[2603.29328] Beyond Corner Patches: Semantics-Aware Backdoor Attack in Federated Learning

Computer Science > Cryptography and Security arXiv:2603.29328 (cs) [Submitted on 31 Mar 2026] Title:Beyond Corner Patches: Semantics-Aware Backdoor Attack in Federated Learning Authors:Kavindu Herath, Joshua Zhao, Saurabh Bagchi View a PDF of the paper titled Beyond Corner Patches: Semantics-Aware Backdoor Attack in Federated Learning, by Kavindu Herath and 2 other authors View PDF HTML (experimental) Abstract:Backdoor attacks on federated learning (FL) are most often evaluated with synthetic corner patches or out-of-distribution (OOD) patterns that are unlikely to arise in practice. In this paper, we revisit the backdoor threat to standard FL (a single global model) under a more realistic setting where triggers must be semantically meaningful, in-distribution, and visually plausible. We propose SABLE, a Semantics-Aware Backdoor for LEarning in federated settings, which constructs natural, content-consistent triggers (e.g., semantic attribute changes such as sunglasses) and optimizes an aggregation-aware malicious objective with feature separation and parameter regularization to keep attacker updates close to benign ones. We instantiate SABLE on CelebA hair-color classification and the German Traffic Sign Recognition Benchmark (GTSRB), poisoning only a small, interpretable subset of each malicious client's local data while otherwise following the standard FL protocol. Across heterogeneous client partitions and multiple aggregation rules (FedAvg, Trimmed Mean, MultiKrum, an...