کنفرانس بین المللی فناوری اطلاعات و دانش

صفحه اصلی / شانزدهمین کنفرانس بین المللی فناوری اطلاعات و دانش

FedCloak: Backdoor-Based Covert Channels in Federated Learning

نویسندگان :

Mohammad Matin Rezaeifard¹ Fatemeh Zahedi² Seyed Arsalan Vasegh Rahim Parvar³ Reza Ebrahimi Atani⁴

1- دانشگاه گیلان 2- دانشگاه گیلان 3- دانشگاه گیلان 4- دانشگاه گیلان

کلمات کلیدی :

Federated learning،Backdoor Attacks،Covert communication،Data Poisoning،Binary Memoryless Channel (BMC)،Adversarial Machine Learning،Model Aggregation،Security and privacy in distributed systems

چکیده :

Federated learning enables collaborative model training without centralizing data, but its distributed structure also exposes new vectors for covert communication. Existing schemes that embed messages in model parameters often require fine grained control and support only single sender settings, limiting their practicality. This paper introduces FedCloak, a novel framework that transforms data poisoning backdoor attacks into multi party covert channels within federated learning systems. By encoding bits through the global model’s transition between clean and triggered states, FedCloak allows colluding clients to exchange information without modifying aggregation protocols or model internals. The communication process is analytically modeled as a binary memoryless channel, enabling quantitative estimation of reliability via bit prediction accuracy. Experiments on CIFAR-10 with ResNet-9 across four aggregation algorithms (FedAvg, Trimmed Mean, Krum, and Multi-Krum) show that FedCloak achieves stable, high accuracy transmission even under aggregation noise. These results demonstrate that backdoor dynamics can act as an effective and practical substrate for covert communication in federated learning.