International Journal of Computer Network and Information Security (IJCNIS)
IJCNIS Vol. 18, No. 3, 8 Jun. 2026
Cover page and Table of Contents: PDF (size: 2987KB)
FEDMAD: A Privacy-Preserving Adaptive Federated Learning Framework with Robustness against Data Quality Variations
PDF (2987KB), PP.23-43
Views: 0 Downloads: 0
Author(s)
Dhanraj Rateria
1,*
Nishanth M.
1
Shankaramma Malige
2
Swapnil Rao
1
Index Terms
Federated Learning, Privacy-Preserving Machine Learning, Homomorphic Encryption, Robust Aggregation, Data Quality, Adversarial Attacks, Healthcare AI
Abstract
Federated Learning (FL) enables collaborative model training on decentralized data, offering privacy advantages but struggling with data quality variations and adversarial attacks. This paper introduces FEDMAD (Federated Learning for Medical Data with Enhanced Defense), a novel framework designed to enhance robustness in such environments. FEDMAD integrates Homomorphic Encryption (HE) for model update privacy with a quality-aware aggregation mechanism based on a client’s local training loss (1/loss). Our key contribution is the robust aggregation of these quality scores using Median Absolute Deviation (MAD)-based clipping to defend against dishonest score reporting by adversaries. We evaluated FEDMAD on a real-world smoker prediction task using the TenSEAL HE library. Results demonstrate that FEDMAD’s quality-aware mechanism effectively mitigates the impact of noisy clients. More importantly, MAD-based score aggregation is essential for neutralizing dishonest score reporting attacks and preventing model collapse, a scenario where simpler percentile-based clipping fails. While FEDMAD shows significant resilience, our study highlights remaining challenges with sophisticated model poisoning attacks, suggesting directions for future research.
Cite This Paper
Dhanraj Rateria, Nishanth M., Shankaramma Malige, Swapnil Rao, "FEDMAD: A Privacy-Preserving Adaptive Federated Learning Framework with Robustness against Data Quality Variations", International Journal of Computer Network and Information Security(IJCNIS), Vol.18, No.3, pp. 23-43, 2026. DOI:10.5815/ijcnis.2026.03.02
Reference
[1]Q. Li, Z. Wen, Z. Wu, S. Hu, N. Wang, Y. Li, X. Liu, and B. He, “A survey on federated learning systems: Vision, hype and reality for data privacy and protection,” IEEE Trans. Knowl. Data Eng., vol. 35, no. 4, pp. 3347–3366, 2023.
[2]H. B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” Proc. 20th Int. Conf. Artif. Intell. Statist. (AISTATS), vol. 54, pp. 1273–1282, 2017.
[3]T. Li, A. K. Sahu, A. Talwalkar, and V. Smith, “Federated learning: Challenges, methods, and future directions,” IEEE Signal Process. Mag, vol. 37, no. 3, pp. 50–60, 2020.
[4]E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, and V. Shmatikov, “How to backdoor federated learning,” Proc. 23rd Int. Conf. Artif. Intell. Statist. (AISTATS), 2020.
[5]P. Kairouz et al., “Advances and open problems in federated learning,” Found. Trends Mach. Learn., vol. 14, no. 1-2, pp. 1–210, 2021.
[6]C. Gentry, “Fully homomorphic encryption using ideal lattices,”Proc. 41st ACM Symp. Theory Comput. (STOC), pp. 169–178, 2009.
[7]D. Yin, Y. Chen, R. Kannan, and P. Bartlett, “Byzantine-robust distributed learning: Towards optimal statistical rates,” in Proc. 35th Int. Conf. Mach. Learn. (ICML), 2018.
[8]P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Machine learning with adversaries: Byzantine tolerant gradient descent,” in Adv. Neural Inf. Process. Syst. (NeurIPS), 2017.
[9]J. Ma, S. Naas, S. Sigg, and X. Lyu, “Privacy-preserving federated learning based on multi-key homomorphic encryption,” Int. J. Intell. Syst., vol. 37, no. 9, pp. 5880–5901, Jan. 2022.
[10]S. Hardy et al., “Private federated learning on vertically partitioned data via entity resolution and additively homo-morphic encryption,” 2017. [Online]. Available: https://arxiv.org/abs/1711.10677
[11]D.-D. Le, N. Huynh-Tuong, A.-K. Tran, M.-S. Dao, and P. T. Bao, “Fednolowe: A normalized loss-based weighted aggregation strategy for robust federated learning in heterogeneous environments,” bioRxiv, 2025. [Online]. Avail-able: https://www.biorxiv.org/content/early/2025/04/04/2025.03.30.646222
[12]J. Kang et al., “Reliable federated learning for mobile networks,” *IEEE Wireless Commun.*, vol. 27, pp. 72–80, 2019. [Online]. Available: https://api.semanticscholar.org/CorpusID:204578360
[13]J. Sun, A. Li, B. Wang, H. Yang, H. Li, and Y. Chen, “Provable defense against privacy leakage in federated learning from representation perspective,” in Proc. IEEE/CVF Conf. Comput. Vis. Pattern Recognit. (CVPR), 2023, pp. 14273–14283.
[14]X. Cao, M. Fang, J. Liu, and N. Z. Gong, “FLTrust: Byzantine-robust federated learning via trust bootstrapping,” arXiv preprint arXiv:2012.13995, 2021.
[15]Y. Yan, X. Tang, C. Huang, and M. Tang, “Price of stability in quality-aware federated learning,” 2023. [Online]. Available: https://arxiv.org/abs/2310.08790
[16]Z. Wang, T. Zhou, G. Long, B. Han, and J. Jiang, “Fednoil: A simple two-level sampling method for federated learning with noisy labels,” 2022. [Online]. Available: https://arxiv.org/abs/2205.10110
[17]M. Fang, X. Cao, J. Jia, and N. Gong, “Local model poisoning attacks to Byzantine-robust federated learning,” in Proc. 29th USENIX Secur. Symp., 2020, pp. 1605–1622.
[18]C. Zhang, S. Xie, S. Li, J. Wang, W. Xia, T. Yu, and W. Gao, “BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning,” in Proc. USENIX Annu. Tech. Conf., 2020, pp. 493–506.
[19]K. Pillutla, S. M. Kakade, and Z. Harchaoui, “Robust aggregation for federated learning,” IEEE Trans. Signal Pro-cess., vol. 70, pp. 1142–1154, 2022.
[20]K. Bonawitz et al., “Practical secure aggregation for privacy-preserving machine learning,” in Proc. 2017 ACM SIGSAC Conf. Comput. Commun. Secur. (CCS), New York, NY, USA: ACM, 2017, pp. 1175–1191.
[21]J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” in Advances in Cryptology – ASIACRYPT 2017, Cham: Springer, 2017, pp. 409–437.
[22]X. Xiao, M. Duan, Y. Song, Z. Tang, and W. Yang, “Fake node-based perception poisoning attacks against federated object detection learning in mobile computing networks,” in Proc. 61st ACM/IEEE Design Autom. Conf. (DAC ’24), New York, NY, USA: ACM, 2024. [Online]. Available: https://doi.org/10.1145/3649329.3655934
[23]V. Tsouvalas, A. Saeed, T. Ozcelebi, and N. Meratnia, “Labeling chaos to learning harmony: Federated learning with noisy labels,” 2023. [Online]. Available: https://arxiv.org/abs/2208.09378
[24]V. Shejwalkar and A. Houmansadr, “Manipulating the Byzantine: Optimizing model poisoning attacks and defenses for federated learning,” in Proc. NDSS, 2021.
[25]K. Wei, J. Li, M. Ding, C. Ma, H. H. Yang, F. Farokhi, S. Jin, T. Q. S. Quek, and H. V. Poor, “Federated learning with differential privacy: Algorithms and performance analysis,” IEEE Trans. Inf. Forensics Security, vol. 15, pp. 3454–3469, 2020.
[26]M. Nasr, R. Shokri, and A. Houmansadr, “Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning,” in Proc. IEEE Symp. Secur. Privacy (SP), 2019, pp. 739–753.
[27]H. Wang, K. Sreenivasan, S. Rajput, H. Vishwakarma, S. Agarwal, J. Sohn, K. Lee, and D. Papailiopoulos, “Attack of the tails: Yes, you really can backdoor federated learning,” in Proc. NeurIPS, 2020.
[28]E. M. El Mhamdi, R. Guerraoui, and S. Rouault, “The hidden vulnerability of distributed learning in Byzantium,” arXiv preprint arXiv:1802.07927, 2018.
[29]C. Xie, S. Koyejo, and I. Gupta, “Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance,” in Proc. Int. Conf. Mach. Learn. (ICML), 2019, pp. 6893–6901.
[30]S. P. Karimireddy, L. He, and M. Jaggi, “Learning from history for Byzantine robust optimization,” arXiv preprint arXiv:2012.10333, 2021.
[31]V. Tolpegin, S. Truex, M. E. Gursoy, and L. Liu, “Data poisoning attacks against federated learning systems,” in Proc. Eur. Symp. Res. Comput. Security (ESORICS), 2020, pp. 480–501.
[32]R. Xu, N. Baracaldo, Y. Zhou, A. Anwar, and H. Ludwig, “HybridAlpha: An efficient approach for privacy-preserving federated learning,” in Proc. 12th ACM Workshop Artif. Intell. Security, 2019, pp. 13–23.
[33]D. Yin, Y. Chen, K. Ramchandran, and P. Bartlett, “Byzantine-robust distributed learning: Towards optimal statistical rates,” in Proc. Int. Conf. Mach. Learn. (ICML), 2018, pp. 5650–5659.
[34]E. M. El Mhamdi, R. Guerraoui, and S. Rouault, “Distributed momentum for Byzantine-resilient stochastic gradient descent,” arXiv preprint arXiv:2003.00492, 2020.
[35]A. N. Bhagoji, S. Chakraborty, P. Mittal, and S. Calo, “Analyzing federated learning through an adversarial lens,” in Proc. Int. Conf. Mach. Learn. (ICML), 2019, pp. 634–643.
[36]M. Baruch, G. Baruch, and Y. Goldberg, “A little is enough: Circumventing defenses for distributed learning,” arXiv preprint arXiv:1902.06156, 2019.
[37]V. Mothukuri, R. M. Parizi, S. Pouriyeh, Y. Huang, A. Dehghantanha, and G. Srivastava, “A survey on security and privacy of federated learning,” Future Gener. Comput. Syst., vol. 115, pp. 619–640, 2021.
[38]A. Benaissa, B. Retiat, B. Cebere, and A. E. Belfedhal, “TenSEAL: A library for encrypted tensor operations using homomorphic encryption,” 2021. [Online]. Available: https://arxiv.org/abs/2104.03152
[39]kukuroo3, “Body signal of smoking,” https://www.kaggle.com/datasets/kukuroo3/body-signal-of-smoking, 2022. Accessed: May 14, 2025.
[40]D. P. Kingma and J. Ba, “Adam: A method for stochastic optimization,” 2017. [Online]. Available: https://arxiv.org/abs/1412.6980