{"id":"https://openalex.org/W7154116882","doi":"https://doi.org/10.48550/arxiv.2604.09489","title":"XFED: Non-Collusive Model Poisoning Attack Against Byzantine-Robust Federated Classifiers","display_name":"XFED: Non-Collusive Model Poisoning Attack Against Byzantine-Robust Federated Classifiers","publication_year":2026,"publication_date":"2026-04-10","ids":{"openalex":"https://openalex.org/W7154116882","doi":"https://doi.org/10.48550/arxiv.2604.09489"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.09489","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.09489","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.09489","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005096549","display_name":"Israt Jahan Mouri","orcid":"https://orcid.org/0000-0003-0160-4212"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mouri, Israt Jahan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066225174","display_name":"Muhammad Ridowan","orcid":"https://orcid.org/0000-0002-5964-675X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ridowan, Muhammad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5059669108","display_name":"Muhammad Abdullah Adnan","orcid":"https://orcid.org/0000-0003-3219-9053"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Adnan, Muhammad Abdullah","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8374000191688538,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8374000191688538,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.12229999899864197,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.00430000014603138,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7317000031471252},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.635699987411499},{"id":"https://openalex.org/keywords/synchronizing","display_name":"Synchronizing","score":0.4124000072479248},{"id":"https://openalex.org/keywords/federated-learning","display_name":"Federated learning","score":0.40959998965263367},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.4056999981403351},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.3398999869823456},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3276999890804291}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7774999737739563},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7317000031471252},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6794999837875366},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.635699987411499},{"id":"https://openalex.org/C162932704","wikidata":"https://www.wikidata.org/wiki/Q1058791","display_name":"Synchronizing","level":3,"score":0.4124000072479248},{"id":"https://openalex.org/C2992525071","wikidata":"https://www.wikidata.org/wiki/Q50818671","display_name":"Federated learning","level":2,"score":0.40959998965263367},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.4056999981403351},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.3398999869823456},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3276999890804291},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.32019999623298645},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3109999895095825},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31029999256134033},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.30090001225471497},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.29319998621940613},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.2597000002861023},{"id":"https://openalex.org/C183322885","wikidata":"https://www.wikidata.org/wiki/Q17007702","display_name":"Context model","level":3,"score":0.2551000118255615}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.09489","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.09489","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.09489","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.09489","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.5494083762168884,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Model":[0],"poisoning":[1,15,77,153,174],"attacks":[2,16,78],"pose":[3],"a":[4,72,104],"significant":[5],"security":[6],"threat":[7,143],"to":[8,23,62,67],"Federated":[9],"Learning":[10],"(FL).":[11],"Most":[12],"existing":[13,172],"model":[14,76,152,173],"rely":[17],"on":[18,131],"collusion,":[19],"requiring":[20],"adversarial":[21,106],"clients":[22,102],"coordinate":[24],"by":[25],"exchanging":[26],"local":[27],"benign":[28],"models":[29],"and":[30,64,92,169,189,197],"synchronizing":[31],"the":[32,94,139,148,191],"generation":[33],"of":[34,134,141],"their":[35],"poisoned":[36],"updates.":[37],"However,":[38],"sustaining":[39],"such":[40],"coordination":[41],"is":[42,60],"increasingly":[43],"impractical":[44],"in":[45,98],"real-world":[46],"FL":[47,180],"deployments,":[48],"as":[49],"it":[50],"effectively":[51],"requires":[52],"botnet-like":[53],"control":[54],"over":[55],"many":[56],"devices.":[57],"This":[58,69],"approach":[59],"costly":[61],"maintain":[63],"highly":[65],"vulnerable":[66],"detection.":[68],"context":[70],"raises":[71],"fundamental":[73],"question:":[74],"Can":[75],"remain":[79],"effective":[80],"without":[81,120],"any":[82,132],"communication":[83],"between":[84],"attackers?":[85],"To":[86,137],"address":[87],"this":[88,112,142],"challenge,":[89],"we":[90,145],"introduce":[91],"formalize":[93],"\\textbf{non-collusive":[95],"attack":[96],"model},":[97],"which":[99],"all":[100],"compromised":[101],"share":[103],"common":[105],"objective":[107],"but":[108],"operate":[109],"independently.":[110],"Under":[111],"model,":[113,144],"each":[114],"attacker":[115],"generates":[116],"its":[117],"malicious":[118],"update":[119],"communicating":[121],"with":[122],"other":[123,126],"adversaries,":[124],"accessing":[125],"clients'":[127],"updates,":[128],"or":[129],"relying":[130],"knowledge":[133],"server-side":[135],"defenses.":[136],"demonstrate":[138],"feasibility":[140],"propose":[146],"\\textbf{XFED},":[147],"first":[149],"aggregation-agnostic,":[150],"non-collusive":[151],"attack.":[154],"Our":[155],"empirical":[156],"evaluation":[157],"across":[158],"six":[159,171],"benchmark":[160],"datasets":[161],"shows":[162],"that":[163,179],"XFED":[164],"bypasses":[165],"eight":[166],"state-of-the-art":[167],"defenses":[168],"outperforms":[170],"attacks.":[175],"These":[176],"findings":[177],"indicate":[178],"systems":[181],"are":[182],"substantially":[183],"less":[184],"secure":[185],"than":[186],"previously":[187],"believed":[188],"underscore":[190],"urgent":[192],"need":[193],"for":[194],"more":[195],"robust":[196],"practical":[198],"defense":[199],"mechanisms.":[200]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-14T00:00:00"}