LoMar: A Secure Federated Learning Approach Against Model Poisoning Attacks

Article Sidebar

PDF
Published: Apr 14, 2025
Keywords:
Kernel Density Estimation, Model Security, LoMar, Poisoning Attack, Federated Learning

Main Article Content

S. Shaber
Associate Professor & HOD,Department of Computer Science & Engineering ,Chalapathi Institute of Engineering and Technology, LAM, Guntur, AP, India
Bittragunta Siva Krishna
Department of Computer Science and Engineering,Chalapathi Institute of Engineering and Technology, LAM, Guntur, AP, India
Devarapu Amara Nageswara Rao
Department of Computer Science and Engineering,Chalapathi Institute of Engineering and Technology, LAM, Guntur, AP, India
Valluri Mohana Sai
Department of Computer Science and Engineering,Chalapathi Institute of Engineering and Technology, LAM, Guntur, AP, India
Are Ganesh
Department of Computer Science and Engineering,Chalapathi Institute of Engineering and Technology, LAM, Guntur, AP, India

Abstract

With the widespread adoption of Federated Learning (FL) in domains requiring data privacy, such as healthcare, finance, and mobile intelligence, the challenge of model integrity has become increasingly critical. Although FL preserves user privacy by keeping data local and sharing only model updates with a central server, it remains vulnerable to poisoning attacks, where adversaries manipulate local training data to compromise global model performance. In this study, we present LoMar (Local Model Anomaly Rejection)—a lightweight and effective defense mechanism against such poisoning attacks in FL environments. LoMar leverages Kernel Density Estimation (KDE) to evaluate the distribution of client model updates. By measuring deviations from expected update patterns using neighborhood density, LoMar detects and filters out anomalous or malicious model submissions before they influence the global model aggregation.To demonstrate the effectiveness of LoMar, we simulate poisoning by intentionally mislabeling training data within the MNIST digit classification task. The system architecture includes a server module and multiple client applications, with genuine and poisoned model versions being separately uploaded. The server-side implementation of LoMar successfully identifies poisoned models based on KDE threshold evaluations, ensuring only legitimate updates are aggregated. Furthermore, we introduce an extension mechanism involving model compression to minimize communication overhead. This reduces model size by approximately 10%, improving transmission speed and bandwidth efficiency without sacrificing model accuracy.Experimental results show that LoMar not only maintains high classification accuracy in the presence of poisoning but also significantly outperforms FL systems lacking defensive mechanisms. The integration of model compression further enhances system scalability, making LoMar a robust, practical solution for secure and efficient federated learning in real-world scenarios.

Article Details

How to Cite
Shaber , S., Krishna , B. S., Nageswara Rao , D. A., Mohana Sai , V., & Ganesh , A. (2025). LoMar: A Secure Federated Learning Approach Against Model Poisoning Attacks. International Journal on Advanced Computer Engineering and Communication Technology, 14(1), 85–92. Retrieved from https://journals.mriindia.com/index.php/ijacect/article/view/175
Issue
Vol. 14 No. 1 (2025)
Section
Articles

Similar Articles

1 2 3 4 5 6 7 8 9 > >> 

You may also start an advanced similarity search for this article.