Detection and Prevention Against Poisoning Attacks in Federated Learning

• URL: http://arxiv.org/abs/2210.14944v1
• Date: Mon, 24 Oct 2022 11:28:01 GMT
• Title: Detection and Prevention Against Poisoning Attacks in Federated Learning
• Authors: Viktor Valadi, Madeleine Englund, Mark Spanier, Austin O'brien
• Abstract summary: This paper proposes and investigates a new approach for detecting and preventing several different types of poisoning attacks. By comparing each client's accuracy to all clients' average accuracy, AADD detect clients with an accuracy deviation. The proposed implementation shows promising results in detecting poisoned clients and preventing the global model's accuracy from deteriorating.
• Score: 0.0
• License: http://creativecommons.org/publicdomain/zero/1.0/
• Abstract: This paper proposes and investigates a new approach for detecting and preventing several different types of poisoning attacks from affecting a centralized Federated Learning model via average accuracy deviation detection (AADD). By comparing each client's accuracy to all clients' average accuracy, AADD detect clients with an accuracy deviation. The implementation is further able to blacklist clients that are considered poisoned, securing the global model from being affected by the poisoned nodes. The proposed implementation shows promising results in detecting poisoned clients and preventing the global model's accuracy from deteriorating.

Related papers

• Runtime Backdoor Detection for Federated Learning via Representational Dissimilarity Analysis [24.56608572464567]
  Federated learning (FL) trains a shared model by aggregating model updates from distributed clients. The decoupling of model learning from local data makes FL highly vulnerable to backdoor attacks. We propose a novel approach to detecting malicious clients in an accurate, stable, and efficient manner.
  arXiv  Detail & Related papers  (2025-03-06T14:23:18Z)
• Gradient Purification: Defense Against Poisoning Attack in Decentralized Federated Learning [21.99122382358776]
  gradient purification defense, named GPD, integrates seamlessly with existing DFL aggregation to defend against poisoning attacks. It aims to mitigate the harm in model gradients while retaining the benefit in model weights for enhancing accuracy. It significantly outperforms state-of-the-art defenses in terms of accuracy against various poisoning attacks.
  arXiv  Detail & Related papers  (2025-01-08T12:14:00Z)
• Unlearnable Examples Detection via Iterative Filtering [84.59070204221366]
  Deep neural networks are proven to be vulnerable to data poisoning attacks. It is quite beneficial and challenging to detect poisoned samples from a mixed dataset. We propose an Iterative Filtering approach for UEs identification.
  arXiv  Detail & Related papers  (2024-08-15T13:26:13Z)
• Mitigating Malicious Attacks in Federated Learning via Confidence-aware Defense [3.685395311534351]
  Federated Learning (FL) is a distributed machine learning diagram that enables multiple clients to collaboratively train a global model without sharing their private local data. FL systems are vulnerable to attacks that are happening in malicious clients through data poisoning and model poisoning. Existing defense methods typically focus on mitigating specific types of poisoning and are often ineffective against unseen types of attack.
  arXiv  Detail & Related papers  (2024-08-05T20:27:45Z)
• BoBa: Boosting Backdoor Detection through Data Distribution Inference in Federated Learning [26.714674251814586]
  Federated learning is susceptible to poisoning attacks due to its decentralized nature. We propose a novel distribution-aware anomaly detection mechanism, BoBa, to address this problem.
  arXiv  Detail & Related papers  (2024-07-12T19:38:42Z)
• FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning [98.43475653490219]
  Federated learning (FL) is susceptible to poisoning attacks. FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain. We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
  arXiv  Detail & Related papers  (2023-12-07T16:56:24Z)
• FLTracer: Accurate Poisoning Attack Provenance in Federated Learning [38.47921452675418]
  Federated Learning (FL) is a promising distributed learning approach that enables multiple clients to collaboratively train a shared global model. Recent studies show that FL is vulnerable to various poisoning attacks, which can degrade the performance of global models or introduce backdoors into them. We propose FLTracer, the first FL attack framework to accurately detect various attacks and trace the attack time, objective, type, and poisoned location of updates.
  arXiv  Detail & Related papers  (2023-10-20T11:24:38Z)
• RECESS Vaccine for Federated Learning: Proactive Defense Against Model Poisoning Attacks [20.55681622921858]
  Model poisoning attacks greatly jeopardize the application of federated learning (FL) In this work, we propose a novel proactive defense named RECESS against model poisoning attacks. Unlike previous methods that score each iteration, RECESS considers clients' performance correlation across multiple iterations to estimate the trust score.
  arXiv  Detail & Related papers  (2023-10-09T06:09:01Z)
• FLCert: Provably Secure Federated Learning against Poisoning Attacks [67.8846134295194]
  We propose FLCert, an ensemble federated learning framework that is provably secure against poisoning attacks. Our experiments show that the label predicted by our FLCert for a test input is provably unaffected by a bounded number of malicious clients.
  arXiv  Detail & Related papers  (2022-10-02T17:50:04Z)
• MPAF: Model Poisoning Attacks to Federated Learning based on Fake Clients [51.973224448076614]
  We propose the first Model Poisoning Attack based on Fake clients called MPAF. MPAF can significantly decrease the test accuracy of the global model, even if classical defenses and norm clipping are adopted.
  arXiv  Detail & Related papers  (2022-03-16T14:59:40Z)
• Leveraging Unlabeled Data to Predict Out-of-Distribution Performance [63.740181251997306]
  Real-world machine learning deployments are characterized by mismatches between the source (training) and target (test) distributions. In this work, we investigate methods for predicting the target domain accuracy using only labeled source data and unlabeled target data. We propose Average Thresholded Confidence (ATC), a practical method that learns a threshold on the model's confidence, predicting accuracy as the fraction of unlabeled examples.
  arXiv  Detail & Related papers  (2022-01-11T23:01:12Z)
• How Robust are Randomized Smoothing based Defenses to Data Poisoning? [66.80663779176979]
  We present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality. We propose a novel bilevel optimization-based data poisoning attack that degrades the robustness guarantees of certifiably robust classifiers. Our attack is effective even when the victim trains the models from scratch using state-of-the-art robust training methods.
  arXiv  Detail & Related papers  (2020-12-02T15:30:21Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.