Poison to Detect: Detection of Targeted Overfitting in Federated Learning
Authors: Soumia Zohra El Mestari (University of Luxembourg), Maciej Krzysztof Zuziak (University of Leeds), Gabriele Lenzini (University of Luxembourg)
Volume: 2026
Issue: 4
Pages: 480–506
DOI: https://doi.org/10.56553/popets-2026-0131
Abstract: Federated Learning (FL) enables collaborative model training among clients without centralising data, making it a widely adopted privacy enhancing technology (PET). Despite its privacy benefits, FL remains vulnerable to orchestrator-driven privacy attacks. In this paper, we study an underexplored threat in which a dishonest orchestrator intentionally manipulates the aggregation process to induce targeted overfitting in local models of specific clients. Although prior work focuses on reducing information leakage during training, we emphasise early client-side detection of targeted overfitting, allowing clients to disengage before significant harm occurs. To this end, we propose three detection techniques—label flipping, backdoor trigger injection, and model fingerprinting—which enable clients to verify the integrity of the global aggregation. We evaluated our methods across multiple datasets and attack scenarios. In single-client attacks, all three methods detect orchestrator-induced overfitting within 1–2 training rounds with F1 scores exceeding 0.7. Scalability experiments further show that detection effectiveness is influenced by cohort composition and method parameters. These results demonstrate that client-side integrity testing can provide early, effective, and scalable detection, supporting safer deployment of FL systems.
Keywords: privacy preserving machine learning, federated learning, overfitting, fingerprinting, data poisoning
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.