Contact Us
Journal Statistics & Approval Details
Recent Published Paper
Our Author's Feedback
 •  SJIF Impact Factor: 8.067       •  ISRA Impact Factor 7.894       •  Hard Copy of Certificates to All Authors       •  DOI by Crossref for all Published Papers       •  Soft Copy of Certificates- Within 04 Hours       •  Authors helpline No: +91-8813907089(Whatsapp)       •  No Publication Fee for Paper Submission       •  Hard Copy of Certificates to all Authors       •  UGC Approved Journal: IJRASET- Click here to Check       •  Conference on 18th and 19th Dec at Sridevi Womens Engineering College     
ISSN: 2321-9653
Estd : 2013

Ijraset Journal For Research in Applied Science and Engineering Technology

Enhancing Data Privacy and Efficiency in Distributed Systems: A Federated Learning Approach

Authors: Shruti Patel, Ketul Prajapati , Stavan Prasad, Prof. Khushbu Maurya

DOI Link: https://doi.org/10.22214/ijraset.2026.77405

Certificate: View Certificate

Abstract

Federated Learning (FL) enables collaborative machine learning while preserving data locality, making it crucial for privacy-sensitive domains like healthcare and finance. However, existing FL systems remain vulnerable to sophisticated adversarial attacks, including sybil-based data reconstruction, membership inference, and trap weight injection attacks. Current defense mechanisms operate in isolation and struggle against coordinated multi-client attacks with adaptive strategies. To address these limitations, we propose an Enhanced Privacy-Preserving Federated Learning (EPPFL) framework featuring a comprehensive multi-layer defense mechanism that integrates dynamic anomaly detection, adaptive differential privacy, and singular value decomposition (SVD) - based trap weight neutralization. We demonstrate the framework’s effectiveness in protecting sensitive healthcare data while preserving model utility and client privacy. This work advances the field of secure federated learning by providing the first comprehensive multi-layered defense framework capable of countering coordinated adversarial attacks in practical FL deployments across sensitive domains.

Introduction

Federated Learning (FL) is a decentralized machine learning approach where multiple clients (e.g., mobile devices, hospitals, financial institutions) train models locally using their own data. Instead of sharing raw data, clients transmit only model updates (gradients or weights) to a central server. This preserves data privacy, reduces communication overhead, and aligns with regulations such as GDPR and HIPAA. FL is especially valuable in sensitive domains like healthcare and finance, where data confidentiality, regulatory compliance, and user trust are critical.

Motivation for Privacy-Preserving Distributed Learning

Privacy-preserving FL addresses several key needs:

  • Protection of sensitive data such as personal, medical, and financial information.

  • Regulatory compliance with data protection laws (e.g., GDPR).

  • User trust and engagement, ensuring users feel safe sharing data.

  • Data minimization, since raw data remains local.

  • Collaborative learning benefits, enabling institutions to jointly improve models without exposing private data.

In healthcare, privacy preservation supports patient confidentiality, informed consent, and safe use of sensitive data like genomic information. In finance, it protects confidential business and customer data while enabling advanced analytics and secure collaboration.

Threat Landscape in Federated Learning

Despite its privacy-oriented design, FL faces serious security risks due to its decentralized nature and gradient sharing.

Critical Privacy Threats

  • Gradient leakage and data reconstruction attacks, where adversaries recover training data from gradients.

  • Model inversion attacks, reconstructing sensitive information from updates.

  • Advanced gradient inversion techniques, capable of bypassing noise addition and pruning defenses.

High-Impact Integrity Threats

  • Sybil attacks, where attackers create multiple fake clients.

  • Data and model poisoning attacks, degrading model performance.

  • Backdoor injection, embedding hidden malicious behaviors into the global model.

Moderate Privacy Threats

  • Membership inference attacks, identifying whether a specific data sample belongs to a client.

  • Source inference attacks, determining which client owns certain data.

  • Property inference attacks, extracting sensitive dataset characteristics from aggregated updates.

Limitations of Existing Defenses

Current defense mechanisms are fragmented and limited:

Privacy Mechanisms

  • Differential Privacy (DP-SGD): Adds noise but reduces accuracy and requires complex tuning.

  • Secure Aggregation: Protects updates but struggles against malicious clients and incurs overhead.

  • Knowledge Distillation: Reduces exposure but depends on auxiliary data and offers limited inference protection.

Integrity Defenses

  • Anomaly detection: High false positive rates in non-IID settings.

  • Robust aggregation methods: Performance degradation and limited adaptability.

Auxiliary Mechanisms

  • Regularization and adversarial training offer only indirect protection and high computational costs.

Research Gaps Identified

The literature reveals key shortcomings:

  1. Single-layer defenses are ineffective against coordinated attacks.

  2. Lack of multi-threat coverage — most defenses address either privacy or integrity, not both.

  3. Scalability challenges in large federated networks.

  4. Insufficient theoretical guarantees on robustness and stability.

  5. Dependence on distribution assumptions, limiting effectiveness in heterogeneous (non-IID) environments.

These gaps motivate the proposed Enhanced Privacy-Preserving Federated Learning (EPPFL) framework.

Proposed Methodology: Enhanced Privacy-Preserving Federated Learning (EPPFL)

The proposed system introduces a comprehensive eight-layer defense mechanism integrated into the federated learning pipeline.

System Architecture

  • Standard FL setup with K clients.

  • Non-IID heterogeneous data distribution.

  • Semi-honest server assumption.

  • Dynamic, asynchronous client participation.

Threat Model

The framework defends against:

  1. Sybil-based attackers

  2. Privacy inference attackers

  3. Trap weight (backdoor) injection attackers

Eight-Layer Defense Framework

Each training round passes through multiple detection layers:

  1. Zero Gradient Detection – Identifies suspicious uniform or near-zero gradients.

  2. Behavioral Anomaly Detection – Monitors client accuracy consistency, participation patterns, and gradient variance.

  3. Gradient Norm Anomaly Detection – Uses modified Z-score and MAD for robust outlier detection.

  4. Consistency Detection – Identifies coordinated attacks via gradient similarity analysis.

  5. Clustering-Based Detection (DBSCAN) – Detects isolated anomalous clients.

  6. Accuracy Anomaly Detection – Flags statistically abnormal local accuracy.

  7. Entropy-Based Pattern Detection – Identifies structured low-variance gradient manipulation.

  8. Honeypot Misclassification Detection – Uses synthetic test samples to expose malicious behavior.

Decision and Adaptation Mechanisms

  • Weighted Voting System combines outputs from all layers using optimized weights.

  • Adaptive Thresholding adjusts detection sensitivity dynamically.

  • Dynamic Trust Score Management updates client trust based on past behavior.

  • Adaptive Differential Privacy adds gradient-dependent noise.

  • Three-stage gradient sanitization (clipping, noise addition, secure aggregation).

Conclusion

This work presents a comprehensive multi-layered defense framework for federated learning that addresses critical security vulnerabilities in distributed machine learning systems. Our Enhanced Privacy-Preserving Federated Learning (EPPFL) framework demonstrates significant improvements in defending against coordinated adversarial attacks while maintaining model utility. The framework successfully reduces attack success rates to below 45% while maintaining zero false positives, making it suitable for deployment in privacy-sensitive domains. The convergence analysis provides a foundation for adaptive defense mechanisms that evolve with attack strategies. This work establishes both theoretical foundations and practical guidelines for secure federated learning deployment, contributing to sustainable adoption of privacy-preserving machine learning in sensitive applications and providing a foundation for future research in adaptive security mechanisms, cross-domain federated learning protection, and trustworthy distributed machine learning systems. The framework bridges the gap between theoretical security guarantees and practical federated learning deployment, contributing to the sustainable adoption of privacy-preserving machine learning in sensitive applications.

References

[1] T. Li, A. K. Sahu, A. Talwalkar and V. Smith, \"Federated Learning: Challenges, Methods, and Future Directions,\" in IEEE Signal Processing Magazine, vol. 37, no. 3, pp. 50-60, May 2020, doi: 10.1109/MSP.2020.2975749 [2] Brisimi, T. S., Chen, R., Mela, T., Olshevsky, A., Paschalidis, I. C., & Shi, W. (2018). Federated learning of predictive models from federated electronic health records. International journal of medical informatics, 112, 59-67. [3] McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017, April). Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics (pp. 1273-1282). PMLR. [4] Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A. N., ... & Zhao, S. (2021). Advances and open problems in federated learning. Foundations and trends® in machine learning, 14(1–2), 1-210. [5] Dwork, C. (2006, July). Differential privacy. In International colloquium on automata, languages, and programming (pp. 1-12). Berlin, Heidelberg: Springer Berlin Heidelberg. [6] Shokri, R., & Shmatikov, V. (2015, October). Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (pp. 1310-1321). [7] Brisimi, T. S., Chen, R., Mela, T., Olshevsky, A., Paschalidis, I. C., & Shi, W. (2018). Federated learning of predictive models from federated electronic health records. International journal of medical informatics, 112, 59-67. [8] Rieke, N., Hancox, J., Li, W., Milletari, F., Roth, H. R., Albarqouni, S., ... & Cardoso, M. J. (2020). The future of digital health with federated learning. NPJ digital medicine, 3(1), 119. [9] Effendi, F., & Chattopadhyay, A. (2024, December). Privacy-preserving graph-based machine learning with fully homomorphic encryption for collaborative anti-money laundering. In International Conference on Security, Privacy, and Applied Cryptography Engineering (pp. 80-105). Cham: Springer Nature Switzerland. [10] Arora, S., Beams, A., Chatzigiannis, P., Meiser, S., Patel, K., Raghuraman, S., ... & Zamani, M. (2024, December). Privacy-preserving financial anomaly detection via federated learning & multi-party computation. In 2024 annual computer security applications conference workshops (ACSAC workshops) (pp. 270-279). IEEE. [11] Byrd, D., & Polychroniadou, A. (2020, October). Differentially private secure multi-party computation for federated learning in financial applications. In Proceedings of the first ACM international conference on AI in finance (pp. 1-9). [12] Turner, Zoey & Parker, Christian & Evans, Nora & Edwards, Thomas & Yusuff, Mariam. (2024). Model Inversion and Membership Inference Attacks in Federated Learning. [13] Wu, R., Chen, X., Guo, C., & Weinberger, K. Q. (2023, July). Learning to invert: Simple adaptive attacks for gradient inversion in federated learning. In Uncertainty in Artificial Intelligence (pp. 2293-2303). PMLR. [14] Shi, S., Wang, N., Xiao, Y., Zhang, C., Shi, Y., Hou, Y. T., & Lou, W. (2023). Scale-mia: A scalable model inversion attack against secure federated learning via latent space reconstruction. arXiv preprint arXiv:2311.05808. [15] Zhu, C., Wu, Q., Lyu, L., & Xue, S. (2025). Sybil-based Virtual Data Poisoning Attacks in Federated Learning. arXiv preprint arXiv:2505.09983. [16] Pichler, G., Romanelli, M., Vega, L. R., & Piantanida, P. (2023). Perfectly accurate membership inference by a dishonest central server in federated learning. IEEE Transactions on Dependable and Secure Computing, 21(4), 4290-4296. [17] Hu, H., Zhang, X., Salcic, Z., Sun, L., Choo, K. K. R., & Dobbie, G. (2023). Source inference attacks: Beyond membership inference attacks in federated learning. IEEE Transactions on Dependable and Secure Computing, 21(4), 3012-3029. [18] Kerkouche, R., Ács, G., & Fritz, M. (2023, November). Client-specific property inference against secure aggregation in federated learning. In Proceedings of the 22nd Workshop on Privacy in the Electronic Society (pp. 45-60). [19] Ben Hamida, S., Mrabet, H., Chaieb, F. et al. Assessment of data augmentation, dropout with L2 Regularization and differential privacy against membership inference attacks. Multimed Tools Appl 83, 44455–44484 (2024). https://doi.org/10.1007/s11042-023-17394-3 [20] Georgieva Belorgey, M., Dandjee, S., Gama, N., Jetchev, D., & Mikushin, D. (2023, November). Falkor: Federated Learning Secure Aggregation Powered by AESCTR GPU Implementation. In Proceedings of the 11th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (pp. 11-22). [21] Thi Thanh Thuy Pham and Huong-Giang Doan, “An Optimal Knowledge Distillation for Formulating an Effective Defense Model Against Membership Inference Attacks” International Journal of Advanced Computer Science and Applications(IJACSA), 15(5), 2024. http://dx.doi.org/10.14569/IJACSA.2024.01505140 [22] X. Mu et al., \"FedDMC: Efficient and Robust Federated Learning via Detecting Malicious Clients\" in IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 06, pp. 5259-5274, Nov.-Dec. 2024, doi: 10.1109/TDSC.2024.3372634. [23] Li, Shenghui & Ngai, Cheuk & Voigt, Thiemo. (2022). An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning. 10.36227/techrxiv.19560325.v1. [24] Ben Hamida, S., Ben Hamida, S., Snoun, A., Jemai, O., & Jemai, A. (2024). The influence of dropout and residual connection against membership inference attacks on transformer model: a neuro generative disease case study. Multimedia Tools and Applications, 83(6), 16231-1653. [25] Li, J., Li, N., & Ribeiro, B. (2024). \"MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace Training.\" USENIX Security Symposium. [26] Yaldiz, D. N., Zhang, T., & Avestimehr, S. (2023). Secure federated learning against model poisoning attacks via client filtering. arXiv preprint arXiv:2304.00160. [27] Jiang, Y., Li, Y., Zhou, Y., & Zheng, X. (2020). Mitigating sybil attacks on differential privacy based federated learning. arXiv preprint arXiv:2010.10572. [28] Xie, Y., Fang, M., & Gong, N. Z. (2024). FedREDefense: Defending against model poisoning attacks for federated learning using model update reconstruction error. Forty-first International Conference on Machine Learning. https://openreview.net/forum?id=Wjq2bS7fTK

Download Paper

Paper Id : IJRASET77405

Publish Date : 2026-02-10

ISSN : 2321-9653

Publisher Name : IJRASET

DOI Link : Click Here

Whatsapp Submit Paper Online