A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning

Tian, Zhiyi; Cui, Lei; Liang, Jie; Yu, Shui

doi:10.1145/3551636

Cited by 95 publications

(28 citation statements)

References 78 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Malicious FL participants can try to manipulate the global model to either produce specific outputs for specific inputs or simply degrade the overall accuracy. These attacks are referred to as backdoor (Bagdasaryan et al, 2020;Xie et al, 2020) and poisoning attacks (Tian et al, 2022), respectively. In terms of poisoning attacks, the two options are to perform data poisoning (Biggio et al, 2012;Tolpegin et al, 2020) or model poisoning (Wang et al, 2020;Fang et al, 2020).…”

Section: Attacksmentioning

confidence: 99%

HyFL: A Hybrid Approach For Private Federated Learning

Marx¹,

Schneider²,

Suresh³

et al. 2023

Preprint

View full text Add to dashboard Cite

As a distributed machine learning paradigm, federated learning (FL) conveys a sense of privacy to contributing participants because training data never leaves their devices. However, gradient updates and the aggregated model still reveal sensitive information. In this work, we propose HyFL, a new framework that combines private training and inference with secure aggregation and hierarchical FL to provide end-to-end protection and facilitate large-scale global deployments. Additionally, we show that HyFL strictly limits the attack surface for malicious participants: they are restricted to data-poisoning attacks and cannot significantly reduce accuracy.

show abstract

Section: Attacksmentioning

confidence: 99%

HyFL: A Hybrid Approach For Private Federated Learning

Marx¹,

Schneider²,

Suresh³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Their survey, however, falls short of assessing or demonstrating the connection between these attacks, as well as the connection between backdoor attacks and defenses. In Backdoor attacks and defenses [37] 2022 Backdoor attacks and defenses in FL [38] 2022 Poisoning attacks and countermeasures [39] 2022 FL challenges, contributions, and trends [40] 2021 Privacy-preserving FL [41] 2021…”

Section: Related Surveysmentioning

confidence: 99%

Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions

Nguyen¹,

Nguyen²,

Nguyen³

et al. 2023

Preprint

View full text Add to dashboard Cite

Federated learning (FL) is a machine learning (ML) approach that allows the use of distributed data without compromising personal privacy. However, the heterogeneous distribution of data among clients in FL can make it difficult for the orchestration server to validate the integrity of local model updates, making FL vulnerable to various threats, including backdoor attacks. Backdoor attacks involve the insertion of malicious functionality into a targeted model through poisoned updates from malicious clients. These attacks can cause the global model to misbehave on specific inputs while appearing normal in other cases. Backdoor attacks have received significant attention in the literature due to their potential to impact real-world deep learning applications. However, they have not been thoroughly studied in the context of FL. In this survey, we provide a comprehensive survey of current backdoor attack strategies and defenses in FL, including a comprehensive analysis of different approaches. We also discuss the challenges and potential future directions for attacks and defenses in the context of FL.

show abstract

“…Privacy attacks in machine learning [5,22] include membership inference attacks [24], model reconstruction attacks such as attribute inference [29], model inversion attacks [11,10], and model extraction attacks [28]. Here, we focus on a form of model inversion attacks, namely, attribute inference attack.…”

Section: Attribute Inference Attackmentioning

confidence: 99%

“…Model inversion attacks try to recover sensitive features or the full data sample based on output labels and partial knowledge (subset of data) of some features [22,19]. [19] provided a summary of possible assumptions about adversary capabilities and resources for different model inversion attribute inference attacks.…”

Section: Attribute Inference Attackmentioning

confidence: 99%

When Machine Learning Models Leak: An Exploration of Synthetic Training Data

Slokom

Wolf

Larson

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We investigate an attack on a machine learning model that predicts whether a person or household will relocate in the next two years, i.e., a propensity-to-move classifier. The attack assumes that the attacker can query the model to obtain predictions and that the marginal distribution of the data on which the model was trained is publicly available. The attack also assumes that the attacker has obtained the values of non-sensitive attributes for a certain number of target individuals. The objective of the attack is to infer the values of sensitive attributes for these target individuals. We explore how replacing the original data with synthetic data when training the model impacts how successfully the attacker can infer sensitive attributes. 4

show abstract

A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning

Cited by 95 publications

References 78 publications

HyFL: A Hybrid Approach For Private Federated Learning

HyFL: A Hybrid Approach For Private Federated Learning

Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions

When Machine Learning Models Leak: An Exploration of Synthetic Training Data

Contact Info

Product

Resources

About