Beyond Denial-of-Service: The Puppeteer’s Attack for Fine-Grained Control in Ranking-Based Federated Learning

Federated Learning (FL) is increasingly used in sensitive fields such as healthcare and finance because it keeps data decentralized. However, its vulnerability to poisoning attacks remains a critical concern.

Our work introduces the Puppeteer’s Attack, a novel approach for fine-grained control in ranking-based federated learning. Beyond simple denial-of-service, this attack allows a malicious server to manipulate the model’s behavior with high precision, bypassing traditional defenses by operating at the hidden layer level.

⚙️ The insight Ranking-based FL systems, intended for scalability and robustness, can be subtly steered by identifying and manipulating the most sensitive hidden layers. We demonstrate how the Puppeteer’s Attack can guide global model updates without requiring architectural changes.

📊 Validation Experiments across multiple datasets show the effectiveness of the attack in practical settings, highlighting the need for more specialized defenses in ranking-based federated learning architectures.

Recommended citation: Chen, Z., Gong, Zirui, Ning, J., Zhang, Yanjun, and Zhang, Leo Yu. 'Beyond Denial-of-Service: The Puppeteer's Attack for Fine-Grained Control in Ranking-Based Federated Learning.' Proceedings of the Web Conference 2026 (WWW 2026).
Download Paper