Abstract
Federated Learning (FL) has emerged as a promising solution forprivacy-preserving autonomous driving, specifically camera-based Road ConditionClassification (RCC) systems, harnessing distributed sensing, computing, andcommunication resources on board vehicles without sharing sensitive image data.However, the collaborative nature of FL-RCC frameworks introduces newvulnerabilities: Targeted Label Flipping Attacks (TLFAs), in which maliciousclients (vehicles) deliberately alter their training data labels to compromisethe learned model inference performance. Such attacks can, e.g., cause avehicle to mis-classify slippery, dangerous road conditions as pristine andexceed recommended speed. However, TLFAs for FL-based RCC systems are largelymissing. We address this challenge with a threefold contribution: 1) wedisclose the vulnerability of existing FL-RCC systems to TLFAs; 2) we introducea novel label-distance-based metric to precisely quantify the safety risksposed by TLFAs; and 3) we propose FLARE, a defensive mechanism leveragingneuron-wise analysis of the output layer to mitigate TLFA effects. Extensiveexperiments across three RCC tasks, four evaluation metrics, six baselines, andthree deep learning models demonstrate both the severity of TLFAs on FL-RCCsystems and the effectiveness of FLARE in mitigating the attack impact.