Nguyen, Thien Duc ; Rieger, Phillip ; Chen, Huili ; Yalame, Mohammad Hossein ; Möllering, Helen ; Fereidooni, Hossein ; Marchal, Samuel ; Miettinen, Markus ; Mirhoseini, Azalia ; Zeitouni, Shaza ; Koushanfar, Farinaz ; Sadeghi, Ahmad-Reza ; Schneider, Thomas (2022)
FLAME: Taming Backdoors in Federated Learning.
31st USENIX Security Symposium (USENIX Security 22). Boston, USA (10.08.2022-12.08.2022)
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to so-called backdoor attacks, in which an adversary injects manipulated model updates into the federated model aggregation process so that the resulting model will provide targeted false predictions for specific adversary-chosen inputs. Proposed defenses against backdoor attacks based on detecting and filtering out malicious model updates consider only very specific and limited attacker models, whereas defenses based on differential privacy-inspired noise injection significantly deteriorate the benign performance of the aggregated model. To address these deficiencies, we introduce FLAME, a defense framework that estimates the sufficient amount of noise to be injected to ensure the elimination of backdoors. To minimize the required amount of noise, FLAME uses a model clustering and weight clipping approach. This ensures that FLAME can maintain the benign performance of the aggregated model while effectively eliminating adversarial backdoors. Our evaluation of FLAME on several datasets stemming from application areas including image classification, word prediction, and IoT intrusion detection demonstrates that FLAME removes backdoors effectively with a negligible impact on the benign performance of the models.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2022 |
| Autor(en): | Nguyen, Thien Duc ; Rieger, Phillip ; Chen, Huili ; Yalame, Mohammad Hossein ; Möllering, Helen ; Fereidooni, Hossein ; Marchal, Samuel ; Miettinen, Markus ; Mirhoseini, Azalia ; Zeitouni, Shaza ; Koushanfar, Farinaz ; Sadeghi, Ahmad-Reza ; Schneider, Thomas |
| Art des Eintrags: | Bibliographie |
| Titel: | FLAME: Taming Backdoors in Federated Learning |
| Sprache: | Englisch |
| Publikationsjahr: | 2022 |
| Verlag: | USENIX Association |
| Buchtitel: | Proceedings of the 31st USENIX Security Symposium |
| Veranstaltungstitel: | 31st USENIX Security Symposium (USENIX Security 22) |
| Veranstaltungsort: | Boston, USA |
| Veranstaltungsdatum: | 10.08.2022-12.08.2022 |
| URL / URN: | https://www.usenix.org/system/files/sec22-nguyen.pdf |
| Kurzbeschreibung (Abstract): | Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to so-called backdoor attacks, in which an adversary injects manipulated model updates into the federated model aggregation process so that the resulting model will provide targeted false predictions for specific adversary-chosen inputs. Proposed defenses against backdoor attacks based on detecting and filtering out malicious model updates consider only very specific and limited attacker models, whereas defenses based on differential privacy-inspired noise injection significantly deteriorate the benign performance of the aggregated model. To address these deficiencies, we introduce FLAME, a defense framework that estimates the sufficient amount of noise to be injected to ensure the elimination of backdoors. To minimize the required amount of noise, FLAME uses a model clustering and weight clipping approach. This ensures that FLAME can maintain the benign performance of the aggregated model while effectively eliminating adversarial backdoors. Our evaluation of FLAME on several datasets stemming from application areas including image classification, word prediction, and IoT intrusion detection demonstrates that FLAME removes backdoors effectively with a negligible impact on the benign performance of the models. |
| Freie Schlagworte: | Federated Learning, Poisoning, Backdoor, Secure Multi-Party Computation |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Praktische Kryptographie und Privatheit 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 11 Aug 2022 08:27 |
| Letzte Änderung: | 30 Jul 2024 10:19 |
| PPN: | 502352876 |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum