{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,24]],"date-time":"2025-09-24T00:15:29Z","timestamp":1758672929488,"version":"3.44.0"},"publisher-location":"California","reference-count":0,"publisher":"International Joint Conferences on Artificial Intelligence Organization","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,9]]},"abstract":"<jats:p>Manipulation of local training data and local updates, i.e., the poisoning attack, is the main threat arising from the collaborative nature of the federated learning (FL) paradigm. Most existing poisoning attacks aim to manipulate local data\/models in a way that causes denial-of-service (DoS) issues. In this paper, we introduce a novel attack method, named Federated Learning Sliding Attack (FedSA) scheme, aiming at precisely introducing the extent of poisoning in a subtle controlled manner. It operates with a predefined objective, such as reducing global model's prediction accuracy by 10%. \n\nFedSA integrates robust nonlinear control-Sliding Mode Control (SMC) theory with model poisoning attacks. It can manipulate the updates from malicious clients to drive the global model towards a compromised state, achieving this at a controlled and inconspicuous rate. Additionally, leveraging the robust control properties of FedSA allows precise control over the convergence bounds, enabling the attacker to set the global accuracy of the poisoned model to any desired level. Experimental results demonstrate that FedSA can accurately achieve a predefined global accuracy with fewer malicious clients while maintaining a high level of stealth and adjustable learning rates.<\/jats:p>","DOI":"10.24963\/ijcai.2025\/670","type":"proceedings-article","created":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T08:10:40Z","timestamp":1758269440000},"page":"6021-6029","source":"Crossref","is-referenced-by-count":0,"title":["Performance Guaranteed Poisoning Attacks in Federated Learning: A Sliding Mode Approach"],"prefix":"10.24963","author":[{"given":"Huazi","family":"Pan","sequence":"first","affiliation":[{"name":"Deakin University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yanjun","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Technology Sydney"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Leo Yu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Griffith University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Scott","family":"Adams","sequence":"additional","affiliation":[{"name":"Deakin University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abbas","family":"Kouzani","sequence":"additional","affiliation":[{"name":"Deakin University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suiyang","family":"Khoo","sequence":"additional","affiliation":[{"name":"Deakin University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"10584","event":{"number":"34","sponsor":["International Joint Conferences on Artificial Intelligence Organization (IJCAI)"],"acronym":"IJCAI-2025","name":"Thirty-Fourth International Joint Conference on Artificial Intelligence {IJCAI-25}","start":{"date-parts":[[2025,8,16]]},"theme":"Artificial Intelligence","location":"Montreal, Canada","end":{"date-parts":[[2025,8,22]]}},"container-title":["Proceedings of the Thirty-Fourth International Joint Conference on Artificial Intelligence"],"original-title":[],"deposited":{"date-parts":[[2025,9,23]],"date-time":"2025-09-23T11:34:48Z","timestamp":1758627288000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.ijcai.org\/proceedings\/2025\/670"}},"subtitle":[],"proceedings-subject":"Artificial Intelligence Research Articles","short-title":[],"issued":{"date-parts":[[2025,9]]},"references-count":0,"URL":"https:\/\/doi.org\/10.24963\/ijcai.2025\/670","relation":{},"subject":[],"published":{"date-parts":[[2025,9]]}}}