Xueluan Gong
Abstract
The federated learning framework is designed for massively distributed training of deep learning models among thousands of participants without compromising the privacy of their training datasets. The training dataset across participants usually has heterogeneous data distributions. Besides, the central server aggregates the updates provided by different parties, but has no visibility into how such updates are created. The inherent characteristics of federated learning may incur a severe security concern. The malicious participants can upload poisoned updates to introduce backdoored functionality into the global model, in which the backdoored global model will misclassify all the malicious images (i.e., attached with the backdoor trigger) into a false label but will behave normally in the absence of the backdoor trigger. In this work, we present a comprehensive review of the state-of-the-art backdoor attacks and defenses in federated learning. We classify the existing backdoor attacks into two categories: data poisoning attacks and model poisoning attacks, and divide the defenses into anomaly updates detection, robust federated training, and backdoored model restoration. We give a detailed comparison of both attacks and defenses through experiments. Lastly, we pinpoint a variety of potential future directions of both backdoor attacks and defenses in the framework of federated learning.
- [1] , “A Crowdsourcing Framework for On-Device Federated Learning,” IEEE Trans. Wireless Commun., vol. 19, no. 5, 2020, pp. 3241–56.Google Scholar
Cross Ref
- [2] , “Blockchain-Based Federated Learning for Device Failure Detection in Industrial IoT,” IEEE Internet of Things J., vol. 8, no. 7, 2020, pp. 5926–37.Google ScholarCross Ref
- [3] , “Federated Learning Meets Blockchain in Edge Computing: Opportunities and Challenges,” IEEE Internet of Things J., 2021.Google Scholar
- [4] , “Attack of the Tails: Yes, You Really Can Backdoor Federated Learning,” Proc. Annual Conf. Neural Information Processing Systems, 2020.Google Scholar
- [5] , “DBA: Distributed Backdoor Attacks Against Federated Learning,” Proc. Int'l. Conf. Learning Representations, 2019.Google Scholar
- [6] , “How to Backdoor Federated Learning,” Proc. Int'l. Conf. Artificial Intelligence and Statistic, 2020, pp. 2938–48.Google Scholar
- [7] , “Analyzing Federated Learning Through an Adversarial Lens,” Proc. Int'l. Conf. Machine Learning, vol. 97.
PMLR , 2019, pp. 634–43.Google Scholar - [8] , “Local Model Poisoning Attacks to Byzan-tine-Robust Federated Learning,” Proc. USENIX Security Symposium, 2020, pp. 1605–22.Google Scholar
- [9] , “Mitigating Sybils in Federated Learning Poisoning,” arXiv preprint arXiv:1808.04866, 2018.Google Scholar
- [10] , “Learning to detect malicious clients for robust federated learning,” arXiv preprint arXiv:2002.00211, 2020.Google Scholar
- [11] , “Flguard: Secure and Private Federated Learning,” IACR Cryptology ePrint Archive, 2021.Google Scholar
- [12] , “Can You Really Backdoor Federated Learning?” Proc. Annual Conf. Neural Information Processing Systems, 2020.Google Scholar
- [13] , “BaFFLe: Backdoor Detection via Feedback-Based Federated learning,” Proc. IEEE lnt”. Conf. Distributed Computing Systems, 2021.Google Scholar
- [14] , “Mitigating Backdoor Attacks in Federated learning,” arXiv preprint arXiv:2011.01767, 2020.Google Scholar
- [15] , “CRFL: Certifiably Robust Federated learning Against Backdoor Attacks,” Proc. lnt'l. Conf. Machine Learning, vol. 139.
PMLR , 2021, pp. 11,372–82.Google Scholar
Recommendations
Federated learning attack surface: taxonomy, cyber defences, challenges, and future directions
AbstractFederated learning (FL) has received a great deal of research attention in the context of privacy protection restrictions. By jointly training deep learning models, a variety of training tasks can be competently performed with the help of invited ...
Backdoor attacks and defenses in federated learning: Survey, challenges and future research directions
AbstractFederated learning (FL) is an approach within the realm of machine learning (ML) that allows the use of distributed data without compromising personal privacy. In FL, it becomes evident that the training data among participants frequently exhibit ...
Comments