Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling

Yoo, KiYoon; Kwak, Nojun

doi:10.48550/arxiv.2204.14017

Cited by 3 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Wan et al [116] found that ASR using the FedAvg algorithm was less than 75% effective with most defenses when one of ten clients was malicious in CV tasks. However, Yoo et al [117] found that ASR was easily more than 95% effective on most attacks with most defenses when one of ten clients was malicious in NLP tasks. One reason for this difference may be that detecting NLP backdoors is more difficult.…”

Section: Potential Research Directions On Defensesmentioning

confidence: 99%

Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions

Nguyen¹,

Nguyen²,

Nguyen³

et al. 2023

Preprint

View full text Add to dashboard Cite

Federated learning (FL) is a machine learning (ML) approach that allows the use of distributed data without compromising personal privacy. However, the heterogeneous distribution of data among clients in FL can make it difficult for the orchestration server to validate the integrity of local model updates, making FL vulnerable to various threats, including backdoor attacks. Backdoor attacks involve the insertion of malicious functionality into a targeted model through poisoned updates from malicious clients. These attacks can cause the global model to misbehave on specific inputs while appearing normal in other cases. Backdoor attacks have received significant attention in the literature due to their potential to impact real-world deep learning applications. However, they have not been thoroughly studied in the context of FL. In this survey, we provide a comprehensive survey of current backdoor attack strategies and defenses in FL, including a comprehensive analysis of different approaches. We also discuss the challenges and potential future directions for attacks and defenses in the context of FL.

show abstract

Section: Potential Research Directions On Defensesmentioning

confidence: 99%

Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions

Nguyen¹,

Nguyen²,

Nguyen³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Whereas, when the training rules are manipulated by the adversaries, the attack is known as training rule manipulation attack [22], [91]. Backdoor attacks are performed by adding the stealth backdoors to the global model such that the overall accuracy of the model is retained [93]. In FL-systems, the compromised devices can add the backdoor and train the model on the backdoor data.…”

Section: A Attacks Focused On Datamentioning

confidence: 99%

Federated Learning Based Privacy Ensured Sensor Communication in IoT Networks: A Taxonomy, Threats and Attacks

et al. 2023

View full text Add to dashboard Cite

Our daily lives are significantly impacted by intelligent Internet of Things (IoT) application, services, IoT gadgets, and more intelligent industries. Artificial Intelligence (AI) is anticipated to have a substantial impact on training machine learning algorithms on IoT devices without sharing data. As data privacy has become a serious societal concern, Federated Learning (FL) has emerged as a hot research area for enabling the collaborative training of machine learning models across many smart IoT devices while adhering to privacy constraints. Although, FL is utilized for preserving privacy in IoT networks, but it is also facing some challenges such as privacy, effectiveness, and efficiency. In this article, a taxonomy of FL-based IoT systems is proposed and an analysis of related works on FL-based IoT systems is presented. Further, a comprehensive study of various types of threats, attacks, and frameworks is done. In addition to this, a taxonomy on privacy-preserving FL techniques for IoT networks is also devised. Finally, the study is concluded by highlighting the various open research challenges in FL-based IoT networks.

show abstract

“…Direct boosting [123] Boosting malicious updates Separated boosting [123] Regularized update boosting Model replacement [124] Replace converging global model PGD [125] Bounded update projection Edge case + PGD [46] PGD on minority samples Median interval [59] Median cheating with normalized updates DBA [126] Distributed backdoor trigger TrojanDBA [127] Distributed and learnable trigger Neurotoxin [128] Tampering insignificant model weights RL Neurotoxin [129] Searching Neurotoxin parameters with RL F3BA [130] Sign-flipping on insignificant weights Rare word embedding [131] Tampering stale word embeddings Future update approximation [132] Estimating future updates from malicious clients Sudden collapse [133] Estimating potent malicious gradients Trigger patterns vary from one attack to the other. We summarize existing triggers in Fig.…”

Section: Name Of Attackmentioning

confidence: 99%

“…Neurotoxin is recently enhanced by authors of [129] who employ RL to find better hyperparameters for the attack. Rare word embedding attack proposed in [131] shares a similar idea with Neurotoxin in the sense that it manipulates word embeddings of rare words as they are not likely to be updated by benign clients. The effectiveness of the rare word embedding attack can be further amplified by the gradient ensembling method [131].…”

Section: Insidious Tamperingmentioning

confidence: 99%

“…Rare word embedding attack proposed in [131] shares a similar idea with Neurotoxin in the sense that it manipulates word embeddings of rare words as they are not likely to be updated by benign clients. The effectiveness of the rare word embedding attack can be further amplified by the gradient ensembling method [131]. The attacker intentionally stores the global models from multiple rounds, then gradients of backdoor word embeddings are computed for all these models.…”

Section: Insidious Tamperingmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective

XIE,

Hu,

Ren

et al. 2023

Preprint

View full text Add to dashboard Cite

Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling

Cited by 3 publications

References 9 publications

Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions

Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions

Federated Learning Based Privacy Ensured Sensor Communication in IoT Networks: A Taxonomy, Threats and Attacks

A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective

Contact Info

Product

Resources

About