Meta Stackelberg Game: Robust Federated Learning against Adaptive and Mixed Poisoning Attacks

• URL: http://arxiv.org/abs/2410.17431v1
• Date: Tue, 22 Oct 2024 21:08:28 GMT
• Title: Meta Stackelberg Game: Robust Federated Learning against Adaptive and Mixed Poisoning Attacks
• Authors: Tao Li, Henger Li, Yunian Pan, Tianyi Xu, Zizhan Zheng, Quanyan Zhu,
• Abstract summary: Federated learning (FL) is susceptible to a range of security threats. We develop an efficient meta-learning approach to solve the game, leading to a robust and adaptive FL defense.
• Score: 15.199885837603576
• License:
• Abstract: Federated learning (FL) is susceptible to a range of security threats. Although various defense mechanisms have been proposed, they are typically non-adaptive and tailored to specific types of attacks, leaving them insufficient in the face of multiple uncertain, unknown, and adaptive attacks employing diverse strategies. This work formulates adversarial federated learning under a mixture of various attacks as a Bayesian Stackelberg Markov game, based on which we propose the meta-Stackelberg defense composed of pre-training and online adaptation. {The gist is to simulate strong attack behavior using reinforcement learning (RL-based attacks) in pre-training and then design meta-RL-based defense to combat diverse and adaptive attacks.} We develop an efficient meta-learning approach to solve the game, leading to a robust and adaptive FL defense. Theoretically, our meta-learning algorithm, meta-Stackelberg learning, provably converges to the first-order $\varepsilon$-meta-equilibrium point in $O(\varepsilon^{-2})$ gradient iterations with $O(\varepsilon^{-4})$ samples per iteration. Experiments show that our meta-Stackelberg framework performs superbly against strong model poisoning and backdoor attacks of uncertain and unknown types.

Related papers

• Meta Invariance Defense Towards Generalizable Robustness to Unknown Adversarial Attacks [62.036798488144306]
  Current defense mainly focuses on the known attacks, but the adversarial robustness to the unknown attacks is seriously overlooked. We propose an attack-agnostic defense method named Meta Invariance Defense (MID) We show that MID simultaneously achieves robustness to the imperceptible adversarial perturbations in high-level image classification and attack-suppression in low-level robust image regeneration.
  arXiv  Detail & Related papers  (2024-04-04T10:10:38Z)
• Optimal Attack and Defense for Reinforcement Learning [11.36770403327493]
  In adversarial RL, an external attacker has the power to manipulate the victim agent's interaction with the environment. We show the attacker's problem of designing a stealthy attack that maximizes its own expected reward. We argue that the optimal defense policy for the victim can be computed as the solution to a Stackelberg game.
  arXiv  Detail & Related papers  (2023-11-30T21:21:47Z)
• A First Order Meta Stackelberg Method for Robust Federated Learning [19.130600532727062]
  This work models adversarial federated learning as a Bayesian Stackelberg Markov game (BSMG) We propose meta-Stackelberg learning (meta-SL), a provably efficient meta-learning algorithm, to solve the equilibrium strategy in BSMG. We demonstrate that meta-SL converges to the first-order $varepsilon$-equilibrium point in $O(varepsilon-2)$ gradient, with $O(varepsilon-4)$ samples needed per iteration.
  arXiv  Detail & Related papers  (2023-06-23T22:22:33Z)
• MultiRobustBench: Benchmarking Robustness Against Multiple Attacks [86.70417016955459]
  We present the first unified framework for considering multiple attacks against machine learning (ML) models. Our framework is able to model different levels of learner's knowledge about the test-time adversary. We evaluate the performance of 16 defended models for robustness against a set of 9 different attack types.
  arXiv  Detail & Related papers  (2023-02-21T20:26:39Z)
• Sampling Attacks on Meta Reinforcement Learning: A Minimax Formulation and Complexity Analysis [20.11993437283895]
  This paper provides a game-theoretical underpinning for understanding this type of security risk. We define the sampling attack model as a Stackelberg game between the attacker and the agent, which yields a minimax formulation. We observe that a minor effort of the attacker can significantly deteriorate the learning performance.
  arXiv  Detail & Related papers  (2022-07-29T21:29:29Z)
• LAS-AT: Adversarial Training with Learnable Attack Strategy [82.88724890186094]
  "Learnable attack strategy", dubbed LAS-AT, learns to automatically produce attack strategies to improve the model robustness. Our framework is composed of a target network that uses AEs for training to improve robustness and a strategy network that produces attack strategies to control the AE generation.
  arXiv  Detail & Related papers  (2022-03-13T10:21:26Z)
• Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
  We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
  arXiv  Detail & Related papers  (2021-11-23T23:42:16Z)
• Adaptive Feature Alignment for Adversarial Training [56.17654691470554]
  CNNs are typically vulnerable to adversarial attacks, which pose a threat to security-sensitive applications. We propose the adaptive feature alignment (AFA) to generate features of arbitrary attacking strengths. Our method is trained to automatically align features of arbitrary attacking strength.
  arXiv  Detail & Related papers  (2021-05-31T17:01:05Z)
• Robust Federated Learning with Attack-Adaptive Aggregation [45.60981228410952]
  Federated learning is vulnerable to various attacks, such as model poisoning and backdoor attacks. We propose an attack-adaptive aggregation strategy to defend against various attacks for robust learning.
  arXiv  Detail & Related papers  (2021-02-10T04:23:23Z)
• Yet Meta Learning Can Adapt Fast, It Can Also Break Easily [53.65787902272109]
  We study adversarial attacks on meta learning under the few-shot classification problem. We propose the first attacking algorithm against meta learning under various settings.
  arXiv  Detail & Related papers  (2020-09-02T15:03:14Z)
• Multi-agent Reinforcement Learning in Bayesian Stackelberg Markov Games for Adaptive Moving Target Defense [22.760124873882184]
  We argue that existing models are inadequate in sequential settings when there is incomplete information about a rational adversary. We propose a unifying game-theoretic model, called the Bayesian Stackelberg Markov Games (BSMGs) We show that our learning approach converges to an SSE of a BSMG and then highlight that the learned movement policy improves the state-of-the-art in MTD for web-application security.
  arXiv  Detail & Related papers  (2020-07-20T20:34:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.