Communication-Efficient Secure Federated Learning: Prototype Distillation for Backdoor Attack Mitigation in Heterogeneous Networks

Authors

  • Steven Reynolds Department of Computer Science and Engineering, University of Nevada, Reno, Reno, NV, USA.
  • Clifford Cox Department of Computer Science, University of Houston, Houston, TX, USA.
  • Qianyu Shen Department of Computer Science, Colorado State University, Fort Collins, CO, USA.

Keywords:

federated learning, communication efficiency, prototype distillation, backdoor attack mitigation, heterogeneous networks, secure aggregation, model compression, adversarial robustness, distributed machine learning, socio-technical infrastructure

Abstract

Federated learning enables collaborative model training across decentralized data sources without centralizing raw data, yet it faces two critical challenges: communication overhead and vulnerability to backdoor attacks, particularly in heterogeneous network environments. This paper proposes a communication-efficient secure federated learning framework that leverages prototype distillation as a defense mechanism against backdoor attacks while preserving model accuracy and convergence. The framework employs a two-tier architecture where clients compute locally compressed class prototypes instead of transmitting full gradient updates, drastically reducing communication rounds and bandwidth consumption. Simultaneously, a server-side prototype verification module detects anomalous patterns indicative of poisoned data contributions, thereby mitigating backdoor injection without incurring the computational cost of full gradient inspection. We investigate the structural trade-offs between compression ratio, detection sensitivity, and model robustness under data heterogeneity, including non-IID distributions and partial client participation. Experimental simulations on standard benchmarks and case studies from healthcare and edge IoT deployments demonstrate that the proposed method reduces communication costs by up to 80 percent compared to conventional federated averaging while maintaining competitive accuracy and achieving over 90 percent backdoor detection rate under realistic attack intensities. The governance implications of deploying such a system in regulated environments, including auditability and fairness constraints, are also discussed. This research contributes a practical architectural blueprint for trustworthy federated learning in large-scale, resource-constrained, and adversarial settings.

References

1. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 54, 1273–1282.

2. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics, 108, 2938–2948.

3. Li, T., Sahu, A. K., Zaheer, M., Sanjabi, M., Talwalkar, A., & Smith, V. (2020). Federated optimization in heterogeneous networks. Proceedings of Machine Learning and Systems, 2, 429–450.

4. Wang, H., Yurochkin, M., Sun, Y., Papailiopoulos, D., & Khazaeni, Y. (2020). Federated learning with matched averaging. International Conference on Learning Representations.

5. Sattler, F., Wiedemann, S., Müller, K. R., & Samek, W. (2019). Robust and communication-efficient federated learning from non-i.i.d. data. IEEE Transactions on Neural Networks and Learning Systems, 31(9), 3400–3413.

6. Xie, C., Huang, K., Chen, P. Y., & Li, B. (2019). DBA: Distributed backdoor attacks against federated learning. International Conference on Learning Representations.

7. Shui, Y., Jin, R., Dou, Z., & Gao, Z. (2026). ProtoGuard-SL: Prototype Consistency Based Backdoor Defense for Vertical Split Learning. arXiv preprint arXiv:2604.03595.

8. Konečný, J., McMahan, H. B., Yu, F. X., Richtárik, P., Suresh, A. T., & Bacon, D. (2016). Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492.

9. Li, D., & Wang, J. (2019). FedMD: Heterogenous federated learning via model distillation. arXiv preprint arXiv:1910.03581.

10. Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep learning with differential privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 308–318.

11. Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in Neural Information Processing Systems, 30.

12. Alistarh, D., Grubic, D., Li, J., Tomioka, R., & Vojnovic, M. (2017). QSGD: Communication-efficient SGD via gradient quantization and encoding. Advances in Neural Information Processing Systems, 30.

13. Bonawitz, K., Eichner, H., Grieskamp, W., Huba, D., Ingerman, A., Ivanov, V., ... & Roselander, J. (2019). Towards federated learning at scale: System design. Proceedings of Machine Learning and Systems, 1, 374–388.

14. Qiu, X., Parcollet, T., Gusmao, D., Beaufays, F., & Lane, N. D. (2024). Challenges and opportunities in green federated learning. Nature Communications, 15(1), 1–13.

15. Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A. N., ... & Zhao, S. (2021). Advances and open problems in federated learning. Foundations and Trends in Machine Learning, 14(1–2), 1–210.

16. European Commission. (2024). Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union.

17. Jiang, Y., Konečný, J., Rush, K., & Kannan, S. (2019). Improving federated learning personalization via model agnostic meta learning. arXiv preprint arXiv:1909.12488.

18. Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., McMahan, H. B., Patel, S., ... & Seth, K. (2017). Practical secure aggregation for privacy-preserving machine learning. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 1175–1191.

19. Brown, T., Mann, B., Ryder, N., Subbiah, M., Kaplan, J. D., Dhariwal, P., ... & Amodei, D. (2020). Language models are few-shot learners. Advances in Neural Information Processing Systems, 33, 1877–1901.

20. Ilyas, A., Santurkar, S., Tsipras, D., Engstrom, L., Tran, B., & Madry, A. (2019). Adversarial examples are not bugs, they are features. Advances in Neural Information Processing Systems, 32.

Downloads

Published

2026-05-09

How to Cite

Steven Reynolds, Clifford Cox, & Qianyu Shen. (2026). Communication-Efficient Secure Federated Learning: Prototype Distillation for Backdoor Attack Mitigation in Heterogeneous Networks. International Journal of Artificial Intelligence Research, 1(2). Retrieved from https://isipress.org/index.php/IJAIR/article/view/186

Issue

Vol. 1 No. 2 (2026): International Journal of Artificial Intelligence Research

Section

Articles

License

Copyright (c) 2026 International Journal of Artificial Intelligence Research

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.