Can You Really Backdoor Federated Learning?

11/18/2019
by   Ziteng Sun, et al.
0

The decentralized nature of federated learning makes detecting and defending against adversarial attacks a challenging task. This paper focuses on backdoor attacks in the federated learning setting, where the goal of the adversary is to reduce the performance of the model on targeted tasks while maintaining good performance on the main task. Unlike existing works, we allow non-malicious clients to have correctly labeled samples from the targeted tasks. We conduct a comprehensive study of backdoor attacks and defenses for the EMNIST dataset, a real-life, user-partitioned, and non-iid dataset. We observe that in the absence of defenses, the performance of the attack largely depends on the fraction of adversaries present and the "complexity” of the targeted task. Moreover, we show that norm clipping and "weak” differential privacy mitigate the attacks without hurting the overall performance. We have implemented the attacks and defenses in TensorFlow Federated (TFF), a TensorFlow framework for federated learning. In open-sourcing our code, our goal is to encourage researchers to contribute new attacks and defenses and evaluate them on standard federated datasets.

READ FULL TEXT
research
06/06/2023

A Survey on Federated Learning Poisoning Attacks and Defenses

As one kind of distributed machine learning technique, federated learnin...
research
08/27/2022

Network-Level Adversaries in Federated Learning

Federated learning is a popular strategy for training models on distribu...
research
04/27/2020

Exploiting Defenses against GAN-Based Feature Inference Attacks in Federated Learning

With the rapid increasing of computing power and dataset volume, machine...
research
07/07/2020

Backdoor attacks and defenses in feature-partitioned collaborative learning

Since there are multiple parties in collaborative learning, malicious pa...
research
04/29/2022

Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling

Recent advances in federated learning have demonstrated its promising ca...
research
11/15/2020

Dynamic backdoor attacks against federated learning

Federated Learning (FL) is a new machine learning framework, which enabl...
research
02/01/2021

Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning

Data heterogeneity has been identified as one of the key features in fed...

Please sign up or login with your details

Forgot password? Click here to reset