What question did this study set out to answer?

February 11, 2026Open Access

Attack Strategies and Robustness Certification in Decentralized FMTL Systems

Key Points

The central aim is to assess the robustness of decentralized Federated Multi-Task Learning (DFMTL) systems against malicious client behavior.
Evaluation of robustness in DFMTL framework
Design and implementation of seven poisoning attack strategies
Testing on CIFAR-10 and CelebA datasets
Analysis of performance degradation in attacked and unselected clients
Certain poisoning attacks can propagate through shared aggregation pathways
Some attacks remain localized and do not affect the entire system
Identification of the most risky attack strategies for DFMTL architecture

Abstract

Today, Federated Learning (FL) and Multi-Task Learning (MTL) have been extensively studied in both centralized and decentralized paradigms, but limited attention has been paid to the security vulnerabilities of decentralized FederatedMulti-Task Learning (DFMTL) systems, particularly under malicious client behavior. Specifically, most prior work has focused on developing increasingly efficient or innovative frameworks, and the field still lacks dedicated threat models and empirical robustness evaluations tailored to such systems. To address this gap, this thesis evaluates the robustness of the decentralized Federated Multi-Task Learning (DFMTL) framework. It then designs and implements seven distinct poisoning attack strategies within the DFMTL setting: three data poisoning attacks (Random Label Flip, Targeted Label Flipping, Trigger Injection), three model poisoning attacks (Sign Flip, Scaled Boost, AT2FL), and one backdoor-style aggregation attack (Malicious Aggregation Filter). All attacks are implemented individually within the DFMTL framework and adapted to operate on both federated settings with class-label heterogeneity (CIFAR-10) and task heterogeneity (CelebA: multi-label classification vs. facial landmark regression). Importantly, certain attacks, such as AT2FL and the Malicious Aggregation Filter, required dedicated design and implementation to function within the internal communication and optimization mechanisms of the DFMTL framework. In the experiments, a subset of clients are attacked. The evaluation analyzes both the performance degradation on the attacked clients and the collateral impact on unselected clients within the same task group and across di↵erent task groups. The findings reveal that despite the distributed and task-isolated nature of DFMTL, some poisoning attacks on selected clients can propagate across the system via shared aggregation pathways, while others remain localized. The results provide insight into which attack strategies pose the greatest risk. This work presents a robustness evaluation of a DFMTL system and provides a foundation for future defenses targeting DFMTL architectures.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper