DoBlock: Blocking Malicious Association Propagation for Backdoor-Robust Federated Learning Under Domain Skew

Authors

  • Zhou Tan College of Computer and Data Science, Fuzhou University
  • De Li School of Computer Science and Engineering, Guangxi Normal University
  • Yirui Huang College of Computer and Data Science, Fuzhou University
  • Duanshu Fang School of Computer Science and Engineering, Guangxi Normal University
  • Jia-Li Yin College of Computer and Data Science, Fuzhou University
  • Xiaolei Liu National Interdisciplinary Research Center of Engineering Physics
  • Songze Li School of Cyber Science and Engineering, Southeast University
  • Shouling Ji College of Computer Science and Technology, Zhejiang University

DOI:

https://doi.org/10.1609/aaai.v40i30.39778

Abstract

Federated Learning (FL) enables privacy-preserving distributed training but remains vulnerable to backdoor attacks. Attackers can embed malicious trigger-label associations into the global model by participating in the aggregation process. Existing defense methods typically defend against backdoor attacks by detecting and filtering malicious updates that deviate from benign ones. However, we find that these defenses fail under domain skew, where differing feature distributions across clients increase update heterogeneity, making it harder to distinguish malicious updates from benign ones. To address this challenge, we propose DoBlock, a novel defense that utilizes an aggregatable domain infuser incapable of embedding malicious associations, through federated training to facilitate cross-domain knowledge sharing. Moreover, DoBlock prevents malicious association propagation by isolating local models from aggregation, as local models remain client-specific and rely solely on local data for training. Experiments on five domain skew datasets (Digits, PACS, VLCS, Office-Caltech10, and DomainNet) show that DoBlock maintains attack success rates below 2.5%, while achieving the highest main task accuracy, demonstrating superior robustness without sacrificing benign performance.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Tan, Z., Li, D., Huang, Y., Fang, D., Yin, J.-L., Liu, X., … Ji, S. (2026). DoBlock: Blocking Malicious Association Propagation for Backdoor-Robust Federated Learning Under Domain Skew. Proceedings of the AAAI Conference on Artificial Intelligence, 40(30), 25796–25804. https://doi.org/10.1609/aaai.v40i30.39778

Issue

Vol. 40 No. 30: AAAI-26 Technical Tracks 30

Section

AAAI Technical Track on Machine Learning VII