Deception-based Defense of Poisoning Attack in Federated Learning

Federated Learning (FL) enables decentralized model training to protect data privacy but introduces new security and privacy challenges. One of the most severe threats to FL systems is poisoning attacks, which can disrupt model convergence or manipulate prediction outcomes. Addressing these attacks is particularly challenging due to the distributed and opaque nature of FL. To proactively strengthen defenses, we propose HoneyFED, a novel mitigation strategy based on deception. HoneyFED introduces a global decoy model that misleads and disrupts malicious actors by creating obstacles in their attack process. When a potential attacker is detected, the system engages them and captures their poisoned attack methods. This information is used to design a convincing decoy model that appears legitimate to the attacker. As a result, attackers are tricked into believing their attack has succeeded, discouraging further attempts. We evaluate the realism of our decoy using three criteria: indistinguishability from the real model, credibility over time, and viability in influencing attacker behavior. Experimental results demonstrate that HoneyFED effectively defends FL training against various poisoning strategies while improving overall model convergence.