Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

2 Scopus Citations
View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationProceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022)
PublisherInstitute of Electrical and Electronics Engineers, Inc.
Pages347-354
ISBN (electronic)978-1-6654-6457-4
Publication statusPublished - Dec 2022

Publication series

NameProceedings - International Conference on Mobility, Sensing and Networking, MSN

Conference

Title18th International Conference on Mobility, Sensing and Networking (MSN 2022)
PlaceChina
CityVirtual, Online
Period14 - 16 December 2022

Abstract

Federated learning (FL) is a privacy-preserving distributed machine learning architecture to solve the problem of data silos. While FL is proposed to protect data security, it still faces security challenges. Backdoor attacks are potential threats in FL and aim to manipulate the model performance on chosen backdoor tasks by injecting adversarial triggers. As a more insidious variant of backdoor attacks, distributed backdoor attacks decompose the same global trigger into multiple local patterns and respectively assign them to different attackers. In this paper, we study deep into the entire training process of current distributed backdoor attack (DBA) and propose a cooperative DBA method for non-IID FL to break through existing defenses. To bypass the cosine similarity detection, we design an update rotation and scaling technique based on two independent training to well disguise malicious updates among benign updates. We conduct an exhaustive experiment to evaluate the performance of our proposed method under the state-of-the-art defenses. The experimental results show that it is much more stealthy than the current DBA method while maintaining the high backdoor attack intensity. © 2022 IEEE.

Research Area(s)

  • cosine similarity, distributed backdoor attack, federated learning, rotation and scaling

Citation Format(s)

Breaking Distributed Backdoor Defenses for Federated Learning in Non-IID Settings. / Yang, Jijia; Shu, Jiangang; Jia, Xiaohua.
Proceedings - 2022 18th International Conference on Mobility, Sensing and Networking (MSN 2022). Institute of Electrical and Electronics Engineers, Inc., 2022. p. 347-354 (Proceedings - International Conference on Mobility, Sensing and Networking, MSN ).

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review