Publication: User isolation poisoning on decentralized federated learning: an adversarial message-passing graph neural network approach
| dc.contributor.coauthor | Li, Kai | |
| dc.contributor.coauthor | Liang, Yilei | |
| dc.contributor.coauthor | Lio, Pietro | |
| dc.contributor.coauthor | Ni, Wei | |
| dc.contributor.coauthor | Dressler, Falko | |
| dc.contributor.coauthor | Crowcroft, Jon | |
| dc.contributor.department | Next Generation and Wireless Communication Laboratory | |
| dc.contributor.kuauthor | Akan, Özgür Barış | |
| dc.contributor.schoolcollegeinstitute | Laboratory | |
| dc.date.accessioned | 2026-01-16T08:47:23Z | |
| dc.date.available | 2026-01-16 | |
| dc.date.issued | 2025 | |
| dc.description.abstract | This article proposes a new cyberattack on decentralized federated learning (DFL), named user isolation poisoning (UIP). While following the standard DFL protocol of receiving and aggregating benign local models, a malicious user strategically generates and distributes compromised updates to undermine the learning process. The objective of the new UIP attack is to diminish the impact of benign users by isolating their model updates, thereby manipulating the shared model to reduce the learning accuracy. To realize this attack, we design a novel threat model that leverages an adversarial message-passing graph (MPG) neural network. Through iterative message passing, the adversarial MPG progressively refines the representations (also known as embeddings or hidden states) of each benign local model update. By orchestrating feature exchanges among connected nodes in a targeted manner, the malicious users effectively curtail the genuine data features of benign local models, thereby diminishing their overall influence within the DFL process. The MPG-based UIP attack is implemented in PyTorch, demonstrating that it effectively reduces the test accuracy of DFL by 49.5% and successfully evades existing cosine similarity- and Euclidean distance-based defense strategies. | |
| dc.description.fulltext | No | |
| dc.description.harvestedfrom | Manual | |
| dc.description.indexedby | WOS | |
| dc.description.indexedby | Scopus | |
| dc.description.indexedby | PubMed | |
| dc.description.publisherscope | International | |
| dc.description.readpublish | N/A | |
| dc.description.sponsoredbyTubitakEu | N/A | |
| dc.description.sponsorship | Startup Fund from the College of Computing and Software Engineering, Kennesaw State University; Fundacao para a Ciencia e a Tecnologia (Portuguese Foundation for Science and Technology) through the Carnegie Mellon Portugal Program; AXA Research Fund (AXA Chair for Internet of Everything at Koc University) | |
| dc.identifier.doi | 10.1109/TNNLS.2025.3636440 | |
| dc.identifier.eissn | 2162-2388 | |
| dc.identifier.embargo | No | |
| dc.identifier.issn | 2162-237X | |
| dc.identifier.pubmed | 41329589 | |
| dc.identifier.quartile | N/A | |
| dc.identifier.scopus | 2-s2.0-105023853655 | |
| dc.identifier.uri | https://doi.org/10.1109/TNNLS.2025.3636440 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14288/32149 | |
| dc.identifier.wos | 001632056600001 | |
| dc.keywords | Computational modeling | |
| dc.keywords | Data models | |
| dc.keywords | Training | |
| dc.keywords | Accuracy | |
| dc.keywords | Electronic mail | |
| dc.keywords | Correlation | |
| dc.keywords | Servers | |
| dc.keywords | Euclidean distance | |
| dc.keywords | Computer science | |
| dc.keywords | Threat modeling | |
| dc.keywords | Decentralized federated learning (DFL) | |
| dc.keywords | Message-passing graph (MPG) neural networks | |
| dc.keywords | Model correlations | |
| dc.keywords | Poisoning attack | |
| dc.keywords | User isolation | |
| dc.language.iso | eng | |
| dc.publisher | IEEE | |
| dc.relation.affiliation | Koç University | |
| dc.relation.collection | Koç University Institutional Repository | |
| dc.relation.ispartof | IEEE Transactions on Neural Networks and Learning Systems | |
| dc.relation.openaccess | No | |
| dc.rights | Copyrighted | |
| dc.subject | Artificial intelligence | |
| dc.subject | Computer science | |
| dc.subject | Electrical and electronic engineering | |
| dc.title | User isolation poisoning on decentralized federated learning: an adversarial message-passing graph neural network approach | |
| dc.type | Journal Article | |
| dspace.entity.type | Publication | |
| person.familyName | Akan | |
| person.givenName | Özgür Barış | |
| relation.isOrgUnitOfPublication | a5d3121b-8789-4c71-84d3-12bf643bfef9 | |
| relation.isOrgUnitOfPublication.latestForDiscovery | a5d3121b-8789-4c71-84d3-12bf643bfef9 | |
| relation.isParentOrgUnitOfPublication | 20385dee-35e7-484b-8da6-ddcc08271d96 | |
| relation.isParentOrgUnitOfPublication.latestForDiscovery | 20385dee-35e7-484b-8da6-ddcc08271d96 |