TU Darmstadt / ULB / TUbiblio

BaFFLe: Backdoor detection via Feedback-based Federated Learning

Andreina, Sebastien ; Marson, Giorgia Azzurra ; Möllering, Helen ; Karame, Ghassan (2021)
BaFFLe: Backdoor detection via Feedback-based Federated Learning.
41st IEEE International Conference on Distributed Computing Systems (ICDCS'21). virtual Conference (07.07.2021-10.07.2021)
doi: 10.1109/ICDCS51616.2021.00086
Conference or Workshop Item, Bibliographie

Abstract

Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detection via Feedback-based Federated Learning (BAFFLE), a novel defense to secure FL against backdoor attacks. The core idea behind BAFFLE is to leverage data of multiple clients not only for training but also for uncovering model poisoning. We exploit the availability of diverse datasets at the various clients by incorporating a feedback loop into the FL process, to integrate the views of those clients when deciding whether a given model update is genuine or not. We show that this powerful construct can achieve very high detection rates against state-of-the-art backdoor attacks, even when relying on straightforward methods to validate the model. Through empirical evaluation using the CIFAR-10 and FEMNIST datasets, we show that by combining the feedback loop with a method that suspects poisoning attempts by assessing the per-class classification performance of the updated model, BAFFLE reliably detects state-of-the-art backdoor attacks with a detection accuracy of 100% and a false-positive rate below 5%. Moreover, we show that our solution can detect adaptive attacks aimed at bypassing the defense. Index Terms—Federated learning, security, backdoor attacks.

Item Type: Conference or Workshop Item
Erschienen: 2021
Creators: Andreina, Sebastien ; Marson, Giorgia Azzurra ; Möllering, Helen ; Karame, Ghassan
Type of entry: Bibliographie
Title: BaFFLe: Backdoor detection via Feedback-based Federated Learning
Language: English
Date: 4 October 2021
Publisher: IEEE
Book Title: Proceedings: 2021 IEEE 41st International Conference on Distributed Computing Systems: ICDCS 2021
Collation: 11 Seiten
Event Title: 41st IEEE International Conference on Distributed Computing Systems (ICDCS'21)
Event Location: virtual Conference
Event Dates: 07.07.2021-10.07.2021
DOI: 10.1109/ICDCS51616.2021.00086
Corresponding Links:
Abstract:

Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detection via Feedback-based Federated Learning (BAFFLE), a novel defense to secure FL against backdoor attacks. The core idea behind BAFFLE is to leverage data of multiple clients not only for training but also for uncovering model poisoning. We exploit the availability of diverse datasets at the various clients by incorporating a feedback loop into the FL process, to integrate the views of those clients when deciding whether a given model update is genuine or not. We show that this powerful construct can achieve very high detection rates against state-of-the-art backdoor attacks, even when relying on straightforward methods to validate the model. Through empirical evaluation using the CIFAR-10 and FEMNIST datasets, we show that by combining the feedback loop with a method that suspects poisoning attempts by assessing the per-class classification performance of the updated model, BAFFLE reliably detects state-of-the-art backdoor attacks with a detection accuracy of 100% and a false-positive rate below 5%. Moreover, we show that our solution can detect adaptive attacks aimed at bypassing the defense. Index Terms—Federated learning, security, backdoor attacks.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > Cryptography and Privacy Engineering (ENCRYPTO)
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
DFG-Graduiertenkollegs
DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Date Deposited: 25 Jul 2024 07:20
Last Modified: 25 Jul 2024 07:20
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details