Federated Learning Exploits

Federated learning (FL) distributes training across participants who share model updates (gradients) rather than raw data. The security assumption is that gradients are a lossy summary that doesn't reveal training data. This assumption is false.

• Gradient magnitude monitoring: flag outlier update norms that may indicate model replacement attacks
• Participant consistency scoring: track each participant's update history for sudden behavioral changes
• Cross-round gradient correlation: detect recycled/replayed updates indicating free-riding
• Sybil detection via gradient similarity clustering: identical or near-identical updates suggest coordinated fake identities

FL exploitation enables T10-AT-001 (Training Data Extraction) via gradient inversion, and successful model poisoning creates backdoors exploitable via T1 (Prompt Subversion).