TU Darmstadt / ULB / TUbiblio

FLAME: Taming Backdoors in Federated Learning

Nguyen, Thien Duc ; Rieger, Phillip ; Chen, Huili ; Yalame, Mohammad Hossein ; Möllering, Helen ; Fereidooni, Hossein ; Marchal, Samuel ; Miettinen, Markus ; Mirhoseini, Azalia ; Zeitouni, Shaza ; Koushanfar, Farinaz ; Sadeghi, Ahmad-Reza ; Schneider, Thomas (2022):
FLAME: Taming Backdoors in Federated Learning.
In: Proceedings of the 31st USENIX Security Symposium, pp. 1415-1432,
USENIX Association, 31st USENIX Security Symposium (USENIX Security 22), Boston, USA, 10.-12.08.2022, ISBN 978-1-939133-31-1,
[Conference or Workshop Item]

Abstract

Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to so-called backdoor attacks, in which an adversary injects manipulated model updates into the federated model aggregation process so that the resulting model will provide targeted false predictions for specific adversary-chosen inputs. Proposed defenses against backdoor attacks based on detecting and filtering out malicious model updates consider only very specific and limited attacker models, whereas defenses based on differential privacy-inspired noise injection significantly deteriorate the benign performance of the aggregated model. To address these deficiencies, we introduce FLAME, a defense framework that estimates the sufficient amount of noise to be injected to ensure the elimination of backdoors. To minimize the required amount of noise, FLAME uses a model clustering and weight clipping approach. This ensures that FLAME can maintain the benign performance of the aggregated model while effectively eliminating adversarial backdoors. Our evaluation of FLAME on several datasets stemming from application areas including image classification, word prediction, and IoT intrusion detection demonstrates that FLAME removes backdoors effectively with a negligible impact on the benign performance of the models.

Item Type: Conference or Workshop Item
Erschienen: 2022
Creators: Nguyen, Thien Duc ; Rieger, Phillip ; Chen, Huili ; Yalame, Mohammad Hossein ; Möllering, Helen ; Fereidooni, Hossein ; Marchal, Samuel ; Miettinen, Markus ; Mirhoseini, Azalia ; Zeitouni, Shaza ; Koushanfar, Farinaz ; Sadeghi, Ahmad-Reza ; Schneider, Thomas
Title: FLAME: Taming Backdoors in Federated Learning
Language: English
Abstract:

Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to so-called backdoor attacks, in which an adversary injects manipulated model updates into the federated model aggregation process so that the resulting model will provide targeted false predictions for specific adversary-chosen inputs. Proposed defenses against backdoor attacks based on detecting and filtering out malicious model updates consider only very specific and limited attacker models, whereas defenses based on differential privacy-inspired noise injection significantly deteriorate the benign performance of the aggregated model. To address these deficiencies, we introduce FLAME, a defense framework that estimates the sufficient amount of noise to be injected to ensure the elimination of backdoors. To minimize the required amount of noise, FLAME uses a model clustering and weight clipping approach. This ensures that FLAME can maintain the benign performance of the aggregated model while effectively eliminating adversarial backdoors. Our evaluation of FLAME on several datasets stemming from application areas including image classification, word prediction, and IoT intrusion detection demonstrates that FLAME removes backdoors effectively with a negligible impact on the benign performance of the models.

Book Title: Proceedings of the 31st USENIX Security Symposium
Publisher: USENIX Association
ISBN: 978-1-939133-31-1
Uncontrolled Keywords: Federated Learning, Poisoning, Backdoor, Secure Multi-Party Computation
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Event Title: 31st USENIX Security Symposium (USENIX Security 22)
Event Location: Boston, USA
Event Dates: 10.-12.08.2022
Date Deposited: 11 Aug 2022 08:27
URL / URN: https://www.usenix.org/system/files/sec22-nguyen.pdf
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details