Safeguarding Federated Learning-based Road Condition Classification

--Federated Learning (FL) has emerged as a promising solution for privacy-preserving autonomous driving, specifically camera-based Road Condition Classification (RCC) systems, harnessing distributed sensing, computing, and communication resources on board vehicles without sharing sensitive image data. However, the collaborative nature of FL-RCC frameworks introduces new vulnerabilities: T argeted Label Flipping Attacks (TLF As), in which malicious clients (vehicles) deliberately alter their training data labels to compromise the learned model inference performance. Such attacks can, e.g., cause a vehicle to mis-classify slippery, dangerous road conditions as pristine and exceed recommended speed. However, TLF As for FL-based RCC systems are largely missing. We address this challenge with a threefold contribution: 1) we disclose the vulnerability of existing FL-RCC systems to TLF As; 2) we introduce a novel label-distance-based metric to precisely quantify the safety risks posed by TLF As; and 3) we propose FLARE, a defensive mechanism leveraging neuron-wise analysis of the output layer to mitigate TLF A effects. Extensive experiments across three RCC tasks, four evaluation metrics, six baselines, and three deep learning models demonstrate both the severity of TLF As on FL-RCC systems and the effectiveness of FLARE in mitigating the attack impact. Road Condition Classification (RCC) [1], encompassing tasks such as unevenness detection, friction estimation, and surface material identification, is important for intelligent transportation. It directly influences vehicle control, traffic safety, and passenger comfort.