{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T21:01:03Z","timestamp":1774126863060,"version":"3.50.1"},"reference-count":29,"publisher":"MDPI AG","issue":"22","license":[{"start":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T00:00:00Z","timestamp":1731974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Applied Sciences"],"abstract":"<jats:p>Federated learning is a new paradigm where multiple data owners, referred to as clients, work together with a global server to train a shared machine learning model without disclosing their personal training data. Despite its many advantages, the system is vulnerable to client compromise by malicious agents attempting to modify the global model. Several defense algorithms against untargeted and targeted poisoning attacks on model updates in federated learning have been proposed and evaluated separately. This paper compares the performances of six state-of-the art defense algorithms\u2014PCA + K-Means, KPCA + K-Means, CONTRA, KRUM, COOMED, and RPCA + PCA + K-Means. We explore a variety of situations not considered in the original papers. These include varying the percentage of Independent and Identically Distributed (IID) data, the number of clients, and the percentage of malicious clients. This comprehensive performance study provides the results that the users can use to select appropriate defense algorithms to employ based on the characteristics of their federated learning systems.<\/jats:p>","DOI":"10.3390\/app142210706","type":"journal-article","created":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T07:51:15Z","timestamp":1732002675000},"page":"10706","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Federated Learning: A Comparative Study of Defenses Against Poisoning Attacks"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7981-4263","authenticated-orcid":false,"given":"In\u00eas","family":"Carvalho","sequence":"first","affiliation":[{"name":"Institute of Engineering of Coimbra\u2014ISEC, Polytechnic University of Coimbra, Rua da Miseric\u00f3rdia, Lagar dos Corti\u00e7os, S. Martinho do Bispo, 3045-093 Coimbra, Portugal"}]},{"given":"Kenton","family":"Huff","sequence":"additional","affiliation":[{"name":"School of Computer Science, Norman, The University of Oklahoma, Norman, OK 73019, USA"}]},{"given":"Le","family":"Gruenwald","sequence":"additional","affiliation":[{"name":"School of Computer Science, Norman, The University of Oklahoma, Norman, OK 73019, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9660-2011","authenticated-orcid":false,"given":"Jorge","family":"Bernardino","sequence":"additional","affiliation":[{"name":"Institute of Engineering of Coimbra\u2014ISEC, Polytechnic University of Coimbra, Rua da Miseric\u00f3rdia, Lagar dos Corti\u00e7os, S. Martinho do Bispo, 3045-093 Coimbra, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2024,11,19]]},"reference":[{"key":"ref_1","unstructured":"Mammen, P. (2021). Federated Learning: Opportunities and Challenges. arXiv."},{"key":"ref_2","first-page":"2938","article-title":"How To Backdoor Federated Learning","volume":"Volume 108","author":"Bagdasaryan","year":"2020","journal-title":"Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"63229","DOI":"10.1109\/ACCESS.2021.3075203","article-title":"Vulnerabilities in federated learning","volume":"9","author":"Bouacida","year":"2021","journal-title":"IEEE Access"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Kairouz, P., McMahan, H.B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A.N., Bonawitz, K., Charles, Z., Cormode, G., and Cummings, R. (2021). Advances and Open Problems in Federated Learning. Foundations and Trends\u00ae in Machine Learning, Now Publishers.","DOI":"10.1561\/2200000083"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Park, S., Han, S., Wu, F., Kim, S., Zhu, B., Xie, X., and Cha, M. (2023, January 6\u201310). Feddefender: Client-side attack-tolerant federated learning. Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Long Beach, CA, USA.","DOI":"10.1145\/3580305.3599346"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Tolpegin, V., Truex, S., Gursoy, M.E., and Liu, L. (2020). Data Poisoning Attacks Against Federated Learning Systems. arXiv.","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Li, D., Wong, W.E., Wang, W., Yao, Y., and Chau, M. (2021, January 5\u20136). Detection and Mitigation of Label-Flipping Attacks in Federated Learning Systems with KPCA and K-Means. Proceedings of the 2021 8th International Conference on Dependable Systems and Their Applications, DSA, Yinchuan, China.","DOI":"10.1109\/DSA52907.2021.00081"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Awan, S., Luo, B., and Li, F. (2021, January 4\u20138). CONTRA: Defending against Poisoning Attacks in Federated Learning. Proceedings of the European Symposium on Research in Computer Security, Darmstadt, Germany.","DOI":"10.1007\/978-3-030-88418-5_22"},{"key":"ref_9","unstructured":"Blanchard, P., El Mhamdi, E.M., Guerraoui, R., and Stainer, J. (2017, January 6\u201311). Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. Proceedings of the 34th International Conference on Machine Learning (ICML), Sydney, Austr\u00e1lia."},{"key":"ref_10","unstructured":"Yin, D., Chen, Y., Ramchandran, K., and Bartlett, P. (2018, January 10\u201315). Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates. Proceedings of the 35th International Conference on Machine Learning, Stockholm, Sweden."},{"key":"ref_11","unstructured":"McMahan, H.B., Moore, E., Ramge, D., Hampson, S., and Arcas, B. (2017, January 20\u201322). Communication-Efficient Learning of Deep Networks from Decentralized Data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, Lauderdale, FL, USA."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1016\/j.future.2022.05.003","article-title":"A state-of-the-art survey on solving non-IID data in Federated Learning","volume":"135","author":"Ma","year":"2022","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Lo, S.K., Lu, Q., Zhu, L., Paik, H., Xu, X., and Wang, C. (2021). Architectural Patterns for the Design of Federated Learning Systems. arXiv.","DOI":"10.1016\/j.jss.2022.111357"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3339474","article-title":"Federated machine learning: Concept and applications","volume":"10","author":"Yang","year":"2019","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"ref_15","unstructured":"Fung, C., Yoon, C.J.M., and Beschastnikh, I. (2018). Mitigating Sybils in Federated Learning Poisoning. arXiv."},{"key":"ref_16","unstructured":"Bishop, C. (2016). Pattern Recognition and Machine Learning, Springer. Available online: https:\/\/link.springer.com\/book\/10.1007\/978-0-387-45528-0."},{"key":"ref_17","unstructured":"Bhagoji, A.N., Chakraborty, S., Mittal, P., and Calo, S. (2019, January 9\u201315). Analyzing Federated Learning through an Adversarial Lens. Proceedings of the 36th International Conference on Machine Learning, Long Beach, CA, USA."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"125064","DOI":"10.1109\/ACCESS.2023.3330144","article-title":"Untargeted Poisoning Attack Detection in Federated Learning via Behavior AttestationAl","volume":"11","author":"Farooq","year":"2023","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., and Houmansadr, A. (2021, January 21\u201325). Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium, Online. Available online: https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/ndss2021_6C-3_24498_paper.pdf.","DOI":"10.14722\/ndss.2021.24498"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Purohit, K., Das, S., Bhattacharya, S., and Rana, S. (2024). A Data-Driven Defense against Edge-case Model Poisoning Attacks on Federated Learning. arXiv.","DOI":"10.3233\/FAIA240736"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1241","DOI":"10.1109\/TIFS.2023.3333555","article-title":"AgrAmplifier: Defending Federated Learning Against Poisoning Attacks Through Local Update Amplification","volume":"19","author":"Gong","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Huang, L., Joseph, A., Nelson, B., Rubinstein, B., and Tygar, J.D. (2011, January 17\u201321). Adversarial Machine Learning. Proceedings of the ACM Conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/2046684.2046692"},{"key":"ref_23","unstructured":"M\u00fcller, A.C., and Guido, S. (2016). Introduction to Machine Learning with Python, O\u2019Reilly Media, Inc.. [5th ed.]."},{"key":"ref_24","first-page":"1","article-title":"Robust principal component analysis?","volume":"58","author":"Li","year":"2011","journal-title":"J. ACM"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Brunton, S.L., and Kutz, J.N. (2019). Data Driven Science & Engineering Machine Learning, Dynamical Systems, and Control, Cambridge University Press.","DOI":"10.1017\/9781108380690"},{"key":"ref_26","unstructured":"GitHub (2023, June 26). Fashion-Mnist. Fashion-Mnist Dataset, Available online: https:\/\/github.com\/zalandoresearch\/fashion-mnist."},{"key":"ref_27","unstructured":"Kaggle (2023, June 26). CIFAR-10\u2014Object Recognition in Images. Available online: https:\/\/www.kaggle.com\/c\/cifar-10."},{"key":"ref_28","unstructured":"UCI\u2014Machine Learning Repository (2023, September 13). Adult. Available online: https:\/\/archive.ics.uci.edu\/dataset\/2\/adult."},{"key":"ref_29","unstructured":"Kanggle (2023, September 14). Epileptic Seizure Recognition. Available online: https:\/\/www.kaggle.com\/code\/maximkumundzhiev\/epileptic-seizure-recognition."}],"container-title":["Applied Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2076-3417\/14\/22\/10706\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:35:16Z","timestamp":1760114116000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2076-3417\/14\/22\/10706"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,19]]},"references-count":29,"journal-issue":{"issue":"22","published-online":{"date-parts":[[2024,11]]}},"alternative-id":["app142210706"],"URL":"https:\/\/doi.org\/10.3390\/app142210706","relation":{},"ISSN":["2076-3417"],"issn-type":[{"value":"2076-3417","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,19]]}}}