FedDOT: Defending Federated Learning Against Overwhelming Targeted Attacks

Author

• Priyesh Ranjan
• Ashish Gupta
• Federico Coro
• Sajal K. Das, Missouri University of Science and TechnologyFollow

Abstract

Federated Learning (FL), which facilitates collaborative model training and protects users' privacy, has drawn great interest from the research community. With FL, participants train their models on local data and submit the corresponding updates for aggregation to a server. While concealing the identities of the participants, FL may attract adversaries in order to hamper the underlying model. In this paper, we propose an FL framework, FedDOT, to defend against adversaries performing targeted attacks. FedDOT incorporates two powerful defense algorithms, Maximum Spanning Tree based attacker detection (MSTAD) and Densest graph-based attacker detection (Density-AD), which leverage correlation between weight updates and graph theory concepts, maximum spanning tree, and densest graph. With a goal to withstand an overwhelming number of attackers, our algorithms provide strong solutions to aid an FL server, even in overwhelming scenarios where adversaries constitute more than half of the participants. Along with theoretical bounds in correlation space, a rigorous experimental analysis using image classification datasets is carried out to validate the robustness of the FedDOT framework in non-iid settings, which ascertains the superiority of the models against the state-of-the-art methods using a variety of metrics evaluating the accuracy and attack detection rate. With an attack success rate of < 10% for targeted attacks like single-label flipping, multi-label flipping, and backdoor, FedDOT successfully defends against overwhelming adversaries with a marginal accuracy drop of less than 2%.

Recommended Citation

P. Ranjan et al., "FedDOT: Defending Federated Learning Against Overwhelming Targeted Attacks," IEEE Transactions on Artificial Intelligence, Institute of Electrical and Electronics Engineers, Jan 2026.

The definitive version is available at https://doi.org/10.1109/TAI.2026.3676747

Department(s)

Computer Science

Publication Status

Early Access

Keywords and Phrases

Attack detection; backdoor; federated learning; targeted attackers

International Standard Serial Number (ISSN)

2691-4581

Document Type

Article - Journal

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2026 Institute of Electrical and Electronics Engineers, All rights reserved.

Publication Date

01 Jan 2026