Meta Federated Learning

• URL: http://arxiv.org/abs/2102.05561v1
• Date: Wed, 10 Feb 2021 16:48:32 GMT
• Title: Meta Federated Learning
• Authors: Omid Aramoon, Pin-Yu Chen, Gang Qu, Yuan Tian
• Abstract summary: Federated Learning (FL) is vulnerable to training time adversarial attacks. We propose Meta Federated Learning ( Meta-FL) which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks.
• Score: 57.52103907134841
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Due to its distributed methodology alongside its privacy-preserving features, Federated Learning (FL) is vulnerable to training time adversarial attacks. In this study, our focus is on backdoor attacks in which the adversary's goal is to cause targeted misclassifications for inputs embedded with an adversarial trigger while maintaining an acceptable performance on the main learning task at hand. Contemporary defenses against backdoor attacks in federated learning require direct access to each individual client's update which is not feasible in recent FL settings where Secure Aggregation is deployed. In this study, we seek to answer the following question, Is it possible to defend against backdoor attacks when secure aggregation is in place?, a question that has not been addressed by prior arts. To this end, we propose Meta Federated Learning (Meta-FL), a novel variant of federated learning which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks. We perform a systematic evaluation of Meta-FL on two classification datasets: SVHN and GTSRB. The results show that Meta-FL not only achieves better utility than classic FL, but also enhances the performance of contemporary defenses in terms of robustness against adversarial attacks.

Related papers

• Non-Cooperative Backdoor Attacks in Federated Learning: A New Threat Landscape [7.00762739959285]
  Federated Learning (FL) for privacy-preserving model training remains susceptible to backdoor attacks. This research emphasizes the critical need for robust defenses against diverse backdoor attacks in the evolving FL landscape.
  arXiv  Detail & Related papers  (2024-07-05T22:03:13Z)
• EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
  Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
  arXiv  Detail & Related papers  (2024-05-21T06:14:49Z)
• Learning to Backdoor Federated Learning [9.046972927978997]
  In a federated learning (FL) system, malicious participants can easily embed backdoors into the aggregated model. We propose a general reinforcement learning-based backdoor attack framework. Our framework is both adaptive and flexible and achieves strong attack performance and durability even under state-of-the-art defenses.
  arXiv  Detail & Related papers  (2023-03-06T17:47:04Z)
• Revisiting Personalized Federated Learning: Robustness Against Backdoor Attacks [53.81129518924231]
  We conduct the first study of backdoor attacks in the pFL framework. We show that pFL methods with partial model-sharing can significantly boost robustness against backdoor attacks. We propose a lightweight defense method, Simple-Tuning, which empirically improves defense performance against backdoor attacks.
  arXiv  Detail & Related papers  (2023-02-03T11:58:14Z)
• FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning [66.56240101249803]
  We study how hardening benign clients can affect the global model (and the malicious clients) We propose a trigger reverse engineering based defense and show that our method can achieve improvement with guarantee robustness. Our results on eight competing SOTA defense methods show the empirical superiority of our method on both single-shot and continuous FL backdoor attacks.
  arXiv  Detail & Related papers  (2022-10-23T22:24:03Z)
• Defending Label Inference and Backdoor Attacks in Vertical Federated Learning [11.319694528089773]
  In collaborative learning, curious parities might be honest but are attempting to infer other parties' private data through inference attacks. In this paper, we show that private labels can be reconstructed from per-sample gradients. We introduce a novel technique termed confusional autoencoder (CoAE) based on autoencoder and entropy regularization.
  arXiv  Detail & Related papers  (2021-12-10T09:32:09Z)
• RoFL: Attestable Robustness for Secure Federated Learning [59.63865074749391]
  Federated Learning allows a large number of clients to train a joint model without the need to share their private data. To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation. We present RoFL, a secure Federated Learning system that improves robustness against malicious clients.
  arXiv  Detail & Related papers  (2021-07-07T15:42:49Z)
• Universal Adversarial Training with Class-Wise Perturbations [78.05383266222285]
  adversarial training is the most widely used method for defending against adversarial attacks. In this work, we find that a UAP does not attack all classes equally. We improve the SOTA UAT by proposing to utilize class-wise UAPs during adversarial training.
  arXiv  Detail & Related papers  (2021-04-07T09:05:49Z)
• Dynamic backdoor attacks against federated learning [0.5482532589225553]
  Federated Learning (FL) is a new machine learning framework, which enables millions of participants to collaboratively train model without compromising data privacy and security. In this paper, we focus on dynamic backdoor attacks under FL setting, where the goal of the adversary is to reduce the performance of the model on targeted tasks. To the best of our knowledge, this is the first paper that focus on dynamic backdoor attacks research under FL setting.
  arXiv  Detail & Related papers  (2020-11-15T01:32:58Z)
• Defending against Backdoors in Federated Learning with Robust Learning Rate [25.74681620689152]
  Federated learning (FL) allows a set of agents to collaboratively train a model without sharing their potentially sensitive data. In a backdoor attack, an adversary tries to embed a backdoor functionality to the model during training that can later be activated to cause a desired misclassification. We propose a lightweight defense that requires minimal change to the FL protocol.
  arXiv  Detail & Related papers  (2020-07-07T23:38:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.