Privacy-Preserving Defense Against Poisoning Attacks in Federated Learning

Federated Learning FL , as a collaborative training paradigm that does not rely on raw data sharing, faces dual security threats of privacy leakage and data poisoning attacks. These threats not only compromise client data priva-cy but also degrade the performance of the global model. To address this challenge, we propose a Privacy-Preserving Defense against Poisoning At-tacks PPDPA , which integrates privacy preservation and poisoning detec-tion through a lossless masking mechanism. In this framework, the gradient uploaded by each client is first masked using a removable mask to protect gradient privacy. Without revealing the original gradients, the masked gradi-ents are then aggregated, and Singular Value Decomposition SVD is em-ployed to extract features and perform dimensionality reduction. In the re-sulting low-dimensional space, a clustering-based approach is used to identi-fy poisoned gradients. Additionally, a verification mechanism is designed to ensure the integrity of the masking process during aggregation, effectively preventing attackers from manipulating the mask for stealthy poisoning. Fi-nally, poisoned gradients are either removed during aggregation to defend against data poisoning attacks. Extensive experiments demonstrate that PPDPA outperforms existing state of the art privacy-preserving detection methods in both detection accuracy and defense efficiency.