Related papers: Tracing Back the Malicious Clients in Poisoning Attacks to Federated Learning

Tracing Back the Malicious Clients in Poisoning Attacks to Federated Learning

URL: http://arxiv.org/abs/2407.07221v1
Date: Tue, 9 Jul 2024 20:35:36 GMT
Title: Tracing Back the Malicious Clients in Poisoning Attacks to Federated Learning
Authors: Yuqi Jia, Minghong Fang, Hongbin Liu, Jinghuai Zhang, Neil Zhenqiang Gong,
Abstract summary: Poisoning attacks compromise the training phase of federated learning. We propose FLForensics, the first poison-forensics method for FL. We show that FLForensics can accurately distinguish between benign and malicious clients.
Score: 37.44282882698999
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Poisoning attacks compromise the training phase of federated learning (FL) such that the learned global model misclassifies attacker-chosen inputs called target inputs. Existing defenses mainly focus on protecting the training phase of FL such that the learnt global model is poison free. However, these defenses often achieve limited effectiveness when the clients' local training data is highly non-iid or the number of malicious clients is large, as confirmed in our experiments. In this work, we propose FLForensics, the first poison-forensics method for FL. FLForensics complements existing training-phase defenses. In particular, when training-phase defenses fail and a poisoned global model is deployed, FLForensics aims to trace back the malicious clients that performed the poisoning attack after a misclassified target input is identified. We theoretically show that FLForensics can accurately distinguish between benign and malicious clients under a formal definition of poisoning attack. Moreover, we empirically show the effectiveness of FLForensics at tracing back both existing and adaptive poisoning attacks on five benchmark datasets.

Related papers

Model Poisoning Attacks to Federated Learning via Multi-Round Consistency [42.132028389365075]
We propose PoisonedFL, which enforces multi-round consistency among the malicious clients' model updates. Our empirical evaluation on five benchmark datasets shows that PoisonedFL breaks eight state-of-the-art defenses and outperforms seven existing model poisoning attacks.
arXiv Detail & Related papers (2024-04-24T03:02:21Z)
Securing NextG Systems against Poisoning Attacks on Federated Learning: A Game-Theoretic Solution [9.800359613640763]
This paper studies the poisoning attack and defense interactions in a federated learning (FL) system. FL collectively trains a global model without the need for clients to exchange their data samples. The presence of malicious clients introduces the risk of poisoning the training data to manipulate the global model through falsified local model exchanges.
arXiv Detail & Related papers (2023-12-28T17:52:21Z)
FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning [98.43475653490219]
Federated learning (FL) is susceptible to poisoning attacks. FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain. We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
arXiv Detail & Related papers (2023-12-07T16:56:24Z)
FLCert: Provably Secure Federated Learning against Poisoning Attacks [67.8846134295194]
We propose FLCert, an ensemble federated learning framework that is provably secure against poisoning attacks. Our experiments show that the label predicted by our FLCert for a test input is provably unaffected by a bounded number of malicious clients.
arXiv Detail & Related papers (2022-10-02T17:50:04Z)
Accumulative Poisoning Attacks on Real-time Data [56.96241557830253]
We show that a well-designed but straightforward attacking strategy can dramatically amplify the poisoning effects. Our work validates that a well-designed but straightforward attacking strategy can dramatically amplify the poisoning effects.
arXiv Detail & Related papers (2021-06-18T08:29:53Z)
Provable Defense Against Delusive Poisoning [64.69220849669948]
We show that adversarial training can be a principled defense method against delusive poisoning. This implies that adversarial training can be a principled defense method against delusive poisoning.
arXiv Detail & Related papers (2021-02-09T09:19:47Z)
Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching [56.280018325419896]
Data Poisoning attacks modify training data to maliciously control a model trained on such data. We analyze a particularly malicious poisoning attack that is both "from scratch" and "clean label" We show that it is the first poisoning method to cause targeted misclassification in modern deep networks trained from scratch on a full-sized, poisoned ImageNet dataset.
arXiv Detail & Related papers (2020-09-04T16:17:54Z)
Data Poisoning Attacks Against Federated Learning Systems [8.361127872250371]
Federated learning (FL) is an emerging paradigm for distributed training of large-scale deep neural networks. We study targeted data poisoning attacks against FL systems in which a malicious subset of the participants aim to poison the global model. We propose a defense strategy that can help identify malicious participants in FL to circumvent poisoning attacks.
arXiv Detail & Related papers (2020-07-16T16:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.