Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Filters
























1,873 Hits in 5.0 sec

Detecting Byzantine Attacks Without Clean Reference

Ruohan Cao, Tan F. Wong, Tiejun Lv, Hui Gao, Shaoshi Yang
2016 IEEE Transactions on Information Forensics and Security  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.1 MB)
https://web.archive.org/web/20191013184318/https://arxiv.org/pdf/1607.05332v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2016 pre-print arXiv:1607.05332v1 fatcat:wt5muxfvk5bypfximhefk7s3vy
Note that every symbol received by the destination may be altered, and hence no clean reference observation is available to the destination.  ...  For this network, we identify a large family of Byzantine attacks that can be detected in the physical layer.  ...  It is also possible to detect Byzantine attacks without assuming any prior shared secret in certain network scenarios, where a "clean" reference is available for attack detection.  ... 
doi:10.1109/tifs.2016.2596140 fatcat:wmeowfwrzfes5d6h7qrsiybfva
Multiple Versions
Citation

Ruohan Cao, Tan F. Wong, Tiejun Lv, Hui Gao, Shaoshi Yang. "Detecting Byzantine Attacks Without Clean Reference." IEEE Transactions on Information Forensics and Security 11.12 (2016) 2717-2731

Challenges and Approaches for Mitigating Byzantine Attacks in Federated Learning [article]

Junyu Shi and Wei Wan and Shengshan Hu and Jianrong Lu and Leo Yu Zhang
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (743.5 kB)
https://web.archive.org/web/20221011113109/https://arxiv.org/pdf/2112.14468v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Other Versions

2021 pre-print
arXiv:2112.14468v1 fatcat:xn7ckfg6fzajrnilpspcka4kn4
Then we propose a new byzantine attack method called weight attack to defeat those defense schemes, and conduct experiments to demonstrate its threat.  ...  Finally, we indicate possible countermeasures for weight attack, and highlight several challenges and future research directions for mitigating byzantine attacks in FL.  ...  As a comparison, we also consider the case without attackers.  ... 
arXiv:2112.14468v2 fatcat:wle6xkoeqrfbtdjb6ofe7iovie
Open Access Multiple Versions
Citation

Junyu Shi and Wei Wan and Shengshan Hu and Jianrong Lu and Leo Yu Zhang. "Challenges and Approaches for Mitigating Byzantine Attacks in Federated Learning." arXiv (2022)

Robust and Privacy-Preserving Collaborative Learning: A Comprehensive Survey [article]

Shangwei Guo, Xu Zhang, Fei Yang, Tianwei Zhang, Yan Gan, Tao Xiang, Yang Liu
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20211228051834/https://arxiv.org/pdf/2112.10183v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

In an organized way, we then detail the existing integrity and privacy attacks as well as their defenses.  ...  Since the poisoned images are mislabeled, unclean label attacks can be easily detected by simple data filtering or human inspection [102] . Therefore, clean label stand-alone backdoor is proposed.  ...  TABLE I TAXONOMY I OF BYZANTINE AND BACKDOOR ATTACKS.  ... 
arXiv:2112.10183v1 fatcat:ujfz4a5mdrhsbk4kiqoqo2snfe
Citation

Shangwei Guo, Xu Zhang, Fei Yang, Tianwei Zhang, Yan Gan, Tao Xiang, Yang Liu. "Robust and Privacy-Preserving Collaborative Learning: A Comprehensive Survey." arXiv (2021)

FLDetector: Defending Federated Learning Against Model Poisoning Attacks via Detecting Malicious Clients [article]

Zaixi Zhang, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20221031213045/https://arxiv.org/pdf/2207.09209v4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Other Versions

2022 pre-print
arXiv:2207.09209v1 fatcat:nw7ofqmfwndoljjtskhxznma6y
2022 pre-print
arXiv:2207.09209v2 fatcat:2t2n2rablvd7jntkgyrww3f5u4
2022 pre-print
arXiv:2207.09209v3 fatcat:ovgiuefmq5gh7o23q7citmjp6e
FLDetector aims to detect and remove the majority of the malicious clients such that a Byzantine-robust FL method can learn an accurate global model using the remaining clients.  ...  After removing the detected malicious clients, existing Byzantine-robust FL methods can learn accurate global models.Our code is available at https://github.com/zaixizhang/FLDetector.  ...  First, FLDetector addresses the limitations of existing detection methods such as the requirement of clean validation datasets.  ... 
arXiv:2207.09209v4 fatcat:hvjwl5msebhavim5s45tjqcsia
Open Access Multiple Versions
Citation

Zaixi Zhang, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong. "FLDetector: Defending Federated Learning Against Model Poisoning Attacks via Detecting Malicious Clients." arXiv (2022)

A Game-Theoretic Approach for Robust Federated Learning

2021 International Journal of Engineering  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.4 MB)
https://web.archive.org/web/20210430094627/http://www.ije.ir/article_127844_8c2086b7cdfaf7acfdb4c7a34c81f582.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

In this paper, we explore the threat of poisoning attacks and introduce a game-based robust federated averaging algorithm to detect and discard bad updates provided by the clients.  ...  Federated learning techniques are considerably vulnerable to poisoning attacks.  ...  Authors in [8] proposed a byzantine-robust aggregation algorithm, referred to as KRUM, which is based on the similarity of the client updates.  ... 
doi:10.5829/ije.2021.34.04a.09 fatcat:czvb2lifwfbkrjuiwry5mcgdna
Citation

"A Game-Theoretic Approach for Robust Federated Learning." International Journal of Engineering (2021)

Zeno++: Robust Fully Asynchronous SGD [article]

Cong Xie, Sanmi Koyejo, Indranil Gupta
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (640.9 kB)
https://web.archive.org/web/20210512111719/https://arxiv.org/pdf/1903.07020v5.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1903.07020v3 fatcat:d3jp7hqxlnbuzlavebut7lsygq
2019 pre-print
arXiv:1903.07020v2 fatcat:vz54dtqksfg6pknf4jt26c7z5a
2019 pre-print
arXiv:1903.07020v4 fatcat:einirl5fijezfc6jamtsm23yxu
2019 pre-print
arXiv:1903.07020v1 fatcat:6iqzqd34rzhuhpjlaop3u3eiwu
We propose Zeno++, a new robust asynchronous Stochastic Gradient Descent~(SGD) procedure which tolerates Byzantine failures of the workers.  ...  We prove the convergence of Zeno++ for non-convex problems under Byzantine failures. Experimental results show that Zeno++ outperforms existing approaches.  ...  Baselines We use the asynchronous SGD without attacks as the gold standard, referred to as AsyncSGD without attack.  ... 
arXiv:1903.07020v5 fatcat:6cgsllyf75akdcgjuiza64xuny
Multiple Versions
Citation

Cong Xie, Sanmi Koyejo, Indranil Gupta. "Zeno++: Robust Fully Asynchronous SGD." arXiv (2021)

Privacy and Robustness in Federated Learning: Attacks and Defenses [article]

Lingjuan Lyu, Han Yu, Xingjun Ma, Chen Chen, Lichao Sun, Jun Zhao, Qiang Yang, Philip S. Yu
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.6 MB)
https://web.archive.org/web/20220124182618/https://arxiv.org/pdf/2012.06337v3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Other Versions

2020 pre-print
arXiv:2012.06337v1 fatcat:22kiznywhnernof5oyksktit24
2022 pre-print
arXiv:2012.06337v2 fatcat:6xafx45cxrgpffjmhwtes4qjve
Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy  ...  We highlight the intuitions, key techniques as well as fundamental assumptions adopted by various attacks and defenses.  ...  This makes them susceptible to poisoning attacks, as the adversary can make small but damaging changes in the highdimensional models without being detected.  ... 
arXiv:2012.06337v3 fatcat:f5aflxnsdrdcdf4kvoa6yzseqq
Open Access Multiple Versions
Citation

Lingjuan Lyu, Han Yu, Xingjun Ma, Chen Chen, Lichao Sun, Jun Zhao, Qiang Yang, Philip S. Yu. "Privacy and Robustness in Federated Learning: Attacks and Defenses." arXiv (2022)

FedInv: Byzantine-Robust Federated Learning by Inversing Local Model Updates

Bo Zhao, Peng Sun, Tao Wang, Keyu Jiang
2022 PROCEEDINGS OF THE THIRTIETH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE AND THE TWENTY-EIGHTH INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (3.4 MB)
https://web.archive.org/web/20220707052704/https://ojs.aaai.org/index.php/AAAI/article/download/20903/20662

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

However, the inaccessible local training data and uninspectable local training process make FL susceptible to various Byzantine attacks (e.g., data poisoning and model poisoning attacks), aiming to manipulate  ...  Most of the existing Byzantine-robust FL schemes cannot effectively defend against stealthy poisoning attacks that craft poisoned models statistically similar to benign models.  ...  Figure 3 : 3 Figure 2: Accuracies without Byzantine attacks. Figure 5 : 5 Figure 5: ASR versus backdoor sample percentage.  ... 
doi:10.1609/aaai.v36i8.20903 fatcat:4xahbrbqqnaa5dykg36k6wc2ye
Citation

Bo Zhao, Peng Sun, Tao Wang, Keyu Jiang. "FedInv: Byzantine-Robust Federated Learning by Inversing Local Model Updates." PROCEEDINGS OF THE THIRTIETH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE AND THE TWENTY-EIGHTH INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE 36.8 (2022) 9171-9179

Blades: A Unified Benchmark Suite for Byzantine Attacks and Defenses in Federated Learning [article]

Shenghui Li, Edith Ngai, Fanghua Ye, Li Ju, Tianru Zhang, Thiemo Voigt
2023 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.4 MB)
https://web.archive.org/web/20231020224244/https://arxiv.org/pdf/2206.05359v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2023 pre-print arXiv:2206.05359v2 fatcat:374iatancjd6rccnvk5onmv63q

Other Versions

2022 pre-print
arXiv:2206.05359v1 fatcat:rnker3i6tngj5kgmo5gihscv54
2023 pre-print
arXiv:2206.05359v3 fatcat:ozfst5vu4zhl7o6car66wnyzhm
Using Blades, we re-evaluate representative attacks and defenses on wide-ranging experimental configurations (approximately 1,500 trials in total).  ...  Despite the plethora of research focusing on Byzantine-resilient FL, the academic community has yet to establish a comprehensive benchmark suite, pivotal for impartial assessment and comparison of different  ...  Attacks at Level 2 and higher are referred to as "Byzantine attacks" [39] because the updates submitted by clients can be arbitrary.  ... 
arXiv:2206.05359v4 fatcat:72qkijaxpzf2tm4fv3bw4hkejq
Multiple Versions
Citation

Shenghui Li, Edith Ngai, Fanghua Ye, Li Ju, Tianru Zhang, Thiemo Voigt. "Blades: A Unified Benchmark Suite for Byzantine Attacks and Defenses in Federated Learning." arXiv (2023)

A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autoregression on Client Updates [article]

Gabriele Tolomei and Edoardo Gabrielli and Dimitri Belli and Vittorio Miori
2023 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.4 MB)
https://web.archive.org/web/20230330212152/https://arxiv.org/pdf/2303.16668v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL. The file type is application/pdf.

In this work, we propose FLANDERS, a novel federated learning (FL) aggregation scheme robust to Byzantine attacks.  ...  Furthermore, FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.  ...  series anomaly detection.  ... 
arXiv:2303.16668v1 fatcat:ogkvik5oyveyzkzwgh2m5vpx44
Citation

Gabriele Tolomei and Edoardo Gabrielli and Dimitri Belli and Vittorio Miori. "A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autoregression on Client Updates." arXiv (2023)

A Survey of Trustworthy Federated Learning with Perspectives on Security, Robustness, and Privacy [article]

Yifei Zhang, Dun Zeng, Jinglong Luo, Zenglin Xu, Irwin King
2023 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.2 MB)
https://web.archive.org/web/20230303084525/https://arxiv.org/pdf/2302.10637v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL. The file type is application/pdf.

Adversarial attacks against data privacy, learning algorithm stability, and system confidentiality are particularly concerning in the context of distributed training in federated learning.  ...  Hence, previously discussed robust aggregation methods and Byzantine detection schemes could defend against backdoor attacks to some extent.  ...  Recently, BytoChain [121] introduces a Byzantine resistant secure blockchained federated learning framework, which executes heavy verification workflows in parallel and detects byzantine attacks through  ... 
arXiv:2302.10637v1 fatcat:yeqkzgz6krhxnpsgeqrvitrz4u
Citation

Yifei Zhang, Dun Zeng, Jinglong Luo, Zenglin Xu, Irwin King. "A Survey of Trustworthy Federated Learning with Perspectives on Security, Robustness, and Privacy." arXiv (2023)

Trustworthy Distributed AI Systems: Robustness, Privacy, and Governance [article]

Wenqi Wei, Ling Liu
2024 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20240206071434/https://arxiv.org/pdf/2402.01096v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2024; you can also visit the original URL. The file type is application/pdf.

Byzantine attacks, and irregular data distribution during training; (2) privacy protection during distributed learning and model inference at deployment; and (3) AI fairness and governance with respect  ...  Then we provide a unique taxonomy of countermeasures for trustworthy distributed AI, covering (1) robustness to evasion attacks and irregular queries at inference, and robustness to poisoning attacks,  ...  explicit detection [24] , (2) Auto-detection without auto-repair [25, 26] , and (3) Auto-detect followed by auto-repair [27] .  ... 
arXiv:2402.01096v1 fatcat:r6h3ciftzzcsvfu76wjmj5e3pm
Open Access
Citation

Wenqi Wei, Ling Liu. "Trustworthy Distributed AI Systems: Robustness, Privacy, and Governance." arXiv (2024)

From Byzantine fault tolerance to intrusion tolerance (a position paper)

Alysson Neves Bessani
2011 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (88.9 kB)
https://web.archive.org/web/20170311195422/http://wraits11.di.fc.ul.pt/papers/bessani-bft2it.PDF

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Although the implementation of these systems usually requires the use of Byzantine fault-tolerant (BFT) protocols, they are not a complete solution.  ...  to clean the intrusion.  ...  To deal with these vulnerabilities it is necessary to increment the replicated system with a synchronous subsystem capable of triggering timely recoveries without interference of attackers [13] .  ... 
doi:10.1109/dsnw.2011.5958857 dblp:conf/dsn/Bessani11 fatcat:q32abxyp6feghij6k7rokekqa4
Citation

Alysson Neves Bessani. "From Byzantine fault tolerance to intrusion tolerance (a position paper)." 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W) (2011) 15-18

FairLedger: A Fair Blockchain Protocol for Financial Institutions

Kfir Lev-Ari, Alexander Spiegelman, Idit Keidar, Dahlia Malkhi, Michael Wagner
2020 International Conference on Principles of Distributed Systems  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (599.5 kB)
https://web.archive.org/web/20201211063134/https://drops.dagstuhl.de/opus/volltexte/2020/11790/pdf/LIPIcs-OPODIS-2019-4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Our secret sauce is a new communication abstraction called detectable all-to-all (DA2A), which allows us to detect players (byzantine or rational) that deviate from the protocol and punish them.  ...  A key component in permissioned blockchain protocols is a byzantine fault tolerant (BFT) consensus engine that orders transactions.  ...  Our protocol features the first byzantine fault-tolerant consensus engine to ensure fairness when all players are rational. It is also simple to understand and implement.  ... 
doi:10.4230/lipics.opodis.2019.4 dblp:conf/opodis/Lev-AriSKM19 fatcat:xuglrze6znfzhgox7qv56diaxy
Citation

Kfir Lev-Ari, Alexander Spiegelman, Idit Keidar, Dahlia Malkhi, Michael Wagner. "FairLedger: A Fair Blockchain Protocol for Financial Institutions." International Conference on Principles of Distributed Systems (2020) 4:1-4:17

A Survey on Secure and Private Federated Learning Using Blockchain: Theory and Application in Resource-constrained Computing [article]

Ervin Moore, Ahmed Imteaj, Shabnam Rezapour, M. Hadi Amini
2023 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.3 MB)
https://web.archive.org/web/20230327080908/https://arxiv.org/pdf/2303.13727v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL. The file type is application/pdf.

FL enables efficient model generation from local data storage of the edge devices without revealing the sensitive data to any entities.  ...  Further, we extensively analyze the cyber threats that could be observed in a resource-constrained FL environment, and how blockchain can play a key role to block those cyber attacks.  ...  pattern appears, the model predicts the target label, otherwise, behaves normally[33].Backdoor attacks are also referred to as Trojan attacks.Adversaries inject clean or dirty backdoor updates into data  ... 
arXiv:2303.13727v1 fatcat:nwrlxlmvfjcaldvfoamyxe4tfu
Open Access
Citation

Ervin Moore, Ahmed Imteaj, Shabnam Rezapour, M. Hadi Amini. "A Survey on Secure and Private Federated Learning Using Blockchain: Theory and Application in Resource-constrained Computing." arXiv (2023)

« Previous Showing results 1 — 15 out of 1,873 results