Robust Federated Learning for Ubiquitous Computing through Mitigation of Edge-Case Backdoor Attacks-Reference-Cited by-同舟云学术

Robust Federated Learning for Ubiquitous Computing through Mitigation of Edge-Case Backdoor Attacks

Published:2022-12-21 Issue:4 Volume:6 Page:1-27
ISSN:2474-9567
Container-title:Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
language:en
Short-container-title:Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

Author:

Elhattab Fatima¹^ORCID,Bouchenak Sara¹^ORCID,Talbi Rania¹^ORCID,Nitu Vlad²^ORCID

Affiliation:

1. INSA Lyon - LIRIS, Lyon, France

2. CNRS - LIRIS, Lyon, France

Abstract

Federated Learning (FL) allows several data owners to train a joint model without sharing their training data. Such a paradigm is useful for better privacy in many ubiquitous computing systems. However, FL is vulnerable to poisoning attacks, where malicious participants attempt to inject a backdoor task in the model at training time, along with the main task that the model was initially trained for. Recent works show that FL is particularly vulnerable to edge-case backdoors introduced by data points with unusual out-of-distribution features. Such attacks are among the most difficult to counter, and today's FL defense mechanisms usually fail to tackle them. In this paper, we present ARMOR, a defense mechanism that leverages adversarial learning to uncover edge-case backdoors. In contrast to most of existing FL defenses, ARMOR does not require real data samples and is compatible with secure aggregation, thus, providing better FL privacy protection. ARMOR relies on GANs (Generative Adversarial Networks) to extract data features from model updates, and uses the generated samples to test the activation of potential edge-case backdoors in the model. Our experimental evaluations with three widely used datasets and neural networks show that ARMOR can tackle edge-case backdoors with 95% resilience against attacks, and without hurting model quality.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3569492

Reference52 articles.

1. BaFFLe: Backdoor Detection via Feedback-based Federated Learning

2. Manoj Ghuhan Arivazhagan , Vinay Aggarwal , Aaditya Kumar Singh, and Sunav Choudhary . 2019 . Federated Learning with Personalization Layers . arXiv:1912.00818 1912.00818 (2019). http://arxiv.org/abs/1912.00818 Manoj Ghuhan Arivazhagan, Vinay Aggarwal, Aaditya Kumar Singh, and Sunav Choudhary. 2019. Federated Learning with Personalization Layers. arXiv:1912.00818 1912.00818 (2019). http://arxiv.org/abs/1912.00818

3. Eugene Bagdasaryan , Andreas Veit , Yiqing Hua , Deborah Estrin , and Vitaly Shmatikov . 2020 . How To Backdoor Federated Learning. In The 23rd International Conference on Artificial Intelligence and Statistics, AISTATS 2020, 26--28 August 2020, Online [Palermo, Sicily, Italy] R@(Proceedings of Machine Learning Research , Vol. 108), Silvia Chiappa and Roberto Calandra (Eds.). PMLR, Palermo, Sicily, Italy, 2938-- 2948 . http://proceedings.mlr.press/v108/bagdasaryan20a.html Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How To Backdoor Federated Learning. In The 23rd International Conference on Artificial Intelligence and Statistics, AISTATS 2020, 26--28 August 2020, Online [Palermo, Sicily, Italy] R@(Proceedings of Machine Learning Research, Vol. 108), Silvia Chiappa and Roberto Calandra (Eds.). PMLR, Palermo, Sicily, Italy, 2938--2948. http://proceedings.mlr.press/v108/bagdasaryan20a.html

4. Learning ECOC Code Matrix for Multiclass Classification with Application to Glaucoma Diagnosis

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Web 3.0 security: Backdoor attacks in federated learning-based automatic speaker verification systems in the 6G era;Future Generation Computer Systems;2024-11

2. Unfair Trojan: Targeted Backdoor Attacks Against Model Fairness;Springer Optimization and Its Applications;2024-05-10

3. Data and Model Poisoning Backdoor Attacks on Wireless Federated Learning, and the Defense Mechanisms: A Comprehensive Survey;IEEE Communications Surveys & Tutorials;2024

4. Towards Scalable Resilient Federated Learning: A Fully Decentralised Approach;2023 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops);2023-03-13