HyperShield: A Personalized Hypernetwork-Based Defense Against Poisoning Attacks in Federated Learning for Healthcare

Journal: Expert Systems with Applications, WoS(SCIE), Q1
Author: Trần Kim Phúc - Trường Đại học Đông Á

Abstract:

Federated learning (FL) enables collaborative model training across distributed healthcare sites without sharing raw patient data, preserving privacy while leveraging diverse Intensive Care Unit (ICU) records. However, FL remains vulnerable to model poisoning attacks in which compromised clients upload malicious updates, potentially degrading critical ICU outcome predictions. In this paper, HyperShield, a personalized and communication-efficient defense framework tailored for federated healthcare systems, is designed. HyperShield leverages a lightweight hypernetwork to generate low-dimensional client embeddings that encapsulate unique behavioral patterns, enabling unsupervised anomaly detection without access to raw data or labeled samples. The investigation on HyperShield performance over an ICU mortality prediction context shows that HyperShield achieves a minimum ROC AUC of 0.82 and peaks at 0.90 across five untargeted poisoning attacks and up to 50% adversarial client participation. Additionally, resource profiling on an NVIDIA Jetson Nano confirms the practicality to deploy HyperShield in edge devices, in which CPU utilization remains under 7% and RAM usage stays below 2.5%, incurring only a 1.4 times CPU and 0.7 times RAM overhead compared to vanilla FedAvg. These results demonstrate that HyperShield not only provides strong resilience against sophisticated poisoning attacks under non-IID conditions but also maintains high scalability and deployment efficiency for real-world edge-cloud healthcare applications.

DOI: https://www.sciencedirect.com/science/article/abs/pii/S0957417425038527