoning Attacks in Federated Learning

In the realm of distributed machine learning, although federated learning has received considerable attention, it still confronts grave challenges such as user privacy leakage and poisoning attacks. Regrettably, the demands for privacy preservation and protection against poisoning attacks are conflicting. Measures for privacy protection generally assure the indistinguishability of local parameter updates, which conversely complicates the strategy of defending against poisoning attacks by making it harder to identify malicious users. To address these issues, we propose a privacy-preserving and anti-poisoning attack federated learning (PPAPAFL) scheme. This scheme employs the CKKS homomorphic encryption technique for gradient packaging encryption, thus ensuring data privacy. Concurrently, our designed robust aggregation algorithm can effectively resist poisoning attacks, guaranteeing the model’s integrity and accuracy, and is capable of supporting heterogeneous data in a friendly manner. A plethora of comparative experimental results demonstrate that our scheme can significantly improve the model’s accuracy and robustness, drastically reduce the attack success rate, and effectively protect data privacy. In comparison with advanced schemes such as Trum and PEFL, our scheme achieves a 10–50% improvement in model accuracy and reduces the attack success rate to less than 3%.