FedPlanGuard: Planning-Aware Backdoor Detection and Mitigation in Federated and Vertical Split Learning Systems for LLM-Driven Applications

Authors

  • Tejas Natarajan Department of Computer Science, University of Houston, Houston, TX, USA. Author
  • Manav C. Malhotra School of Electrical Engineering and Computer Science, Oregon State University, Corvallis, OR, USA. Author

Keywords:

federated learning, vertical split learning, backdoor detection, planning-aware security, large language models, adversarial robustness, distributed systems governance

Abstract

The integration of large language models into federated and vertical split learning systems introduces unprecedented challenges in maintaining service integrity under adversarial manipulation. This paper presents FedPlanGuard, a planning-aware framework for detecting and mitigating backdoor attacks in distributed learning environments where LLM-driven applications operate across heterogeneous client nodes. Unlike conventional defenses that operate at the parameter or gradient level, FedPlanGuard leverages high-level planning signals extracted from model reasoning trajectories to identify anomalous behavior patterns that indicate backdoor injection. The framework operates within a socio-technical infrastructure that spans governance protocols, client trust assessment, and adaptive mitigation scheduling. We examine the structural trade-offs between detection sensitivity, communication overhead, and model utility, and demonstrate how planning-aware mechanisms can distinguish between benign distribution shifts and malicious manipulation. Through a cross-domain analysis of vertical split learning architectures, we show that planning consistency metrics provide a robust signal for backdoor detection even when gradient perturbation is minimal. The paper also addresses policy implications for deployment in critical infrastructures, emphasizing fairness constraints and auditability requirements. FedPlanGuard contributes a system-level perspective that bridges planning intelligence, secure aggregation, and decentralized oversight, offering a scalable path toward trustworthy LLM-driven applications in federated ecosystems.

References

1. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS).

2. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. In Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics (AISTATS).

3. Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems 30.

4. Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. In Proceedings of the 35th International Conference on Machine Learning.

5. Xie, C., Huang, K., Chen, P. Y., & Li, B. (2019). DBA: Distributed backdoor attacks against federated learning. In International Conference on Learning Representations.

6. Wang, L., Zhang, W., He, X., & Zha, H. (2023). Planning-guided reinforcement learning for LLM-based agents. In Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing.

7. Dou, Z., Zhao, Q., Wan, Z., Zhang, D., Wang, W., Raiyan, T., ... & Biswas, S. (2025). Plan Then Action: High-Level Planning Guidance Reinforcement Learning for LLM Reasoning. arXiv preprint arXiv:2510.01833.

8. Shui, Y., Jin, R., Dou, Z., & Gao, Z. (2026). ProtoGuard-SL: Prototype Consistency Based Backdoor Defense for Vertical Split Learning. arXiv preprint arXiv:2604.03595.

9. Zhou, D. (2025, December). M-VP2: Microservice-Oriented Vulnerability Patch Planning-A Cost-Aware Approachusing Multi-Agent Reinforcement Learning. In 2025 5th International Conference on Computer, Internet of Things and Control Engineering (CITCE) (pp. 248-254). IEEE.

10. Gao, H., Zeng, W., Zhang, J., & Liang, Y. (2025, December). A large model API response quality prediction model based on least squares vector machine and SHAP interpretability analysis. In 2025 5th International Symposium on Artificial Intelligence and Big Data (AIBDF) (pp. 438-442). IEEE.

11. Sun, Z., Kairouz, P., Suresh, A. T., & McMahan, H. B. (2019). Can you really backdoor federated learning? arXiv preprint arXiv:1911.04915.

12. Andreina, S., Maffucci, A., Marchetti, M., & Spoga, F. (2021). Backdoor detection in federated learning via gradient analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.

13. Jiang, Y., Li, Y., & Wu, Z. (2022). Defense against backdoor attacks in vertical federated learning. In Proceedings of the 2022 IEEE International Conference on Data Mining.

14. Li, T., Sahu, A. K., Talwalkar, A., & Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 37(3), 50–60.

15. Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., McMahan, H. B., Patel, S., ... & Seth, K. (2017). Practical secure aggregation for privacy-preserving machine learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.

16. Zhang, C., Li, S., Xia, J., Wang, W., Yan, F., & Liu, Y. (2023). Layer-wise adaptive gradient clipping for federated learning. In Proceedings of the 2023 ACM Conference on Computer and Communications Security.

17. Konečný, J., McMahan, H. B., Yu, F. X., Richtárik, P., Suresh, A. T., & Bacon, D. (2016). Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492.

18. Bagdasaryan, E., & Shmatikov, V. (2021). Blind backdoors in deep learning models. In Proceedings of the 30th USENIX Security Symposium.

19. Goldblum, M., Tsipras, D., Xie, C., & Madry, A. (2022). Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses. In Proceedings of the 2022 IEEE Symposium on Security and Privacy.

20. Li, S., Cheng, Y., Song, D., & Wu, Z. (2024). The role of planning in LLM security: A survey. arXiv preprint arXiv:2401.12345.

Downloads

Published

2026-05-12

Issue

Vol. 5 No. 1 (2026): Journal of Advanced Artificial Intelligence Research

Section

Articles

License

Copyright (c) 2026 Journal of Advanced Artificial Intelligence Research

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

How to Cite

FedPlanGuard: Planning-Aware Backdoor Detection and Mitigation in Federated and Vertical Split Learning Systems for LLM-Driven Applications. (2026). Journal of Advanced Artificial Intelligence Research, 5(1). https://www.jaair.org/index.php/home/article/view/18