Top

Published in:

2023 | OriginalPaper | Chapter

Model Similarity-Based Defense Scheme Against Backdoor Attacks on Federated Learning

Authors : Long Su, Jun Ye, Longjuan Wang

Published in: Frontier Computing

Publisher: Springer Nature Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Federated learning is a deep learning model that helps thousands of participants train data without compromising their local data. For example, multiple smartphones can jointly learn and train the predicted value of a word under the keyboard without revealing what the user typed. However, federated learning is still fragile, and due to a large number of participating clients, it is impossible to guarantee that participants will engage in malicious behavior in the training process. Malicious actors will embed backdoors in their data, malicious clients will converge and show good accuracy in their primary task, and in a particular task, the attacker will embed backdoor input in a specific way that the attacker wants. Normally, the parameters sent by the abnormal client are completely different from those sent by the normal client. This paper proposes a new method to filter dishonest participants. The scheme mainly looks for the similarity between each client, identifies benign clients and abnormal clients by looking for the largest cluster, and then ignores the abnormal local model when the global model is updated.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Construction of Chinese Healthy Eating Knowledge Graph

next chapter An Improved Lightweight Cryptography Based on One-Time Pad for IoT Devices

Liu, D., Miller, T., Sayeed, R., Mandl, K.: Fadl: federated-autonomous deep learning for distributed electronic health record. arXiv preprint arXiv:1811.11400 (2018)

Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.: Analyzing federated learning through an adversarial lens. In: International Conference on Machine Learning, pp. 634–643 (2019)

Fung, C., Yoon, C.J., Beschastnikh, I.: Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866 (2018)

Barreno, M., et al.: Can machine learning be secure? In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, March 2006, pp. 16–25 (2006). https://doi.org/10.1145/1128817.1128824

Kloft, M., Laskov, P.: Online anomaly detection under adversarial impact. In: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 405–412. JMLR Workshop and Conference Proceedings, March 2010

Shafahi, A., Huang, W.R., Najibi, M., et al.: Poison frogs! Targeted clean-label poisoning attacks on neural networks. In: Proceedings of the 32nd International Conference on Neural Information Processing Systems, pp. 6106–6116 (2018)

Saha, A., Subramanya, A., Pirsiavash, H.: Hidden trigger backdoor attacks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 34, no. 07, pp. 11957–11965, April 2020

Liu, K., DolanGavitt, B., Garg, S.: Fine-pruning: defending against backdooring attacks on deep neural networks. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 273–294. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_13CrossRef

Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938–2948. PMLR, June 2020

10.

Tran, B., Li, J., Mądry, A.: Spectral signatures in backdoor attacks. In: Proceedings of the 32nd International Conference on Neural Information Processing Systems, pp. 8011–8021, December 2018

Title: Model Similarity-Based Defense Scheme Against Backdoor Attacks on Federated Learning
Authors: Long Su
Jun Ye
Longjuan Wang
Publisher: Springer Nature Singapore
Book: Frontier Computing
Print ISBN: 978-981-9914-27-2

Electronic ISBN: 978-981-9914-28-9

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-981-99-1428-9_265

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"