Non-Cooperative Backdoor Attacks in Federated Learning: A New Threat Landscape

• URL: http://arxiv.org/abs/2407.07917v1
• Date: Fri, 5 Jul 2024 22:03:13 GMT
• Title: Non-Cooperative Backdoor Attacks in Federated Learning: A New Threat Landscape
• Authors: Tuan Nguyen, Dung Thuy Nguyen, Khoa D Doan, Kok-Seng Wong,
• Abstract summary: Federated Learning (FL) for privacy-preserving model training remains susceptible to backdoor attacks. This research emphasizes the critical need for robust defenses against diverse backdoor attacks in the evolving FL landscape.
• Score: 7.00762739959285
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Despite the promise of Federated Learning (FL) for privacy-preserving model training on distributed data, it remains susceptible to backdoor attacks. These attacks manipulate models by embedding triggers (specific input patterns) in the training data, forcing misclassification as predefined classes during deployment. Traditional single-trigger attacks and recent work on cooperative multiple-trigger attacks, where clients collaborate, highlight limitations in attack realism due to coordination requirements. We investigate a more alarming scenario: non-cooperative multiple-trigger attacks. Here, independent adversaries introduce distinct triggers targeting unique classes. These parallel attacks exploit FL's decentralized nature, making detection difficult. Our experiments demonstrate the alarming vulnerability of FL to such attacks, where individual backdoors can be successfully learned without impacting the main task. This research emphasizes the critical need for robust defenses against diverse backdoor attacks in the evolving FL landscape. While our focus is on empirical analysis, we believe it can guide backdoor research toward more realistic settings, highlighting the crucial role of FL in building robust defenses against diverse backdoor threats. The code is available at \url{https://anonymous.4open.science/r/nba-980F/}.

Related papers

• Does Few-shot Learning Suffer from Backdoor Attacks? [63.9864247424967]
  We show that few-shot learning can still be vulnerable to backdoor attacks. Our method demonstrates a high Attack Success Rate (ASR) in FSL tasks with different few-shot learning paradigms. This study reveals that few-shot learning still suffers from backdoor attacks, and its security should be given attention.
  arXiv  Detail & Related papers  (2023-12-31T06:43:36Z)
• On the Difficulty of Defending Contrastive Learning against Backdoor Attacks [58.824074124014224]
  We show how contrastive backdoor attacks operate through distinctive mechanisms. Our findings highlight the need for defenses tailored to the specificities of contrastive backdoor attacks.
  arXiv  Detail & Related papers  (2023-12-14T15:54:52Z)
• BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning [85.2564206440109]
  This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses. We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
  arXiv  Detail & Related papers  (2023-11-20T02:21:49Z)
• FTA: Stealthy and Adaptive Backdoor Attack with Flexible Triggers on Federated Learning [11.636353298724574]
  We propose a new stealthy and robust backdoor attack against federated learning (FL) defenses. We build a generative trigger function that can learn to manipulate benign samples with an imperceptible flexible trigger pattern. Our trigger generator can keep learning and adapt across different rounds, allowing it to adjust to changes in the global model.
  arXiv  Detail & Related papers  (2023-08-31T20:25:54Z)
• Backdoor Attack with Sparse and Invisible Trigger [57.41876708712008]
  Deep neural networks (DNNs) are vulnerable to backdoor attacks. backdoor attack is an emerging yet threatening training-phase threat. We propose a sparse and invisible backdoor attack (SIBA)
  arXiv  Detail & Related papers  (2023-05-11T10:05:57Z)
• Towards a Defense against Backdoor Attacks in Continual Federated Learning [26.536009090970257]
  We propose a novel framework for defending against backdoor attacks in the federated continual learning setting. Our framework trains two models in parallel: a backbone model and a shadow model. We show experimentally that our framework significantly improves upon existing defenses against backdoor attacks.
  arXiv  Detail & Related papers  (2022-05-24T03:04:21Z)
• On the Effectiveness of Adversarial Training against Backdoor Attacks [111.8963365326168]
  A backdoored model always predicts a target class in the presence of a predefined trigger pattern. In general, adversarial training is believed to defend against backdoor attacks. We propose a hybrid strategy which provides satisfactory robustness across different backdoor attacks.
  arXiv  Detail & Related papers  (2022-02-22T02:24:46Z)
• Meta Federated Learning [57.52103907134841]
  Federated Learning (FL) is vulnerable to training time adversarial attacks. We propose Meta Federated Learning ( Meta-FL) which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks.
  arXiv  Detail & Related papers  (2021-02-10T16:48:32Z)
• Dynamic backdoor attacks against federated learning [0.5482532589225553]
  Federated Learning (FL) is a new machine learning framework, which enables millions of participants to collaboratively train model without compromising data privacy and security. In this paper, we focus on dynamic backdoor attacks under FL setting, where the goal of the adversary is to reduce the performance of the model on targeted tasks. To the best of our knowledge, this is the first paper that focus on dynamic backdoor attacks research under FL setting.
  arXiv  Detail & Related papers  (2020-11-15T01:32:58Z)
• BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture [11.908715869667445]
  Federated Learning (FL) is a distributed, and decentralized machine learning protocol. It has been shown that an attacker can inject backdoors to the trained model during FL. We develop a hybrid blockchain-based FL framework that uses smart contracts to automatically detect, and punish the attackers.
  arXiv  Detail & Related papers  (2020-10-14T22:43:39Z)
• Defending against Backdoors in Federated Learning with Robust Learning Rate [25.74681620689152]
  Federated learning (FL) allows a set of agents to collaboratively train a model without sharing their potentially sensitive data. In a backdoor attack, an adversary tries to embed a backdoor functionality to the model during training that can later be activated to cause a desired misclassification. We propose a lightweight defense that requires minimal change to the FL protocol.
  arXiv  Detail & Related papers  (2020-07-07T23:38:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.