Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings

Jijia Yang; Jiangang Shu; Xiaohua Jia

doi:10.1109/MSN57253.2022.00064

Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings

^*Corresponding author for this work

Department of Computer Science

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

2 Citations (Scopus)

Abstract

Federated learning (FL) is a privacy-preserving distributed machine learning architecture to solve the problem of data silos. While FL is proposed to protect data security, it still faces security challenges. Backdoor attacks are potential threats in FL and aim to manipulate the model performance on chosen backdoor tasks by injecting adversarial triggers. As a more insidious variant of backdoor attacks, distributed backdoor attacks decompose the same global trigger into multiple local patterns and respectively assign them to different attackers. In this paper, we study deep into the entire training process of current distributed backdoor attack (DBA) and propose a cooperative DBA method for non-IID FL to break through existing defenses. To bypass the cosine similarity detection, we design an update rotation and scaling technique based on two independent training to well disguise malicious updates among benign updates. We conduct an exhaustive experiment to evaluate the performance of our proposed method under the state-of-the-art defenses. The experimental results show that it is much more stealthy than the current DBA method while maintaining the high backdoor attack intensity. © 2022 IEEE.

Original language	English
Title of host publication	Proceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022)
Publisher	IEEE
Pages	347-354
ISBN (Electronic)	978-1-6654-6457-4
DOIs	https://doi.org/10.1109/MSN57253.2022.00064
Publication status	Published - Dec 2022
Event	18th International Conference on Mobility, Sensing and Networking (MSN 2022) - Virtual, Online, China Duration: 14 Dec 2022 → 16 Dec 2022 Conference number: 18 https://ieee-msn.org/2022/index.php https://ieeexplore.ieee.org/xpl/conhome/10076543/proceeding

Publication series

Name	Proceedings - International Conference on Mobility, Sensing and Networking, MSN

Conference

Conference	18th International Conference on Mobility, Sensing and Networking (MSN 2022)
Abbreviated title	MSN
Country/Territory	China
City	Virtual, Online
Period	14/12/22 → 16/12/22
Internet address	https://ieee-msn.org/2022/index.php https://ieeexplore.ieee.org/xpl/conhome/10076543/proceeding

Research Keywords

cosine similarity
distributed backdoor attack
federated learning
rotation and scaling

Access Output

10.1109/MSN57253.2022.00064

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@inproceedings{6c05e61870214c56abff246cae3c1e38,

title = "Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings",

abstract = "Federated learning (FL) is a privacy-preserving distributed machine learning architecture to solve the problem of data silos. While FL is proposed to protect data security, it still faces security challenges. Backdoor attacks are potential threats in FL and aim to manipulate the model performance on chosen backdoor tasks by injecting adversarial triggers. As a more insidious variant of backdoor attacks, distributed backdoor attacks decompose the same global trigger into multiple local patterns and respectively assign them to different attackers. In this paper, we study deep into the entire training process of current distributed backdoor attack (DBA) and propose a cooperative DBA method for non-IID FL to break through existing defenses. To bypass the cosine similarity detection, we design an update rotation and scaling technique based on two independent training to well disguise malicious updates among benign updates. We conduct an exhaustive experiment to evaluate the performance of our proposed method under the state-of-the-art defenses. The experimental results show that it is much more stealthy than the current DBA method while maintaining the high backdoor attack intensity. {\textcopyright} 2022 IEEE.",

keywords = "cosine similarity, distributed backdoor attack, federated learning, rotation and scaling",

author = "Jijia Yang and Jiangang Shu and Xiaohua Jia",

year = "2022",

month = dec,

doi = "10.1109/MSN57253.2022.00064",

language = "English",

series = "Proceedings - International Conference on Mobility, Sensing and Networking, MSN ",

publisher = "IEEE",

pages = "347--354",

booktitle = "Proceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022)",

address = "United States",

note = "18th International Conference on Mobility, Sensing and Networking (MSN 2022), MSN ; Conference date: 14-12-2022 Through 16-12-2022",

url = "https://ieee-msn.org/2022/index.php, https://ieeexplore.ieee.org/xpl/conhome/10076543/proceeding",

}

Yang, J, Shu, J & Jia, X 2022, Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings. in Proceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022). Proceedings - International Conference on Mobility, Sensing and Networking, MSN , IEEE, pp. 347-354, 18th International Conference on Mobility, Sensing and Networking (MSN 2022), Virtual, Online, China, 14/12/22. https://doi.org/10.1109/MSN57253.2022.00064

Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings. / Yang, Jijia; Shu, Jiangang ; Jia, Xiaohua.
Proceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022). IEEE, 2022. p. 347-354 (Proceedings - International Conference on Mobility, Sensing and Networking, MSN ).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings

AU - Yang, Jijia

AU - Shu, Jiangang

AU - Jia, Xiaohua

N1 - Conference code: 18

PY - 2022/12

Y1 - 2022/12

N2 - Federated learning (FL) is a privacy-preserving distributed machine learning architecture to solve the problem of data silos. While FL is proposed to protect data security, it still faces security challenges. Backdoor attacks are potential threats in FL and aim to manipulate the model performance on chosen backdoor tasks by injecting adversarial triggers. As a more insidious variant of backdoor attacks, distributed backdoor attacks decompose the same global trigger into multiple local patterns and respectively assign them to different attackers. In this paper, we study deep into the entire training process of current distributed backdoor attack (DBA) and propose a cooperative DBA method for non-IID FL to break through existing defenses. To bypass the cosine similarity detection, we design an update rotation and scaling technique based on two independent training to well disguise malicious updates among benign updates. We conduct an exhaustive experiment to evaluate the performance of our proposed method under the state-of-the-art defenses. The experimental results show that it is much more stealthy than the current DBA method while maintaining the high backdoor attack intensity. © 2022 IEEE.

AB - Federated learning (FL) is a privacy-preserving distributed machine learning architecture to solve the problem of data silos. While FL is proposed to protect data security, it still faces security challenges. Backdoor attacks are potential threats in FL and aim to manipulate the model performance on chosen backdoor tasks by injecting adversarial triggers. As a more insidious variant of backdoor attacks, distributed backdoor attacks decompose the same global trigger into multiple local patterns and respectively assign them to different attackers. In this paper, we study deep into the entire training process of current distributed backdoor attack (DBA) and propose a cooperative DBA method for non-IID FL to break through existing defenses. To bypass the cosine similarity detection, we design an update rotation and scaling technique based on two independent training to well disguise malicious updates among benign updates. We conduct an exhaustive experiment to evaluate the performance of our proposed method under the state-of-the-art defenses. The experimental results show that it is much more stealthy than the current DBA method while maintaining the high backdoor attack intensity. © 2022 IEEE.

KW - cosine similarity

KW - distributed backdoor attack

KW - federated learning

KW - rotation and scaling

UR - http://www.scopus.com/inward/record.url?scp=85152291152&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85152291152&origin=recordpage

U2 - 10.1109/MSN57253.2022.00064

DO - 10.1109/MSN57253.2022.00064

M3 - RGC 32 - Refereed conference paper (with host publication)

T3 - Proceedings - International Conference on Mobility, Sensing and Networking, MSN

SP - 347

EP - 354

BT - Proceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022)

PB - IEEE

T2 - 18th International Conference on Mobility, Sensing and Networking (MSN 2022)

Y2 - 14 December 2022 through 16 December 2022

ER -

Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings

Abstract

Publication series

Conference

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this