Simeon -- Secure Federated Machine Learning Through Iterative Filtering

• URL: http://arxiv.org/abs/2103.07704v1
• Date: Sat, 13 Mar 2021 12:17:47 GMT
• Title: Simeon -- Secure Federated Machine Learning Through Iterative Filtering
• Authors: Nicholas Malecki and Hye-young Paik and Aleksandar Ignjatovic and Alan Blair and Elisa Bertino
• Abstract summary: Federated learning enables a global machine learning model to be trained collaboratively by distributed, mutually non-trusting learning agents. A global model is distributed to clients, who perform training, and submit their newly-trained model to be aggregated into a superior model. A class of Byzantine-tolerant aggregation algorithms has emerged, offering varying degrees of robustness against these attacks. This paper presents Simeon: a novel approach to aggregation that applies a reputation-based iterative filtering technique.
• Score: 74.99517537968161
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated learning enables a global machine learning model to be trained collaboratively by distributed, mutually non-trusting learning agents who desire to maintain the privacy of their training data and their hardware. A global model is distributed to clients, who perform training, and submit their newly-trained model to be aggregated into a superior model. However, federated learning systems are vulnerable to interference from malicious learning agents who may desire to prevent training or induce targeted misclassification in the resulting global model. A class of Byzantine-tolerant aggregation algorithms has emerged, offering varying degrees of robustness against these attacks, often with the caveat that the number of attackers is bounded by some quantity known prior to training. This paper presents Simeon: a novel approach to aggregation that applies a reputation-based iterative filtering technique to achieve robustness even in the presence of attackers who can exhibit arbitrary behaviour. We compare Simeon to state-of-the-art aggregation techniques and find that Simeon achieves comparable or superior robustness to a variety of attacks. Notably, we show that Simeon is tolerant to sybil attacks, where other algorithms are not, presenting a key advantage of our approach.

Related papers

• FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning [98.43475653490219]
  Federated learning (FL) is susceptible to poisoning attacks. FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain. We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
  arXiv  Detail & Related papers  (2023-12-07T16:56:24Z)
• Enhancing Multiple Reliability Measures via Nuisance-extended Information Bottleneck [77.37409441129995]
  In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition. We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training. We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
  arXiv  Detail & Related papers  (2023-03-24T16:03:21Z)
• Resisting Adversarial Attacks in Deep Neural Networks using Diverse Decision Boundaries [12.312877365123267]
  Deep learning systems are vulnerable to crafted adversarial examples, which may be imperceptible to the human eye, but can lead the model to misclassify. We develop a new ensemble-based solution that constructs defender models with diverse decision boundaries with respect to the original model. We present extensive experimentations using standard image classification datasets, namely MNIST, CIFAR-10 and CIFAR-100 against state-of-the-art adversarial attacks.
  arXiv  Detail & Related papers  (2022-08-18T08:19:26Z)
• RelaxLoss: Defending Membership Inference Attacks without Losing Utility [68.48117818874155]
  We propose a novel training framework based on a relaxed loss with a more achievable learning target. RelaxLoss is applicable to any classification model with added benefits of easy implementation and negligible overhead. Our approach consistently outperforms state-of-the-art defense mechanisms in terms of resilience against MIAs.
  arXiv  Detail & Related papers  (2022-07-12T19:34:47Z)
• RobustFed: A Truth Inference Approach for Robust Federated Learning [9.316565110931743]
  Federated learning is a framework that enables clients to train a collaboratively global model under a central server's orchestration. The aggregation step in federated learning is vulnerable to adversarial attacks as the central server cannot manage clients' behavior. We propose a novel robust aggregation algorithm inspired by the truth inference methods in crowdsourcing.
  arXiv  Detail & Related papers  (2021-07-18T09:34:57Z)
• Dynamic Defense Against Byzantine Poisoning Attacks in Federated Learning [11.117880929232575]
  Federated learning is vulnerable to Byzatine poisoning adversarial attacks. We propose a dynamic aggregation operator that dynamically discards those adversarial clients. The results show that the dynamic selection of the clients to aggregate enhances the performance of the global learning model.
  arXiv  Detail & Related papers  (2020-07-29T18:02:11Z)
• Leveraging Siamese Networks for One-Shot Intrusion Detection Model [0.0]
  Supervised Machine Learning (ML) to enhance Intrusion Detection Systems has been the subject of significant research. retraining the models in-situ renders the network susceptible to attacks owing to the time-window required to acquire a sufficient volume of data. Here, a complementary approach referred to as 'One-Shot Learning', whereby a limited number of examples of a new attack-class is used to identify a new attack-class. A Siamese Network is trained to differentiate between classes based on pairs similarities, rather than features, allowing to identify new and previously unseen attacks.
  arXiv  Detail & Related papers  (2020-06-27T11:40:01Z)
• Learning to Generate Noise for Multi-Attack Robustness [126.23656251512762]
  Adversarial learning has emerged as one of the successful techniques to circumvent the susceptibility of existing methods against adversarial perturbations. In safety-critical applications, this makes these methods extraneous as the attacker can adopt diverse adversaries to deceive the system. We propose a novel meta-learning framework that explicitly learns to generate noise to improve the model's robustness against multiple types of attacks.
  arXiv  Detail & Related papers  (2020-06-22T10:44:05Z)
• Adversarial Self-Supervised Contrastive Learning [62.17538130778111]
  Existing adversarial learning approaches mostly use class labels to generate adversarial samples that lead to incorrect predictions. We propose a novel adversarial attack for unlabeled data, which makes the model confuse the instance-level identities of the perturbed data samples. We present a self-supervised contrastive learning framework to adversarially train a robust neural network without labeled data.
  arXiv  Detail & Related papers  (2020-06-13T08:24:33Z)
• Extending Adversarial Attacks to Produce Adversarial Class Probability Distributions [1.439518478021091]
  We show that we can approximate any probability distribution for the classes while maintaining a high fooling rate. Our results demonstrate that we can closely approximate any probability distribution for the classes while maintaining a high fooling rate.
  arXiv  Detail & Related papers  (2020-04-14T09:39:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.