{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T15:35:32Z","timestamp":1772897732874,"version":"3.50.1"},"reference-count":45,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,8,6]],"date-time":"2025-08-06T00:00:00Z","timestamp":1754438400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JSAN"],"abstract":"We consider the problem of data poisoning attack detection in a federated learning (FL) setup with differential privacy (DP). Local DP in FL ensures that privacy leakage caused by shared gradients is controlled by adding randomness to the process. We are interested in studying the effect of the Gaussian mechanism in the detection of different data poisoning attacks. As the additive noise from DP could hide poisonous data, the effectiveness of detection algorithms should be analyzed. We present two poisonous data detection algorithms and one malicious client identification algorithm. For the latter, we show that the effect of DP noise decreases as the size of the neural network increases. We further demonstrate this effect alongside the performance of these algorithms on three publicly available datasets.<\/jats:p>","DOI":"10.3390\/jsan14040083","type":"journal-article","created":{"date-parts":[[2025,8,6]],"date-time":"2025-08-06T15:09:53Z","timestamp":1754492993000},"page":"83","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Can Differential Privacy Hinder Poisoning Attack Detection in Federated Learning?"],"prefix":"10.3390","volume":"14","author":[{"given":"Chaitanya","family":"Aggarwal","sequence":"first","affiliation":[{"name":"Nokia, 81541 Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1459-8712","authenticated-orcid":false,"given":"Divya G.","family":"Nair","sequence":"additional","affiliation":[{"name":"Nokia, Bangalore 560045, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7141-2107","authenticated-orcid":false,"given":"Jafar Aco","family":"Mohammadi","sequence":"additional","affiliation":[{"name":"Nokia, 81541 Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jyothisha J.","family":"Nair","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Amrita School of Computing, Amrita Vishwa Vidyapeetham, Amritapuri 690525, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00f6rg","family":"Ott","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, TUM School of CIT, Technical University of Munich, 80333 Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,8,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1561\/2200000083","article-title":"Advances and open problems in federated learning","volume":"14","author":"Kairouz","year":"2021","journal-title":"Found. Trends\u00ae Mach. Learn."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"106775","DOI":"10.1016\/j.knosys.2021.106775","article-title":"A survey on federated learning","volume":"216","author":"Zhang","year":"2021","journal-title":"Knowl.-Based Syst."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Dwork, C., McSherry, F., Nissim, K., and Smith, A. (2006, January 4\u20137). Calibrating Noise to Sensitivity in Private Data Analysis. Proceedings of the Third Conference on Theory of Cryptography, New York, NY, USA.","DOI":"10.1007\/11681878_14"},{"key":"ref_4","unstructured":"Dwork, C., Talwar, K., Thakurta, A., and Zhang, L. (June, January 31). Analyze Gauss: Optimal Bounds for Privacy-preserving Principal Component Analysis. Proceedings of the 46th Annual ACM Symposium on Theory of Computing, New York, NY, USA."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Abadi, M., Chu, A., Goodfellow, I., McMahan, H.B., Mironov, I., Talwar, K., and Zhang, L. (2016, January 24\u201328). Deep Learning with Differential Privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978318"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"3454","DOI":"10.1109\/TIFS.2020.2988575","article-title":"Federated learning with differential privacy: Algorithms and performance analysis","volume":"15","author":"Wei","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_7","unstructured":"Sun, Z., Kairouz, P., Suresh, A.T., and McMahan, H.B. (2025, July 30). Can You Really Backdoor Federated Learning?. 2019., Available online: http:\/\/arxiv.org\/abs\/1911.07963."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"63229","DOI":"10.1109\/ACCESS.2021.3075203","article-title":"Vulnerabilities in Federated Learning","volume":"9","author":"Bouacida","year":"2021","journal-title":"IEEE Access"},{"key":"ref_9","unstructured":"Koh, P., Steinhardt, J., and Liang, P. (2018). Stronger Data Poisoning Attacks Break Data Sanitization Defenses. arXiv."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Liu, Y., Ma, S., Aafer, Y., Lee, W.C., Zhai, J., Wang, W., and Zhang, X. (2018, January 18\u201321). Trojaning Attack on Neural Networks. Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2018.23291"},{"key":"ref_11","unstructured":"Steinhardt, J., Koh, P.W., and Liang, P. (2025, July 30). Certified Defenses for Data Poisoning Attacks. Available online: http:\/\/arxiv.org\/abs\/1706.03691."},{"key":"ref_12","unstructured":"Raghunathan, A., Steinhardt, J., and Liang, P. (2025, July 30). Certified Defenses Against Adversarial Examples. Available online: http:\/\/arxiv.org\/abs\/1801.09344."},{"key":"ref_13","unstructured":"Ma, Y., Zhu, X., and Hsu, J. (2025, July 30). Data Poisoning Against Differentially-Private Learners: Attacks and Defenses. Available online: http:\/\/arxiv.org\/abs\/1903.09860."},{"key":"ref_14","unstructured":"(2023, July 31). IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB\u2014unb.ca. Available online: https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Neto, E.C.P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A.A. (2023). CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors, 23.","DOI":"10.20944\/preprints202305.0443.v1"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1109\/MSP.2012.2211477","article-title":"The mnist database of handwritten digit images for machine learning research","volume":"29","author":"Deng","year":"2012","journal-title":"IEEE Signal Process. Mag."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Raza, A., Li, S., Tran, K.P., and Koehl, L. (2025, July 30). Using Anomaly Detection to Detect Poisoning Attacks in Federated Learning Applications. Available online: http:\/\/arxiv.org\/abs\/2207.08486.","DOI":"10.2139\/ssrn.4811423"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1016\/j.eng.2021.12.002","article-title":"Federated learning for 6G: Applications, challenges, and opportunities","volume":"8","author":"Yang","year":"2022","journal-title":"Engineering"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"105476","DOI":"10.1016\/j.engappai.2022.105476","article-title":"A privacy preserving diagnostic collaboration framework for facial paralysis using federated learning","volume":"116","author":"Nair","year":"2022","journal-title":"Eng. Appl. Artif. Intell."},{"key":"ref_20","first-page":"1941","article-title":"A differentially private federated learning model against poisoning attacks in edge computing","volume":"20","author":"Zhou","year":"2022","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Chhetri, B., Gopali, S., Olapojoye, R., Dehbash, S., and Namin, A.S. (2023). A Survey on Blockchain-Based Federated Learning and Data Privacy. arXiv.","DOI":"10.1109\/COMPSAC57700.2023.00199"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"5004","DOI":"10.1109\/ACCESS.2023.3235389","article-title":"IoT Malware Analysis using Federated Learning: A Comprehensive Survey","volume":"11","author":"Venkatasubramanian","year":"2023","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"158","DOI":"10.3390\/network3010008","article-title":"Federated Learning based framework for improving Intrusion Detection System in IIOT","volume":"3","author":"Balakumar","year":"2023","journal-title":"Network"},{"key":"ref_24","unstructured":"Li, S., Cheng, Y., Liu, Y., Wang, W., and Chen, T. (2019). Abnormal client behavior detection in federated learning. arXiv."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Xing, L., Wang, K., Wu, H., Ma, H., and Zhang, X. (2023). FL-MAAE: An Intrusion Detection Method for the Internet of Vehicles Based on Federated Learning and Memory-Augmented Autoencoder. Electronics, 12.","DOI":"10.3390\/electronics12102284"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"103299","DOI":"10.1016\/j.cose.2023.103299","article-title":"Clustered federated learning architecture for network anomaly detection in large scale heterogeneous IoT networks","volume":"131","author":"Flores","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"6693","DOI":"10.1109\/TIFS.2024.3420126","article-title":"A robust privacy-preserving federated learning model against model poisoning attacks","volume":"19","author":"Yazdinejad","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"15256","DOI":"10.1109\/TMC.2024.3452312","article-title":"REC-Fed: A robust and efficient clustered federated system for dynamic edge networks","volume":"23","author":"Li","year":"2024","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_29","unstructured":"Zhang, Y., Yang, Q., and Liu, J. (2022). FLDetector: Detecting adversarial clients in federated learning via update consistency. arXiv."},{"key":"ref_30","unstructured":"Dou, Z., Wang, J., Sun, W., Liu, Z., and Fang, M. (2025). Toward Malicious Clients Detection in Federated Learning (SafeFL). arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"5259","DOI":"10.1109\/TDSC.2024.3372634","article-title":"FedDMC: Efficient and Robust Federated Learning via Detecting Malicious Clients","volume":"21","author":"Mu","year":"2024","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_32","unstructured":"Kavuri, L.A., Mhatre, A., Nair, A.K., and Gupta, D. (2025). SecureFed: A two-phase framework for detecting malicious clients in federated learning. arXiv."},{"key":"ref_33","unstructured":"Cai, N., and Han, J. (2025). Privacy-Preserving Federated Learning against Malicious Clients Based on Verifiable Functional Encryption. arXiv."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Tasnim, N., Mohammadi, J., Sarwate, A.D., and Imtiaz, H. (2023). Approximating Functions with Approximate Privacy for Applications in Signal Estimation and Learning. Entropy, 25.","DOI":"10.3390\/e25050825"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"6355","DOI":"10.1109\/TSP.2021.3126546","article-title":"A Correlated Noise-Assisted Decentralized Differentially Private Estimation Protocol, and its Application to fMRI Source Separation","volume":"69","author":"Imtiaz","year":"2021","journal-title":"IEEE Trans. Signal Process."},{"key":"ref_36","unstructured":"Imtiaz, H., Mohammadi, J., and Sarwate, A.D. (2025, July 30). Distributed Differentially Private Computation of Functions with Correlated Noise. Available online: http:\/\/arxiv.org\/abs\/1904.10059."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Dwork, C. (2006, January 10\u201314). Differential Privacy. Proceedings of the Automata, Languages and Programming, Venice, Italy.","DOI":"10.1007\/11787006_1"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1561\/0400000042","article-title":"The Algorithmic Foundations of Differential Privacy","volume":"9","author":"Dwork","year":"2013","journal-title":"Found. Trends Theor. Comput. Sci."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"McSherry, F., and Talwar, K. (2007, January 21\u201323). Mechanism Design via Differential Privacy. Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS \u201907), Providence, RI, USA.","DOI":"10.1109\/FOCS.2007.4389483"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Chen, Z., Yeo, C.K., Lee, B.S., and Lau, C.T. (2018, January 18\u201320). Autoencoder-based network anomaly detection. Proceedings of the 2018 Wireless telecommunications symposium (WTS), Phoenix, AZ, USA.","DOI":"10.1109\/WTS.2018.8363930"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1186\/s42400-021-00105-6","article-title":"Threats, attacks and defenses to federated learning: Issues, taxonomy and perspectives","volume":"5","author":"Liu","year":"2022","journal-title":"Cybersecurity"},{"key":"ref_42","unstructured":"Kenney, J.F., and Keeping, E.S. (1951). Mathematics of Statistics. Part Two, D. Van Nostrand Company, Inc.. [2nd ed.]."},{"key":"ref_43","unstructured":"Hasanpour, S.H., Rouhani, M., Fayyaz, M., and Sabokrou, M. (2016). Lets keep it simple, using simple architectures to outperform deeper and more complex architectures. arXiv."},{"key":"ref_44","unstructured":"Authors, T.F. (2023, July 31). Flower: A Friendly Federated Learning Framework\u2014flower.dev. Available online: https:\/\/flower.dev\/."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Chicco, D., and Jurman, G. (2020). The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genom., 21.","DOI":"10.1186\/s12864-019-6413-7"}],"container-title":["Journal of Sensor and Actuator Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2224-2708\/14\/4\/83\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:24:58Z","timestamp":1760034298000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2224-2708\/14\/4\/83"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,6]]},"references-count":45,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,8]]}},"alternative-id":["jsan14040083"],"URL":"https:\/\/doi.org\/10.3390\/jsan14040083","relation":{},"ISSN":["2224-2708"],"issn-type":[{"value":"2224-2708","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,6]]}}}