This paper argues that much of the existing research on Federated Learning (FL) security is based on idealized assumptions, and provides a practical evaluation framework showing that real-world attack…

The paper proposes a unified closed-loop threat taxonomy to systematically analyze and defend foundation models by explicitly framing the bidirectional security interactions between data and models.

The paper proposes PCDM, a diffusion-based framework that enables highly stealthy and effective data poisoning attacks against Federated Learning systems, significantly degrading global performance wh…

The paper demonstrates that current defenses against malicious fine-tuning of foundation models are insufficient because they only address fixed attacks, and introduces a unified adaptive attack that…

EnCAgg proposes a novel robust aggregation method for federated learning that uses reference clients and advanced clustering techniques to accurately filter dynamic model poisoning attacks while minim…

The paper proposes Federated Adversarial Unlearning (FAUN), a lightweight framework that uses adversarial optimization on a proxy dataset to rapidly and effectively remove the negative impact of poiso…

FedFG introduces a robust federated learning framework using flow-matching generation to simultaneously enhance client privacy and defend against sophisticated poisoning attacks.

SecureAFL introduces a robust framework to secure asynchronous Federated Learning against poisoning attacks by detecting anomalous updates, estimating missing client contributions, and using Byzantine…

FedIDM introduces a novel federated learning framework that uses iterative distribution matching to achieve fast and stable convergence and maintain high model utility even when facing a large proport…

The paper systematically evaluates static and dynamic adversarial attacks on the ALEX learned index, finding that while static poisoning has minimal impact, dynamic attacks can cause significant slowd…

This paper proposes SABLE, a method for generating semantically meaningful and in-distribution backdoor triggers for federated learning, demonstrating that such attacks remain a potent and practical t…

The paper proposes Cluster Segregation Concealment (CSC), a novel defense that identifies and neutralizes backdoor triggers by relabeling poisoned samples to a virtual class, achieving near-zero attac…

The paper introduces PoisonForge, a comprehensive benchmark demonstrating that even a small number of targeted poisoned examples can significantly compromise the safety and reliability of instruction-…

RogueMerge introduces a unified framework to robustly attack LLM model merging by addressing the challenges of autoregressive decoding, unknown merging configurations, and prompt generalization, signi…

This paper analyzes label inference attacks in Vertical Federated Learning (VFL), demonstrating that existing attacks rely on feature-label distribution alignment, and proposes a zero-overhead defense…

The paper demonstrates a gray-box poisoning attack against continuous malware detection pipelines using subtle binary manipulations, showing that IAT-based perturbations can significantly degrade dete…

FedSurrogate introduces a novel backdoor defense for Federated Learning that uses layer-criticality analysis and surrogate replacement to significantly reduce false positives while maintaining high mo…

FedTrident proposes a comprehensive framework to defend Federated Learning-based Road Condition Classification against Targeted Label-Flipping Attacks, achieving robust performance comparable to non-a…

The paper proposes S2-WEF, a novel detection method that simulates potential global-model-based attacks to dynamically identify free-riding clients in Federated Learning, achieving high robustness aga…

The paper introduces the threat model of sequential data poisoning, demonstrating that multiple, collaborating attackers can exploit compound vulnerabilities in LLM post-training pipelines that are in…