Attacking-Distance-Aware Attack: Semi-targeted Model Poisoning on Federated Learning

Sun, Yuwei; Ochiai, Hideya; Sakuma, Jun

doi:10.1109/tai.2023.3280155

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Other1

Relationship

Self Cite0

Independent3

Authors

Journals

Cited by 3 publications

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Optimizing Federated Learning on TinyML Devices for Privacy Protection and Energy Efficiency in IoT Networks

Villegas-Ch,

Gutierrez,

Maldonado Navarro

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Optimizing Federated Learning on TinyML Devices for Privacy Protection and Energy Efficiency in IoT Networks

Villegas-Ch,

Gutierrez,

Maldonado Navarro

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Instance-Level Trojan Attacks on Visual Question Answering via Adversarial Learning in Neuron Activation Space

Sun,

Ochiai,

Sakuma

2024

2024 International Joint Conference on Neural Networks (IJCNN)

View full text Add to dashboard Cite

FedSuper: A Byzantine-Robust Federated Learning Under Supervision

Zhao,

Jiang,

Zhang

2024

ACM Trans. Sen. Netw.

View full text Add to dashboard Cite

Federated Learning (FL) is a machine learning setting where multiple worker devices collaboratively train a model under the orchestration of a central server, while keeping the training data local. However, owing to the lack of supervision on worker devices, FL is vulnerable to Byzantine attacks where the worker devices controlled by an adversary arbitrarily generate poisoned local models and send to FL server, ultimately degrading the utility (e.g., model accuracy) of the global model. Most of existing Byzantine-robust algorithms, however, cannot well react to the threatening Byzantine attacks when the ratio of compromised worker devices (i.e., Byzantine ratio) is over 0.5 and worker devices’ local training datasets are not independent and identically distributed (non-IID). We propose a novel Byzantine-robust Fed erated Learning under Super vision (FedSuper), which can maintain robustness against Byzantine attacks even in the threatening scenario with a very high Byzantine ratio (0.9 in our experiments) and the largest level of non-IID data (1.0 in our experiments) when the state-of-the-art Byzantine attacks are conducted. The main idea of FedSuper is that the FL server supervises worker devices via injecting a shadow dataset into their local training processes. Moreover, according to the local models’ accuracies or losses on the shadow dataset, we design a Local Model Filter to remove poisoned local models and output an optimal global model. Extensive experimental results on three real-world datasets demonstrate the effectiveness and the superior performance of FedSuper, compared to five latest Byzantine-robust FL algorithms and two baselines, in defending against two state-of-the-art Byzantine attacks with high Byzantine ratios and high levels of non-IID data.

show abstract

Attacking-Distance-Aware Attack: Semi-targeted Model Poisoning on Federated Learning

Cited by 3 publications

References 32 publications

Optimizing Federated Learning on TinyML Devices for Privacy Protection and Energy Efficiency in IoT Networks

Optimizing Federated Learning on TinyML Devices for Privacy Protection and Energy Efficiency in IoT Networks

Instance-Level Trojan Attacks on Visual Question Answering via Adversarial Learning in Neuron Activation Space

FedSuper: A Byzantine-Robust Federated Learning Under Supervision

Contact Info

Product

Resources

About