TU Darmstadt / ULB / TUbiblio

CrowdGuard: Federated Backdoor Detection in Federated Learning

Rieger, Phillip ; Krauß, Torsten ; Miettinen, Mark ; Dmitrienko, Alexandra ; Sadeghi, Ahmad-Reza (2024)
CrowdGuard: Federated Backdoor Detection in Federated Learning.
Network and Distributed Systems Security (NDSS) Symposium 2024. San Diego, USA (26.02.24-01.03.24)
doi: 10.14722/ndss.2024.23233
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Federated Learning (FL) is a promising approach enabling multiple clients to train Deep Neural Networks (DNNs) collaboratively without sharing their local training data. However, FL is susceptible to backdoor (or targeted poisoning) attacks. These attacks are initiated by malicious clients who seek to compromise the learning process by introducing specific behaviors into the learned model that can be triggered by carefully crafted inputs. Existing FL safeguards have various limitations: They are restricted to specific data distributions or reduce the global model accuracy due to excluding benign models or adding noise, are vulnerable to adaptive defense-aware adversaries, or require the server to access local models, allowing data inference attacks.

This paper presents a novel defense mechanism, CrowdGuard, that effectively mitigates backdoor attacks in FL and overcomes the deficiencies of existing techniques. It leverages clients' feedback on individual models, analyzes the behavior of neurons in hidden layers, and eliminates poisoned models through an iterative pruning scheme. CrowdGuard employs a server-located stacked clustering scheme to enhance its resilience to rogue client feedback. The evaluation results demonstrate that CrowdGuard achieves a 100% True-Positive-Rate and True-Negative-Rate across various scenarios, including IID and non-IID data distributions. Additionally, CrowdGuard withstands adaptive adversaries while preserving the original performance of protected models. To ensure confidentiality, CrowdGuard uses a secure and privacy-preserving architecture leveraging Trusted Execution Environments (TEEs) on both client and server sides.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2024
Autor(en): Rieger, Phillip ; Krauß, Torsten ; Miettinen, Mark ; Dmitrienko, Alexandra ; Sadeghi, Ahmad-Reza
Art des Eintrags: Bibliographie
Titel: CrowdGuard: Federated Backdoor Detection in Federated Learning
Sprache: Englisch
Publikationsjahr: 26 Februar 2024
Ort: San Diego, USA
Buchtitel: Network and Distributed Systems Security (NDSS) Symposium 2024
Veranstaltungstitel: Network and Distributed Systems Security (NDSS) Symposium 2024
Veranstaltungsort: San Diego, USA
Veranstaltungsdatum: 26.02.24-01.03.24
DOI: 10.14722/ndss.2024.23233
URL / URN: https://www.ndss-symposium.org/ndss-paper/crowdguard-federat...
Kurzbeschreibung (Abstract):

Federated Learning (FL) is a promising approach enabling multiple clients to train Deep Neural Networks (DNNs) collaboratively without sharing their local training data. However, FL is susceptible to backdoor (or targeted poisoning) attacks. These attacks are initiated by malicious clients who seek to compromise the learning process by introducing specific behaviors into the learned model that can be triggered by carefully crafted inputs. Existing FL safeguards have various limitations: They are restricted to specific data distributions or reduce the global model accuracy due to excluding benign models or adding noise, are vulnerable to adaptive defense-aware adversaries, or require the server to access local models, allowing data inference attacks.

This paper presents a novel defense mechanism, CrowdGuard, that effectively mitigates backdoor attacks in FL and overcomes the deficiencies of existing techniques. It leverages clients' feedback on individual models, analyzes the behavior of neurons in hidden layers, and eliminates poisoned models through an iterative pruning scheme. CrowdGuard employs a server-located stacked clustering scheme to enhance its resilience to rogue client feedback. The evaluation results demonstrate that CrowdGuard achieves a 100% True-Positive-Rate and True-Negative-Rate across various scenarios, including IID and non-IID data distributions. Additionally, CrowdGuard withstands adaptive adversaries while preserving the original performance of protected models. To ensure confidentiality, CrowdGuard uses a secure and privacy-preserving architecture leveraging Trusted Execution Environments (TEEs) on both client and server sides.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 18 Jun 2024 07:21
Letzte Änderung: 18 Jun 2024 07:48
PPN: 519210689
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen