Andreina, Sebastien ; Marson, Giorgia Azzurra ; Möllering, Helen ; Karame, Ghassan (2021)
BaFFLe: Backdoor detection via Feedback-based Federated Learning.
41st IEEE International Conference on Distributed Computing Systems (ICDCS'21). virtual Conference (07.07.2021-10.07.2021)
doi: 10.1109/ICDCS51616.2021.00086
Conference or Workshop Item, Bibliographie
Abstract
Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detection via Feedback-based Federated Learning (BAFFLE), a novel defense to secure FL against backdoor attacks. The core idea behind BAFFLE is to leverage data of multiple clients not only for training but also for uncovering model poisoning. We exploit the availability of diverse datasets at the various clients by incorporating a feedback loop into the FL process, to integrate the views of those clients when deciding whether a given model update is genuine or not. We show that this powerful construct can achieve very high detection rates against state-of-the-art backdoor attacks, even when relying on straightforward methods to validate the model. Through empirical evaluation using the CIFAR-10 and FEMNIST datasets, we show that by combining the feedback loop with a method that suspects poisoning attempts by assessing the per-class classification performance of the updated model, BAFFLE reliably detects state-of-the-art backdoor attacks with a detection accuracy of 100% and a false-positive rate below 5%. Moreover, we show that our solution can detect adaptive attacks aimed at bypassing the defense. Index Terms—Federated learning, security, backdoor attacks.
Item Type: | Conference or Workshop Item |
---|---|
Erschienen: | 2021 |
Creators: | Andreina, Sebastien ; Marson, Giorgia Azzurra ; Möllering, Helen ; Karame, Ghassan |
Type of entry: | Bibliographie |
Title: | BaFFLe: Backdoor detection via Feedback-based Federated Learning |
Language: | English |
Date: | 4 October 2021 |
Publisher: | IEEE |
Book Title: | Proceedings: 2021 IEEE 41st International Conference on Distributed Computing Systems: ICDCS 2021 |
Collation: | 11 Seiten |
Event Title: | 41st IEEE International Conference on Distributed Computing Systems (ICDCS'21) |
Event Location: | virtual Conference |
Event Dates: | 07.07.2021-10.07.2021 |
DOI: | 10.1109/ICDCS51616.2021.00086 |
Corresponding Links: | |
Abstract: | Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detection via Feedback-based Federated Learning (BAFFLE), a novel defense to secure FL against backdoor attacks. The core idea behind BAFFLE is to leverage data of multiple clients not only for training but also for uncovering model poisoning. We exploit the availability of diverse datasets at the various clients by incorporating a feedback loop into the FL process, to integrate the views of those clients when deciding whether a given model update is genuine or not. We show that this powerful construct can achieve very high detection rates against state-of-the-art backdoor attacks, even when relying on straightforward methods to validate the model. Through empirical evaluation using the CIFAR-10 and FEMNIST datasets, we show that by combining the feedback loop with a method that suspects poisoning attempts by assessing the per-class classification performance of the updated model, BAFFLE reliably detects state-of-the-art backdoor attacks with a detection accuracy of 100% and a false-positive rate below 5%. Moreover, we show that our solution can detect adaptive attacks aimed at bypassing the defense. Index Terms—Federated learning, security, backdoor attacks. |
Divisions: | 20 Department of Computer Science 20 Department of Computer Science > Cryptography and Privacy Engineering (ENCRYPTO) DFG-Collaborative Research Centres (incl. Transregio) DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres DFG-Graduiertenkollegs DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments |
Date Deposited: | 25 Jul 2024 07:20 |
Last Modified: | 25 Jul 2024 07:20 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |