Beyond Corner Patches: Semantics-Aware Backdoor Attack in Federated Learning
arXiv:2603.29328v1 Announce Type: new Abstract: Backdoor attacks on federated learning (FL) are most often evaluated with synthetic corner patches or out-of-distribution (OOD) patterns that are unlikely to arise in practice. In this paper, we revisit the backdoor threat to standard FL (a single global model) under a more realistic setting where triggers must be semantically meaningful, in-distribution, and visually plausible. We propose SABLE, a Semantics-Aware Backdoor for LEarning in federated settings, which constructs natural, content-consistent triggers (e.g., semantic attribute changes such as sunglasses) and optimizes an aggregation-aware malicious objective with feature separation and parameter regularization to keep attacker updates close to benign ones. We instantiate SABLE on Ce
View PDF HTML (experimental)
Abstract:Backdoor attacks on federated learning (FL) are most often evaluated with synthetic corner patches or out-of-distribution (OOD) patterns that are unlikely to arise in practice. In this paper, we revisit the backdoor threat to standard FL (a single global model) under a more realistic setting where triggers must be semantically meaningful, in-distribution, and visually plausible. We propose SABLE, a Semantics-Aware Backdoor for LEarning in federated settings, which constructs natural, content-consistent triggers (e.g., semantic attribute changes such as sunglasses) and optimizes an aggregation-aware malicious objective with feature separation and parameter regularization to keep attacker updates close to benign ones. We instantiate SABLE on CelebA hair-color classification and the German Traffic Sign Recognition Benchmark (GTSRB), poisoning only a small, interpretable subset of each malicious client's local data while otherwise following the standard FL protocol. Across heterogeneous client partitions and multiple aggregation rules (FedAvg, Trimmed Mean, MultiKrum, and FLAME), our semantics-driven triggers achieve high targeted attack success rates while preserving benign test accuracy. These results show that semantics-aligned backdoors remain a potent and practical threat in federated learning, and that robustness claims based solely on synthetic patch triggers can be overly optimistic.
Subjects:
Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computer Vision and Pattern Recognition (cs.CV); Distributed, Parallel, and Cluster Computing (cs.DC); Machine Learning (cs.LG)
Cite as: arXiv:2603.29328 [cs.CR]
(or arXiv:2603.29328v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2603.29328
arXiv-issued DOI via DataCite (pending registration)
Submission history
From: Kavindu Herath [view email] [v1] Tue, 31 Mar 2026 06:48:25 UTC (2,778 KB)
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
modelbenchmarkannounce
Variables: Data Storage and Information Organization
<p>Level: Beginner | Stack: Frontend and Backend | Type: Dictionary</p> <p>A <strong>variable</strong> is a space in the computer's memory reserved to store data that can be used and modified during the execution of a program. They solve the problem of value memorization, allowing the developer to use user-friendly names to manipulate complex or dynamic information.</p> <h3> Variable Types and Data Types </h3> <p>In development, every language has its own way of handling data. While the core concepts are similar (numbers, text, booleans), the <strong>nomenclatures</strong> and <strong>typing</strong> vary significantly.</p> <h4> JavaScript (and TypeScript) </h4> <p>JavaScript is known for its dynamic typing, but TypeScript adds rigor to these types.</p> <ul> <li> <strong>Number</strong>: R
GitHub Issue Template: How to Get More Contributions and Build Community
<h2> TL;DR </h2> <ul> <li>Good issue templates increase contributor activity by 40%+</li> <li>Bug report template → better bugs, faster fixes</li> <li>Feature request template → clearer roadmap</li> <li>Pull request template → higher merge rate</li> <li> <strong>Free templates included</strong> — copy and use today</li> </ul> <h2> Why Issue Templates Matter </h2> <p>When developers file issues without guidance, you get:</p> <ul> <li>Vague bug reports: "it doesn't work"</li> <li>Duplicate requests: "I already built this in #123"</li> <li>Missing context: no steps to reproduce</li> </ul> <p>With templates, you get actionable information that moves your project forward.</p> <h2> The 4 Essential Templates </h2> <h3> 1. Bug Report Template </h3> <div class="highlight js-code-highlight"> <pre cl
Apple Just Killed a $100M Vibe Coding App. Here's the Security Angle Nobody's Talking About.
<p>Last week, Apple removed "Anything" from the App Store. The startup had raised $11M at a $100M valuation. Gone overnight.</p> <p>Replit and Vibecode are also blocked from releasing updates.</p> <p>The tech press is calling it anticompetitive. X is full of takes about Apple killing innovation. The narrative is simple: Apple wants you to use Xcode with their AI tools, not third-party vibe coding apps.</p> <p>But here's what nobody's talking about: <strong>Apple cited Guideline 2.5.2</strong>. And that's a security rule, not a competition rule.</p> <h2> What Guideline 2.5.2 Actually Says </h2> <blockquote> <p>"Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Models
How MAGA learned to love AI safety - Transformer | Substack
<a href="https://news.google.com/rss/articles/CBMiqAFBVV95cUxNQUR3SWZmM2p6NTVYaDBLeFhjWkN6aGZ4ZGt0WG5mVnFNNmxiRE9XMzEyUkg0QzJkQUJxZGxJRTd2enFSdkhQYWtCcjA4NzBCdEN3VTBTQS1tTWR0a3JEeGhTT1RCQWEtSEhzaVRZQVBRbXA1ZGRrVmJUTmU1aUNKclY5cHZOVm5USzhHSGFKS01FYzNzMG1UUmp3aVFlbl9XZGJPWXp1aDY?oc=5" target="_blank">How MAGA learned to love AI safety</a> <font color="#6f6f6f">Transformer | Substack</font>
The Evolution of Natural Language Processing: A Journey from 1960 to 2020
<h1> The Evolution of Natural Language Processing: A Journey from 1960 to 2020 </h1> <p><em>How we taught machines to understand human language — from simple pattern matching to transformer-powered AI</em></p> <h2> Introduction: The Dream of Conversational Machines </h2> <p>Imagine asking a machine a question in plain English and receiving a thoughtful, contextual response. Today, this seems ordinary — we talk to Siri, Alexa, and ChatGPT without a second thought. But six decades ago, this was pure science fiction.</p> <p>Natural Language Processing (NLP) emerged from the intersection of linguistics, artificial intelligence, and computer science, driven by a simple but profound goal: enabling computers to understand, analyze, and generate human language the way we do.</p> <p>This is the sto
Exclusive | The Sudden Fall of OpenAI’s Most Hyped Product Since ChatGPT - WSJ
<a href="https://news.google.com/rss/articles/CBMiogNBVV95cUxOWWxBMGhZQlVBWFVneHhFM1Q1MGFOUElWNDJvc1FiUUVKX04yTkNQWUxKTVEwcm9tRWZ2WWRiSGNtOGFiMHBOV0RCRlJ5Tl8zbmYyQTM1VFQ3TUh2WVZaeW82Vi16NE14dGVDWnhxLUR4MEZZVm56SWFBWjl2a05uZUYycWpDNkJMMFFFZEVMVGh5Y0dKek5ZaVpWMi1sRmxKY2NacGpiQ0IwT1NRQlJ6aUNLdzE5cjlfNEdISzJQMU5mVlp3TkRtMUxxVThaSC0xV25pN0hjdTlMN0M5QmFaVXFqYm9JR29SVnZvcjRPYTdaNjdQT0V0aXp2XzFIakxuQXhLRG01UWJkQmtHZ0VFQWduaUpJT3lJU28tOXlaenExZ016UFFyR0M1S054RzZhdzB0aENJQmZ6V1VjSW4xZlhCaXFTOGpkNC1XZ0VIbFpNSG15b2dGUXIweVViTUZ6WGJJU2szNkhiT2l3RFE0VFdrS1dqdWJZX1djcVhHSnpfd3h3UVJoMTBhRjdCclNHdlpkM29NVFFVdlBtQ3czSHdR?oc=5" target="_blank">Exclusive | The Sudden Fall of OpenAI’s Most Hyped Product Since ChatGPT</a> <font color="#6f6f6f">WSJ</font>
Google Launches Veo 3.1 Lite, a More Cost-Effective AI Video Generator Model - CNET
<a href="https://news.google.com/rss/articles/CBMisgFBVV95cUxOSzR5bHhCcDJMUUhUd3B5Um9xajlKRzFLMEIwUFNacmFFQVlLVXY3UVF3OEFpTDJVdngzRjNYV0ZOMkstMi1KeFI4QWNvS1hleXJ5Rm5rbVBOSG9vc1lVNV9SVTZUYnBVcTNoM3NvMEFNVGVnMklrclVzbHZRLWxZWmoxQW9UQW15V0VpcGtxZGt6d2tBaGhhcTBlM2ZuWDhxMDMtNFVRejE3aU9SemdDLUZ3?oc=5" target="_blank">Google Launches Veo 3.1 Lite, a More Cost-Effective AI Video Generator Model</a> <font color="#6f6f6f">CNET</font>
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!