Explanation-Consistent Robust Aggregation for Federated IDS

Introduce an “explanation-consensus score” into robust aggregation for federated intrusion detection. Each client submits model deltas plus lightweight attribution summaries on a small, server-held audit set (e.g., aggregated gradients or SHAP-like vectors). The server downweights or excludes client updates that cause large divergences in attribution profiles relative to historical norms or peer medians. Existing robust aggregators use vector norms or coordinate-wise statistics; this proposes a new signal: stability of explanations across clients. This addresses practical adoption barriers by using summaries that preserve privacy and minimize engineering overhead. Combines robust aggregation and anomaly detection in FL with a new criterion—the invariance of “why the model predicts”—to detect poisoned or backdoored contributions. Backdoors and targeted poisoning often preserve top-level metrics but alter feature reliance; explanation inconsistency is a sensitive classifier-agnostic tell. The server only needs a small audit set with agreed-upon labels. Impact: A broadly applicable defense for privacy-preserving, distributed IDS that is harder to game than norm-based filters and naturally supports accountability and auditing.

References:

1. Adversarial AI in Federated Learning: Threats, Robust Defenses, and the Role of Explain ability for Trustworthy Distributed AI. D. Kejriwal, Anshul Goel, T. D. Pujari, A. K. Pakina (2023). IOSR Journal of Computer Engineering.
2. Adversarial AI in Federated Learning: Threats, Robust Defenses, and the Role of Explainability for Trustworthy Distributed AI. D. Kejriwal, Tejaskumar Pujari, Anshul Goel (2023). International Journal for Sciences and Technology.