Deception-Based Defense Against Model Poisoning Attacks in Federated Learning Using Generative Adversarial Network (GAN)

The Federated Learning paradigm enables multiple clients to collaborate on training a machine learning model while maintaining their data decentralized. Although this approach enhances privacy and security, it also introduces vulnerabilities, particularly adversarial attacks. Among these threats, model poisoning attacks are particularly severe, as malicious clients can submit harmful updates to degrade the performance of the global model. Existing defense mechanisms mitigation against such attacks, including model analysis, Byzantine robust aggregation, and verification-based approaches, primarily focus on removing malicious clients. This approach informs the attackers that they have been detected, allowing them to adapt and strengthen their attacks, which reduces the defender's control over the system. Furthermore, revoking certain clients can significantly decrease the number of participants in FL due to detection errors. FL, however, relies on a large number of participants by definition. This paper proposes a novel defense mechanism using Generative Adversarial Networks (GANs) to introduce cyber deception into the FL framework. By creating a synthetic version of the global model, our approach aims to mislead and divert attackers, protecting the genuine model's integrity. The generator within the GAN produces a counterfeit model, while the discriminator assesses its authenticity. This deception strategy significantly reduces the impact of model poisoning attacks, preserving the accuracy and convergence rate of the global model while depleting attackers' resources. Our experimental simulations demonstrate the effectiveness of this GAN-based defense mechanism, providing a proactive and resilient solution for enhancing FL security against adversarial threats.