Backdoor-Resilient Graph Federated Learning via Structural Prototype Alignment and Consistency Constraints

Authors

  • Jean West Department of Computer Science, University of North Texas, Denton, TX, USA.
  • Anil Dutta Department of Computer Science, University of New Hampshire, Durham, NH, USA.
  • Ralph Little School of Electrical Engineering and Computer Science, Oregon State University, Corvallis, OR, USA.

Keywords:

graph federated learning, backdoor resilience, prototype alignment, consistency constraints, structural robustness, socio-technical infrastructure

Abstract

Graph federated learning enables multiple institutions to collaboratively train graph neural networks without sharing raw graph data, but it remains critically vulnerable to backdoor attacks where malicious participants embed hidden triggers into their local models to cause targeted misclassifications at inference time. Existing defenses often rely on anomaly detection of model updates or adversarial training, yet they struggle to generalize across non-IID graph distributions and often degrade utility. This paper proposes a backdoor-resilient framework based on structural prototype alignment and consistency constraints. The approach centers on establishing a shared set of structural prototypes that capture essential topological patterns across clients, forcing local models to align their learned representations with these prototypes while enforcing consistency constraints across different views of the same graph. By decoupling the global model into a structural encoder and a prototype-based classifier, the framework mitigates the impact of backdoor triggers that distort local feature distributions without affecting the underlying graph structure. We analyze the system-level trade-offs among robustness, communication efficiency, and fairness, and discuss architectural choices for deployment in socio-technical infrastructures such as healthcare networks and financial systems. The proposed method offers a governance-compatible pathway for federated graph learning under adversarial conditions, with implications for regulatory compliance and long-term sustainability.

References

1. Zhang, Z., Cui, P., & Zhu, W. (2020). Deep learning on graphs: A survey. IEEE Transactions on Knowledge and Data Engineering, 34(1), 249–270.

2. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. In Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics (pp. 2938–2948). PMLR.

3. Bhagoji, A. N., Chakraborty, S., Mittal, P., & Calo, S. (2019). Analyzing federated learning through an adversarial lens. In Proceedings of the 36th International Conference on Machine Learning (pp. 634–643). PMLR.

4. Snell, J., Swersky, K., & Zemel, R. (2017). Prototypical networks for few-shot learning. In Advances in Neural Information Processing Systems 30 (pp. 4077–4087).

5. Chen, T., Kornblith, S., Norouzi, M., & Hinton, G. (2020). A simple framework for contrastive learning of visual representations. In Proceedings of the 37th International Conference on Machine Learning (pp. 1597–1607). PMLR.

6. Scardapane, S., Vai, M., & Uncini, A. (2022). Federated learning for graph neural networks: A comprehensive survey. IEEE Access, 10, 125567–125582.

7. Sun, Z., Kairouz, P., Suresh, A. T., & McMahan, H. B. (2019). Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963.

8. Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems 30 (pp. 119–129).

9. Zhang, J., Chen, J., Wu, D., Liu, B., & Yu, P. S. (2021). Poisoning attack in federated learning with graph data. In Proceedings of the 30th ACM International Conference on Information and Knowledge Management (pp. 2565–2574).

10. Shui, Y., Jin, R., Dou, Z., & Gao, Z. (2026). ProtoGuard-SL: Prototype Consistency Based Backdoor Defense for Vertical Split Learning. arXiv preprint arXiv:2604.03595.

11. You, Y., Chen, T., Sui, Y., Chen, T., Wang, Z., & Shen, Y. (2020). Graph contrastive learning with augmentations. In Advances in Neural Information Processing Systems 33 (pp. 5812–5823).

12. Hassani, K., & Khasahmadi, A. H. (2020). Contrastive multi-view representation learning on graphs. In Proceedings of the 37th International Conference on Machine Learning (pp. 4116–4126).

13. Goldblum, M., Tsipras, D., Xie, C., Chen, X., Schwarzschild, A., Song, D., ... & Goldstein, T. (2022). Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses. IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(2), 1563–1580.

14. Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. In Proceedings of the 35th International Conference on Machine Learning (pp. 5650–5659). PMLR.

15. Dwork, C., Hardt, M., Pitassi, T., Reingold, O., & Zemel, R. (2012). Fairness through awareness. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (pp. 214–226).

16. Barocas, S., Hardt, M., & Narayanan, A. (2019). Fairness and Machine Learning. fairmlbook.org.

17. Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A. N., ... & Zhao, S. (2021). Advances and open problems in federated learning. Foundations and Trends in Machine Learning, 14(1–2), 1–210.

18. Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 308–318).

19. Li, T., Sahu, A. K., Talwalkar, A., & Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 37(3), 50–60.

20. Zhu, Z., Hong, J., & Zhou, J. (2021). Data-free knowledge distillation for heterogeneous federated learning. In Proceedings of the 38th International Conference on Machine Learning (pp. 12878–12889). PMLR.

Downloads

Published

2026-05-15

How to Cite

Jean West, Anil Dutta, & Ralph Little. (2026). Backdoor-Resilient Graph Federated Learning via Structural Prototype Alignment and Consistency Constraints. International Journal of Artificial Intelligence Research, 1(2). Retrieved from https://isipress.org/index.php/IJAIR/article/view/190

Issue

Vol. 1 No. 2 (2026): International Journal of Artificial Intelligence Research

Section

Articles

License

Copyright (c) 2026 International Journal of Artificial Intelligence Research

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.