Data Poisoning Attacks on Federated Machine Learning

Sun, Gan; Cong, Yang; Dong, Jiahua; Wang, Qiang; Lyu, Lingjuan; Liu, Ji

doi:10.1109/jiot.2021.3128646

Cited by 141 publications

(51 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, in a face recognition system that allows access to a house, to identify five specific people from the input set, who originally did not have access (negative label as origin label) as people who can access (positive label as a target label). Some works which implement this kind of the attack are [18] where the authors analyse the impact of different attacks scenarios, [40] where the authors prove that you can really backdoor FL even using existing defences and [41] where the aim is to present the data-poisoning attacks.…”

Section: Taxonomy According To the Objectivementioning

confidence: 99%

“…However, it is also possible that the goal of the attackers is not to impair of the local models, but only a specific subset of them. In Sun et al [41], they define a set of target nodes as those nodes (clients or server) to be compromised by the attack. According to this definition, we may differentiate between the following three types of data-poisoning attacks depending on the access level the attackers have to the target nodes:…”

Section: Information Leakagementioning

confidence: 99%

See 1 more Smart Citation

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Rodríguez-Barroso¹,

López²,

Luzón³

et al. 2022

Preprint

View full text Add to dashboard Cite

Federated learning is a machine learning paradigm that emerges as a solution to the privacy-preservation demands in artificial intelligence. As machine learning, federated learning is threatened by adversarial attacks against the integrity of the learning model and the privacy of data via a distributed approach to tackle local and global learning. This weak point is exacerbated by the inaccessibility of data in federated learning, which makes harder the protection against adversarial attacks and evidences the need to furtherance the research on defence methods to make federated learning a real solution for safeguarding data privacy. In this paper, we present an extensive review of the threats of federated learning, as well as as their corresponding countermeasures, attacks versus defences. This survey provides a taxonomy of adversarial attacks and a taxonomy of defence methods that depict a general picture of this vulnerability of federated learning and how to overcome it. Likewise, we expound guidelines for selecting the most adequate defence method according to the category of the adversarial attack. Besides, we carry out an extensive experimental study from which we draw further conclusions about the behaviour of attacks and defences and the guidelines for selecting the most adequate defence method according to the category of the adversarial attack. This study is finished leading to meditated learned lessons and challenges.

show abstract

Section: Taxonomy According To the Objectivementioning

confidence: 99%

Section: Information Leakagementioning

confidence: 99%

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Rodríguez-Barroso¹,

López²,

Luzón³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…They find that poisons injected late in the training process are significantly more effective than those injected early. Other proposals adopt a bi-level optimization approach for poisoning multi-task FL [56] and GAN-generated poisons [57]. Model Poisoning.…”

Section: A Adversarial Attacks To MLmentioning

confidence: 99%

Covert Channel Attack to Federated Learning Systems

Costa,

Pinelli,

Soderi

et al. 2021

Preprint

View full text Add to dashboard Cite

Federated learning (FL) goes beyond traditional, centralized machine learning by distributing model training among a large collection of edge clients. These clients cooperatively train a global, e.g., cloud-hosted, model without disclosing their local, private training data. The global model is then shared among all the participants which use it for local predictions.In this paper, we put forward a novel attacker model aiming at turning FL systems into covert channels to implement a stealth communication infrastructure. The main intuition is that, during federated training, a malicious sender can poison the global model by submitting purposely crafted examples. Although the effect of the model poisoning is negligible to other participants, and does not alter the overall model performance, it can be observed by a malicious receiver and used to transmit a single bit.

show abstract

“…The privacy benefit has motivated the adoption of FL in a variety of sensitive applications, including Google GBoard, healthcare services, and self-driving cars. However, vanilla FL has been demonstrated to be vulnerable to a range of attacks (Bagdasaryan et al, 2020;Bhagoji et al, 2019;Fang et al, 2020;Nasr et al, 2019;Sun et al, 2021;Luo et al, 2021). There are two mainstream vulnerabilities in FL, namely Byzantine robustness and privacy.…”

Section: Introductionmentioning

confidence: 99%

Byzantine-Robust Federated Learning with Optimal Statistical Rates and Privacy Guarantees

Zhu¹,

Wang²,

Pang³

et al. 2022

Preprint

View full text Add to dashboard Cite

We propose Byzantine-robust federated learning protocols with nearly optimal statistical rates. In contrast to prior work, our proposed protocols improve the dimension dependence and achieve a tight statistical rate in terms of all the parameters for strongly convex losses. We benchmark against competing protocols and show the empirical superiority of the proposed protocols. Finally, we remark that our protocols with bucketing can be naturally combined with privacy-guaranteeing procedures to introduce security against a semi-honest server. The code for evaluation is provided in https://github.com/wanglun1996/secure-robust-federated-learning.

show abstract

Data Poisoning Attacks on Federated Machine Learning

Cited by 141 publications

References 26 publications

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Covert Channel Attack to Federated Learning Systems

Byzantine-Robust Federated Learning with Optimal Statistical Rates and Privacy Guarantees

Contact Info

Product

Resources

About