Trustworthy IoT Federated Systems: Prototype-Level Defense Mechanisms Against Distributed Backdoor Injection

Authors

  • Wesley Powers Department of Computer Science, Colorado State University, Fort Collins, CO, USA.
  • Rahul Srinivasan Department of Computer Science, Binghamton University, Binghamton, NY, USA.
  • Huaqiang Cui Department of Computer Science, George Mason University, Fairfax, VA, USA.

Keywords:

federated learning, IoT security, backdoor attack, prototype defense, trustworthy AI, distributed systems, vertical split learning, robust aggregation, edge governance

Abstract

The proliferation of Internet of Things (IoT) devices has given rise to federated learning systems that enable collaborative model training without centralizing raw data. However, the distributed and heterogeneous nature of these systems exposes them to sophisticated security threats, particularly distributed backdoor injection attacks. Such attacks exploit the decentralized training paradigm to embed hidden malicious behaviors into the global model while preserving its performance on benign tasks. Existing defense mechanisms often rely on statistical filtering or weight clipping, but these approaches suffer from scalability issues, high computational overhead, and vulnerability to adaptive adversaries operating across many clients. This paper introduces a prototype-level defense framework tailored for trustworthy IoT federated systems, focusing on the structural alignment of learned representations to detect and neutralize backdoor triggers. We discuss system architecture considerations, including the integration of prototype consistency checks within aggregation protocols, the trade-offs between detection accuracy and communication efficiency, and the governance implications for deploying such defenses in real-world IoT infrastructures. Through a cross-domain analysis of prototype-based methods in computer vision, natural language processing, and vertical split learning, we argue that prototype-level defense mechanisms offer a principled path toward robustness without sacrificing model utility. We also examine policy and sustainability aspects, emphasizing the need for lightweight, energy-aware implementations suitable for resource-constrained edge devices. The paper concludes by outlining future research directions in adaptive defense orchestration, fairness-aware aggregation, and the standardization of trust metrics for federated IoT environments.

References

1. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics (pp. 1273–1282). PMLR.

2. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. In International Conference on Artificial Intelligence and Statistics (pp. 2938–2948). PMLR.

3. Blanchard, P., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems (pp. 119–129).

4. Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning (pp. 5650–5659). PMLR.

5. Baruch, M., Baruch, G., & Koren, T. (2019). A defense against backdoor attacks in federated learning via model update clustering. arXiv preprint arXiv:1908.05032.

6. Shui, Y., Jin, R., Dou, Z., & Gao, Z. (2026). ProtoGuard-SL: Prototype Consistency Based Backdoor Defense for Vertical Split Learning. arXiv preprint arXiv:2604.03595.

7. Gu, T., Dolan-Gavitt, B., & Garg, S. (2017). BadNets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733.

8. Sun, Z., Kairouz, P., Suresh, A. T., & McMahan, H. B. (2019). Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963.

9. Snell, J., Swersky, K., & Zemel, R. (2017). Prototypical networks for few-shot learning. In Advances in Neural Information Processing Systems (pp. 4077–4087).

10. Li, T., Sahu, A. K., Talwalkar, A., & Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 37(3), 50–60.

11. Konečný, J., McMahan, H. B., Yu, F. X., Richtárik, P., Suresh, A. T., & Bacon, D. (2016). Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492.

12. Hsu, T. M. H., Qi, H., & Brown, M. (2019). Measuring the effects of non-identical data distribution for federated visual classification. arXiv preprint arXiv:1909.06335.

13. Sattler, F., Wiedemann, S., Müller, K. R., & Samek, W. (2020). Robust and communication-efficient federated learning from non-i.i.d. data. IEEE Transactions on Neural Networks and Learning Systems, 31(9), 3400–3413.

14. Fung, C., Yoon, C. J. M., & Beschastnikh, I. (2020). Mitigating sybils in federated learning using protected labels. arXiv preprint arXiv:2006.12582.

15. Reisizadeh, A., Mokhtari, A., Hassani, H., Jadbabaie, A., & Pedarsani, R. (2020). FedPAQ: A communication-efficient federated learning method with periodic averaging and quantization. In International Conference on Artificial Intelligence and Statistics (pp. 2021–2031). PMLR.

16. Wang, J., Charles, Z., Xu, Z., Joshi, G., McMahan, H. B., & Al-Shedivat, M. (2021). A field guide to federated optimization. arXiv preprint arXiv:2107.06917.

17. Mohri, M., Sivek, G., & Suresh, A. T. (2019). Agnostic federated learning. In International Conference on Machine Learning (pp. 4615–4625). PMLR.

18. Chen, J., Zhang, J., & Lyu, M. R. (2021). Backdoor attacks and defenses in federated learning: A survey. ACM Computing Surveys, 55(7), 1–35.

19. Xie, C., Huang, K., Chen, P. Y., & Li, B. (2020). Dba: Distributed backdoor attacks against federated learning. In International Conference on Learning Representations.

20. Zhu, H., Jin, R., & Gu, Q. (2021). Textual backdoor attacks in federated learning. In Findings of the Association for Computational Linguistics: EMNLP 2021 (pp. 2283–2293).

21. Shen, S., Tople, S., & Mittal, P. (2021). Model inversion attacks in federated learning. In Advances in Neural Information Processing Systems (pp. 16077–16089).

22. Raman, R. K., & Varshney, L. R. (2021). Federated learning with decentralized aggregation using blockchain. In IEEE International Conference on Blockchain and Cryptocurrency (pp. 1–5).

23. Adadi, A., & Berrada, M. (2018). Peeking inside the black-box: A survey on explainable artificial intelligence (XAI). IEEE Access, 6, 52138–52160.

24. Qiu, X., Liu, T., & Huang, Z. (2022). Energy-aware federated learning for IoT devices: A survey. IEEE Internet of Things Journal, 9(24), 25288–25303.

25. Wang, H., Kaplan, Z., Niu, D., & Li, B. (2020). Optimizing federated learning on non-IID data with reinforcement learning. In IEEE INFOCOM 2020 (pp. 1–10).

Downloads

Published

2026-05-26

How to Cite

Wesley Powers, Rahul Srinivasan, & Huaqiang Cui. (2026). Trustworthy IoT Federated Systems: Prototype-Level Defense Mechanisms Against Distributed Backdoor Injection. Computer Science and Engineering Transactions, 4(1). Retrieved from https://csetx.org/index.php/cset/article/view/151

Issue

Vol. 4 No. 1 (2026): Computer Science and Engineering Transactions

Section

Articles

License

Copyright (c) 2026 Computer Science and Engineering Transactions

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.