Memory-enabled Free-riding Attack in Federated Learning

• 1、School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876

Abstract：Federated learning, as a machine learning framework that addresses data silos and privacy issues, is threatened by freeriding attacks. These attacks obtain improvements in the global model by forging local model parameter updates without contributing valid data. In 2024, Hong et al. proposed a detection method based on gradient retracing. This method identifies attackers by comparing the cosine similarity of two model updates after the server sends down repeated global model parameters; low similarity is recognized as an indication of an attacker. This paper proposes a freeriding attack method with memory functionality, which significantly increases the cosine similarity of repeated model parameters by recording the global model parameters, thereby effectively countering the detection method based on gradient retracing. Experimental results show that under both independent and identically distributed (i.i.d.) and non-i.i.d. data scenarios, the attack method can successfully disguise itself, making it difficult to distinguish between attackers and honest users.

Keywords： Federated learning Free-riding attack Memory functionality Gradient retracing Cosine similarity