Federated learning enables aggregating models trained over a large number of clients by sending the models to a central server, while data privacy is preserved since only the models are sent. Federated learning techniques are considerably vulnerable to poisoning attacks. In this paper, we explore the threat of poisoning attacks and introduce a game-based robust federated averaging algorithm to detect and discard bad updates provided by the clients. We model the aggregating process with a mixed-strategy game that is played between the server and each client. The valid actions of the clients are to send good or bad updates while the server can accept or ignore these updates as its valid actions. By employing the Nash Equilibrium property, the server determines the probability of providing good updates by each client. The experimental results show that our proposed game-based aggregation algorithm is significantly more robust to faulty and noisy clients in comparison with the most recently presented methods. According to these results, our algorithm converges after a maximum of 30 iterations and can detect 100% of the bad clients for all the investigated scenarios. In addition, the accuracy of the proposed algorithm is at least 15.8% and 2.3% better than the state of the art for flipping and noisy scenarios, respectively.
Due to the increasing sophistication of web attacks, Web Application Firewalls (WAFs) have to be tested and updated regularly to resist the relentless flow of web attacks. In practice, using a brute-force attack to discover vulnerabilities is infeasible due to the wide variety of attack patterns. Thus, various black-box testing techniques have been proposed in the literature. However, these techniques suffer from low efficiency. This paper presents Reinforcement-Learning-Driven and Adaptive Testing (RAT ), an automated black-box testing strategy to discover injection vulnerabilities in WAFs. In particular, we focus on SQL injection and Cross-site Scripting, which have been among the top ten vulnerabilities over the past decade. More specifically, RAT clusters similar attack samples together. It then utilizes a reinforcement learning technique combined with a novel adaptive search algorithm to discover almost all bypassing attack patterns efficiently. We compare RAT with three state-of-the-art methods considering their objectives. The experiments show that RAT performs 33.53% and 63.16% on average better than its counterparts in discovering the most possible bypassing payloads and reducing the number of attempts before finding the first bypassing payload when testing well-configured WAFs, respectively.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2025 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.