Investigating the Impact of Label-flipping Attacks against Federated Learning for Collaborative Intrusion Detection

LAVAUR, Léo; Busnel, Yann; Autrel, Fabien

doi:10.1016/j.cose.2025.104462

Download

Article (Scientific journals)

Investigating the Impact of Label-flipping Attacks against Federated Learning for Collaborative Intrusion Detection

LAVAUR, Léo; Busnel, Yann; Autrel, Fabien

2025 • In Computers and Security

Peer reviewed

Permalink
https://hdl.handle.net/10993/65906

DOI
10.1016/j.cose.2025.104462

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Investigating_the_Impact_of_Label_flipping_Attacks_against_Federated_Learning_for_Collaborative_Intrusion_Detection.pdf

Author postprint (1.34 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Federated learning; Intrusion detection; Data-poisoning; Label-flipping; Systematic analysis; Quantitative assessment

Abstract :

[en] The recent advances in fl and its promise of privacy-preserving information sharing have led to a renewed interest in the development of collaborative models for Intrusion Detection Systems (IDSs). However, its distributed nature makes fl vulnerable to malicious contributions from its participants, including data poisoning attacks. Label-flipping attacks—where the labels of a subset of the training data are flipped—have been overlooked in the context of IDS that leverage fl primitives. This work contributes to closing this gap by providing a systematic and comprehensive overview of the impact of label-flipping attacks on Federated IDSs (FIDSs). We show that the effects of such attacks can range from severe to highly mitigated, depending on hyperparameters and dataset characteristics, and that their mitigation is non-trivial in heterogeneous settings. We discuss these findings in the context of existing literature and propose recommendations for the evaluation of FIDSs. Finally, we provide a methodology and tools to extend our findings to other models and datasets, thus enabling the comparable evaluation of existing and future countermeasures.

Disciplines :

Computer science

Author, co-author :

LAVAUR, Léo ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

Busnel, Yann; Institut Mines-Télécom ; IRISA > SOTERN

Autrel, Fabien; IMT Atlantique > SRCD ; IRISA > SOTERN

External co-authors :

yes

Language :

English

Title :

Investigating the Impact of Label-flipping Attacks against Federated Learning for Collaborative Intrusion Detection

Publication date :

April 2025

Journal title :

Computers and Security

ISSN :

0167-4048

eISSN :

1872-6208

Publisher :

Elsevier

Special issue title :

Advances in Robust Intrusion Detection through Machine Learning

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 29 September 2025

Statistics

Number of views

13 (0 by Unilu)

Number of downloads

25 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

ACM, Artifact Review and Badging v1.1. 2020 https://www.acm.org/publications/policies/artifact-review-and-badging-current.
Agrawal, S., Sarkar, S., Aouedi, O., Yenduri, G., Piamrat, K., Alazab, M., Bhattacharya, S., Maddikunta, P.K.R., Gadekallu, T.R., Federated learning for intrusion detection system: concepts, challenges and future directions. Comput. Commun. 195 (2022), 346–361, 10.1016/j.comcom.2022.09.012.
Alazab, M., R M, S.P., M, P., Reddy, P., Gadekallu, T.R., Pham, Q.-V., Federated learning for cybersecurity: concepts, challenges and future directions. IEEE Trans. Ind. Inf., 2021, 1 http://dx.doi.org/10/gnm4dj.
Awan, S., Luo, B., Li, F., CONTRA: Defending Against Poisoning Attacks in Federated Learning. Bertino, E., Shulman, H., Waidner, M., (eds.) Computer Security – ESORICS 2021 Lecture Notes in Computer Science, 2021, Springer International Publishing, Cham, 455–475, 10.1007/978-3-030-88418-5_22.
Beutel, D.J., Topal, T., Mathur, A., Qiu, X., Parcollet, T., Lane, N.D., Flower: A friendly federated learning research framework. 2020 arXiv preprint arXiv:2007.14390.
Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S., Analyzing federated learning through an adversarial lens. Proceedings of the 36th International Conference on Machine Learning, 2019, PMLR, 634–643.
Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J., Machine learning with adversaries: Byzantine tolerant gradient descent. Adv. Neural Inf. Process. Syst., 30, 2017.
Campos, E.M., Saura, P.F., González-Vidal, A., Hernández-Ramos, J.L., Bernabé, J.B., Baldini, G., Skarmeta, A., Evaluating federated learning for intrusion detection in internet of things: Review and challenges. Comput. Netw., 203, 2022, 108661, 10.1016/j.comnet.2021.108661.
Cao, X., Fang, M., Liu, J., Gong, N.Z., 2021. FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping. In: ISOC Network and Distributed System Security Symposium (NDSS).
Douceur, J.R., The sybil attack. Druschel, P., Kaashoek, F., Rowstron, A., (eds.) Peer-To-Peer Systems Lecture Notes in Computer Science, 2002, Springer, Berlin, Heidelberg, 251–260, 10.1007/3-540-45748-8_24.
Fang, M., Cao, X., Jia, J., Gong, N., 2020. Local Model Poisoning Attacks to Byzantine-Robust Federated Learning. In: 29th USENIX Security Symposium (USENIX Security 20). pp. 1605–1622.
Fedorchenko, E., Novikova, E., Shulepov, A., Comparative review of the intrusion detection systems based on federated learning: Advantages and open challenges. Algorithms, 15(7), 2022, 247, 10.3390/a15070247.
Fung, C., Yoon, C.J., Beschastnikh, I., The limitations of federated learning in Sybil Settings. 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), 2020, {USENIX} Association, San Sebastian, 301–316.
Ghimire, B., Rawat, D.B., Recent advances on federated learning for cybersecurity and cybersecurity for federated learning for internet of things. IEEE Internet Things J. 9:11 (2022), 8229–8249, 10.1109/JIOT.2022.3150363.
Huang, Y., Chu, L., Zhou, Z., Wang, L., Liu, J., Pei, J., Zhang, Y., Personalized cross-silo federated learning on non-IID data. AAAI 35:9 (2021), 7865–7873, 10.1609/aaai.v35i9.16960.
Kairouz, P., McMahan, H.B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A.N., Bonawitz, K., Charles, Z., Cormode, G., Cummings, R., D'Oliveira, R.G.L., Eichner, H., Rouayheb, S.E., Evans, D., Gardner, J., Garrett, Z., Gascón, A., Ghazi, B., Gibbons, P.B., Gruteser, M., Harchaoui, Z., He, C., He, L., Huo, Z., Hutchinson, B., Hsu, J., Jaggi, M., Javidi, T., Joshi, G., Khodak, M., Konečný, J., Korolova, A., Koushanfar, F., Koyejo, S., Lepoint, T., Liu, Y., Mittal, P., Mohri, M., Nock, R., Özgür, A., Pagh, R., Raykova, M., Qi, H., Ramage, D., Raskar, R., Song, D., Song, W., Stich, S.U., Sun, Z., Suresh, A.T., Tramèr, F., Vepakomma, P., Wang, J., Xiong, L., Xu, Z., Yang, Q., Yu, F.X., Yu, H., Zhao, S., Advances and open problems in federated learning. 2021 arXiv:1912.04977.
Lamport, L., Shostak, R., Pease, M., The Byzantine generals problem. Concurrency: The Works of Leslie Lamport, 1982, Association for Computing Machinery, New York, NY, USA, 203–226.
Lavaur, L., Busnel, Y., Autrel, F., 2024a. Demo: Highlighting the Limits of Federated Learning in Intrusion Detection. In: Proceedings of the 44th International Conference on Distributed Computing Systems (ICDCS). Jersey City, NJ, USA.
Lavaur, L., Busnel, Y., Autrel, F., 2024b. Systematic Analysis of Label-Flipping Attacks against Federated Learning in Collaborative Intrusion Detection Systems. In: Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES). Vienna, Austria.
Lavaur, L., Lechevalier, P.-M., Busnel, Y., Ludinard, R., Texier, G., Pahl, M.-O., 2024-09, 2024. RADAR: Model Quality Assessment for Reputation-Aware Collaborative Federated Learning. In: Proceedings of the 43rd International Symposium on Reliable Distributed Systems (SRDS). Charlotte, NC, USA.
Lavaur, L., Pahl, M.-O., Busnel, Y., Autrel, F., The evolution of federated learning-based intrusion detection and mitigation: A survey. TNSM, 2022.
Layeghy, S., Portmann, M., Explainable Cross-domain Evaluation of ML-based Network Intrusion Detection Systems. Comput Electr. Eng., 108, 2023, 108692, 10.1016/j.compeleceng.2023.108692 arXiv:2205.04112.
Liu, H., Zhang, S., Zhang, P., Zhou, X., Shao, X., Pu, G., Zhang, Y., Blockchain and federated learning for collaborative intrusion detection in vehicular edge computing. IEEE Trans. Veh. Technol. 70:6 (2021), 6073–6084, 10.1109/TVT.2021.3076780.
McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A., Communication-efficient learning of deep networks from decentralized data. Singh, A., Zhu, J., (eds.) Proceedings of the 20th International Conference on Artificial Intelligence and Statistics Proceedings of Machine Learning Research, 54, 2017, PMLR, 1273–1282.
Merzouk, M.A., Cuppens, F., Boulahia-Cuppens, N., Yaich, R., Parameterizing poisoning attacks in federated learning-based intrusion detection. Proceedings of the 18th International Conference on Availability, Reliability and Security ARES ’23, 2023, Association for Computing Machinery, New York, NY, USA, 1–8, 10.1145/3600160.3605090.
Moustafa, N., Slay, J., UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). 2015 Military Communications and Information Systems Conference (MilCIS), 2015, 1–6, 10.1109/MilCIS.2015.7348942.
Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.-R., DÏoT: A federated self-learning anomaly detection system for IoT. 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), 2019-July, 2019, IEEE, 756–767, 10.1109/ICDCS.2019.00080.
Nguyen, T.D., Rieger, P., Chen, H., Yalame, H., Möllering, H., Fereidooni, H., Marchal, S., Miettinen, M., Mirhoseini, A., Zeitouni, S., Koushanfar, F., Sadeghi, A.-R., Schneider, T., 2022. FLAME: Taming Backdoors in Federated Learning. In: 31st USENIX Security Symposium (USENIX Security 22). pp. 1415–1432.
Nguyen, T.D., Rieger, P., Miettinen, M., Sadeghi, A.-R., Poisoning Attacks on Federated Learning-based IoT Intrusion Detection System. Proceedings 2020 Workshop on Decentralized IoT Systems and Security, 2020, Internet Society, San Diego, CA, 10.14722/diss.2020.23003.
ntop, ., nProbe - An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6. URL https://www.ntop.org/products/netflow/nprobe/.
Nuding, F., Mayer, R., Data Poisoning in Sequential and Parallel Federated Learning. Proceedings of the 2022 ACM on International Workshop on Security and Privacy Analytics, 2022, ACM, Baltimore MD USA, 24–34, 10.1145/3510548.3519372.
Popoola, S.I., Gui, G., Adebisi, B., Hammoudeh, M., Gacanin, H., Federated deep learning for collaborative intrusion detection in heterogeneous networks. 2021 IEEE 94th Vehicular Technology Conference (VTC2021-Fall), 2021, 1–6, 10.1109/VTC2021-Fall52928.2021.9625505.
Rodríguez-Barroso, N., Jiménez-López, D., Luzón, M.V., Herrera, F., Martínez-Cámara, E., Survey on federated learning threats: Concepts, taxonomy on attacks and defences, experimental study and challenges. Inf. Fusion 90 (2023), 148–173, 10.1016/j.inffus.2022.09.011.
Sarhan, M., Layeghy, S., Portmann, M., Towards a Standard Feature Set for Network Intrusion Detection System Datasets. Mob. Netw Appl 27:1 (2022), 357–370, 10.1007/s11036-021-01843-0.
Sharafaldin, I., Habibi Lashkari, A., Ghorbani, A.A., Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018, SCITEPRESS - Science and Technology Publications, Funchal, Madeira, Portugal, 108–116, 10.5220/0006639801080116.
Shen, S., Tople, S., Saxena, P., Auror: Defending against poisoning attacks in collaborative deep learning systems. Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016, ACM, New York, NY, USA, 508–519, 10.1145/2991079.2991125.
Sun, G., Cong, Y., Dong, J., Wang, Q., Lyu, L., Liu, J., Data Poisoning Attacks on Federated Machine Learning. IEEE Internet Things J. 9:13 (2022), 11365–11375, 10.1109/JIOT.2021.3128646.
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A., A detailed analysis of the KDD CUP 99 data set. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, IEEE, 1–6, 10.1109/CISDA.2009.5356528.
Tolpegin, V., Truex, S., Gursoy, M.E., Liu, L., Data poisoning attacks against federated learning systems. Chen, L., Li, N., Liang, K., Schneider, S., (eds.) Computer Security – ESORICS 2020 Lecture Notes in Computer Science, 2020, Springer International Publishing, Cham, 480–501, 10.1007/978-3-030-58951-6_24.
Vy, N.C., Quyen, N.H., Duy, P.T., Pham, V.-H., Federated learning-based intrusion detection in the context of IIoT networks: Poisoning attack and defense. Yang, M., Chen, C., Liu, Y., (eds.) Network and System Security, vol. 13041, 2021, Springer International Publishing, Cham, 131–147, 10.1007/978-3-030-92708-0_8.
Webber, J.B.W., A Bi-symmetric log transformation for wide-range data. Meas. Sci. Technol., 24(2), 2012, 027001, 10.1088/0957-0233/24/2/027001.
Yadan, O., Hydra - A framework for elegantly configuring complex applications. 2019.
Yang, R., He, H., Wang, Y., Qu, Y., Zhang, W., Dependable federated learning for IoT intrusion detection against poisoning attacks. Comput. Secur., 132, 2023, 103381, 10.1016/j.cose.2023.103381.
Yin, D., Chen, Y., Kannan, R., Bartlett, P., Byzantine-robust distributed learning: Towards optimal statistical rates. Proceedings of the 35th International Conference on Machine Learning, 2018, PMLR, 5650–5659.
Zhang, Y., Zhang, Y., Zhang, Z., Bai, H., Zhong, T., Song, M., Evaluation of data poisoning attacks on federated learning-based network intrusion detection system. 2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys), 2022, 2235–2242, 10.1109/HPCC-DSS-SmartCity-DependSys57074.2022.00330.
Zhao, L., Hu, S., Wang, Q., Jiang, J., Shen, C., Luo, X., Hu, P., Shielding collaborative learning: mitigating poisoning attacks through client-side detection. IEEE Trans. Dependable Secure Comput. 18:5 (2021), 2029–2041, 10.1109/TDSC.2020.2986205.