![[2602.18489] DCInject: Persistent Backdoor Attacks via Frequency Manipulation in Personal Federated Learning](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.18489] DCInject: Persistent Backdoor Attacks via Frequency Manipulation in Personal Federated Learning
Summary
The paper presents DCInject, a novel backdoor attack method targeting personalized federated learning (PFL) systems, demonstrating high attack success rates while maintaining model accuracy.
Why It Matters
As federated learning becomes increasingly prevalent in machine learning applications, understanding vulnerabilities such as those exposed by DCInject is critical for enhancing security measures. This research highlights the need for improved defenses against sophisticated attacks that exploit frequency manipulation.
Key Takeaways
- DCInject utilizes frequency-domain manipulation to conduct backdoor attacks in PFL.
- The attack achieves high success rates while preserving model accuracy across multiple datasets.
- DCInject demonstrates significant persistence against existing defenses, revealing critical vulnerabilities in PFL security.
Computer Science > Cryptography and Security arXiv:2602.18489 (cs) [Submitted on 11 Feb 2026] Title:DCInject: Persistent Backdoor Attacks via Frequency Manipulation in Personal Federated Learning Authors:Nahom Birhan, Daniel Wesego, Dereje Shenkut, Frank Liu, Daniel Takabi View a PDF of the paper titled DCInject: Persistent Backdoor Attacks via Frequency Manipulation in Personal Federated Learning, by Nahom Birhan and 4 other authors View PDF HTML (experimental) Abstract:Personalized federated learning (PFL) creates client-specific models to handle data heterogeneity. Previously, PFL has been shown to be naturally resistant to backdoor attack propagation across clients. In this work, we reveal that PFL remains vulnerable to backdoor attacks through a novel frequency-domain approach. We propose DCInject, an adaptive frequency-domain backdoor attack for PFL, which removes portions of the zero-frequency (DC) component and replaces them with Gaussian-distributed samples in the frequency domain. Our attack achieves superior attack success rates while maintaining clean accuracy across four datasets (CIFAR-10/100, GTSRB, SVHN) compared to existing spatial-domain attacks, evaluated under parameter decoupling based personalization. DCInject achieves superior performance with ASRs of 96.83% (CIFAR-10), 99.38% (SVHN), and 100% (GTSRB) while maintaining clean accuracy. Under I-BAU defense, DCInject demonstrates strong persistence, retaining 90.30% ASR vs BadNet's 58.56% on VGG-16, exp...
