He, Jianhua and Yang, Han and Gu, Dongbin (2023) Towards defending adaptive backdoor attacks in Federated Learning. In: ICC 2023 - IEEE International Conference on Communications, 2023-05-28 - 2023-06-02, Rome, Italy.
He, Jianhua and Yang, Han and Gu, Dongbin (2023) Towards defending adaptive backdoor attacks in Federated Learning. In: ICC 2023 - IEEE International Conference on Communications, 2023-05-28 - 2023-06-02, Rome, Italy.
He, Jianhua and Yang, Han and Gu, Dongbin (2023) Towards defending adaptive backdoor attacks in Federated Learning. In: ICC 2023 - IEEE International Conference on Communications, 2023-05-28 - 2023-06-02, Rome, Italy.
Abstract
Federated learning (FL) is an efficient, scalable, and privacy-preserving technology in which clients collaborate on machine learning or deep learning model training. However, malicious clients can send poisoned model updates to the central server without being identified, which makes FL vulnerable to backdoor attacks. In this work, we propose a novel defence approach, FLSec, to mitigate backdoor attacks caused by adversarial local model updates. FLSec utilizes an original measurement, GradScore, computed from the loss gradient norm of the final layer of the local models for backdoor defence. We show that GradScore is efficient and robust in identifying malicious model updates through analysis and experiments. Our extensive evaluation also demonstrates FLSec is highly effective in mitigating three state-of-the-art backdoor attacks on well-known datasets, MNIST, LOAN, and CIFAR-10. The accuracy on a benign dataset with the proposed defence approach is nearly unchanged, with the accuracy on the backdoor dataset being reduced to 0%. In addition, our experiments show that FLSec significantly outperforms existing backdoor defences in multi-round backdoor attacks.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Additional Information: | Published proceedings: _not provided_ |
Uncontrolled Keywords: | Deep Learning; Federated Learning; Backdoor attack; Model Poisoning |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 17 Oct 2024 15:59 |
Last Modified: | 30 Oct 2024 21:07 |
URI: | http://repository.essex.ac.uk/id/eprint/34675 |
Available files
Filename: Towards_defending_adaptive_backdoor_attacks_in_Federated_Learning.pdf