최민영, 김현일,

10.13089/JKIISC.2025.35.1.99,

As privacy regulations become stricter, federated learning, which enables learning in a distributed environment without storing user data on a central server, has emerged as a critical technology. However, its distributed nature makes it vulnerable to various attacks, with backdoor attacks being particularly significant. In this paper, we aim to defend against such backdoor attacks by applying a weak differential privacy mechanism and combining it with various defense techniques such as Multi-Krum and Norm Clipping to analyze their effectiveness. Experiments conducted using the Reddit dataset and LSTM and GPT-2 models with varying levels of noise demonstrate that effective defense can be achieved with less noise than typically required for privacy protection. Moreover, combining differential privacy with other defense techniques enhances defense performance. This study highlights the importance of optimizing noise settings to defend against backdoor attacks while maintaining model performance in federated learning environments and suggests that the combination of differential privacy with other defense mechanisms is a practical solution for backdoor defense.