Towards Robust and Privacy-Preserving Federated Learning: Reinforcement-Guided Unlearning and Multi-Attack Defense Mechanisms

Gao, Kun

Towards Robust and Privacy-Preserving Federated Learning: Reinforcement-Guided Unlearning and Multi-Attack Defense Mechanisms

Gao, Kun

Permalink

Publication Type:: Thesis
Issue Date:: 2025

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download thesisAdobe PDF (10.66 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Gao, Kun
dc.date.accessioned	2026-05-27T07:47:05Z
dc.date.available	2026-05-27T07:47:05Z
dc.date.issued	2025
dc.identifier.uri	http://hdl.handle.net/10453/195172
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	Federated Learning (FL) has become an attractive new trend for distributed model training where the data is decentralized and is not required to be uploaded to a central server itself, alleviating the direct privacy issues. However, this decentralized paradigm also gives rise to new security risks such as gradient inversion, poisoning, and inference threats. Meanwhile, with rigorous regulatory requirements and the changing nature of privacy, federated unlearning is a crucial building block, bringing about new issues related to security and efficiency. This thesis explores secure and private defenses of FL against various threat models by combining reinforcement learning-informed defense strategies with statistical machine unlearning. The contributions of this paper are as follows: It proposes a statistical-unlearning-based defense through gradient inversion attacks while also achieving the balance between high model utility and communication efficiency. It reveals potential vulnerabilities in federated unlearning by revealing invisible attacks (i.e., camouflaged poisoning attacks that can still be effective after unlearning operations) and theoretically analyzes the effects of the attacks for the long term. It introduces the first reinforcement learning-based federated unlearning mechanism that can dynamically balance the client contribution, the privacy cost, and the computational efficiency, leading to enhanced robustness to both inference and poisoning. It also introduces a data importance-aware reinforcement learning defense that adaptively victims protection strategies at a sample level and achieves multi-attack robustness against backdoor, model stealing, and membership inference attacks. Both theoretically and empirically, we verify that the proposed approaches achieve better trade-offs between robustness, accuracy, and efficiency over different datasets and adversarial settings than state-of-the-art counterparts. Taken together, this thesis contributes to the understanding of attack defense dynamics on FL and proposes reinforcement-guided unlearning as a principled basis for adaptive, secure, and privacy-compliant decentralized learning.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/195172/1/thesis.pdf
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2025 Kun Gao
dc.rights	au.edu.uts.lib/cph
dc.title	Towards Robust and Privacy-Preserving Federated Learning: Reinforcement-Guided Unlearning and Multi-Attack Defense Mechanisms	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

Federated Learning (FL) has become an attractive new trend for distributed model training where the data is decentralized and is not required to be uploaded to a central server itself, alleviating the direct privacy issues. However, this decentralized paradigm also gives rise to new security risks such as gradient inversion, poisoning, and inference threats. Meanwhile, with rigorous regulatory requirements and the changing nature of privacy, federated unlearning is a crucial building block, bringing about new issues related to security and efficiency. This thesis explores secure and private defenses of FL against various threat models by combining reinforcement learning-informed defense strategies with statistical machine unlearning. The contributions of this paper are as follows: It proposes a statistical-unlearning-based defense through gradient inversion attacks while also achieving the balance between high model utility and communication efficiency. It reveals potential vulnerabilities in federated unlearning by revealing invisible attacks (i.e., camouflaged poisoning attacks that can still be effective after unlearning operations) and theoretically analyzes the effects of the attacks for the long term. It introduces the first reinforcement learning-based federated unlearning mechanism that can dynamically balance the client contribution, the privacy cost, and the computational efficiency, leading to enhanced robustness to both inference and poisoning. It also introduces a data importance-aware reinforcement learning defense that adaptively victims protection strategies at a sample level and achieves multi-attack robustness against backdoor, model stealing, and membership inference attacks. Both theoretically and empirically, we verify that the proposed approaches achieve better trade-offs between robustness, accuracy, and efficiency over different datasets and adversarial settings than state-of-the-art counterparts. Taken together, this thesis contributes to the understanding of attack defense dynamics on FL and proposes reinforcement-guided unlearning as a principled basis for adaptive, secure, and privacy-compliant decentralized learning.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/195172