DeSMP: Differential Privacy-exploited Stealthy Model Poisoning Attacks in Federated Learning

Tamjid, Hossain, Md; Islam, Shafkat; Badsha, Shahriar; Shen, Haoting

doi:10.48550/arxiv.2109.09955

Cited by 2 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Trimmed mean [28], Median [28], etc.) or ( 3) state-of-theart DPFL aggregation methods [12], [15]. Particularly, we focus on the aggregation scheme of [12] which proposes to add a bounded DP-noise to the sum of the all clipped local updates, ∆w n to form a global model, ∆w g .…”

Section: Privacy Preserved Aggregation Rules In Flmentioning

confidence: 99%

“…For a comprehensive understanding of recently discovered DP-exploited poisoning attacks [13], [14], [15], [29], we can consider Fig. 3 where multiple edge nodes are collaboratively updating the global model.…”

Section: Basic Mechanism Of Dp-exploited Poison-ing Attacksmentioning

confidence: 99%

“…However, recent research on the privacy and security challenges in the CPCI domain points out the vulnerability and the exploitation opportunity of the DP-mechanism to conduct devastating poisoning attacks [13], [14]. Particularly, in FL-based CPCIs [4], [5], [6], where the model is trained on a diffuse network of edge devices using local data, DP can introduce new attack vectors for conducting stealthy poisoning attacks [15], [16]. Therefore, although DP can effectively act against certain privacy-violating attacks (e.g., membership inference attacks (MIAs)) in CPCIs [12], [14], it can be exploited to falsify the sensor data (data poisoning) or manipulate the local model parameters (model poisoning) through stealthy poisoning.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures

Tamjid¹,

Badsha²,

Hung³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Differential privacy (DP) is considered to be an effective privacy-preservation method to secure the promising distributed machine learning (ML) paradigm-federated learning (FL) from privacy attacks (e.g., membership inference attack). Nevertheless, while the DP mechanism greatly alleviates the privacy concerns, recent studies have shown that it can be exploited to conduct security attacks (e.g., false data injection attacks). To address such attacks on FL-based applications in critical infrastructures, in this paper, we perform the first systematic study on the DP-exploited poisoning attacks from an adversarial point of view. We demonstrate that the DP method, despite providing a level of privacy guarantee, can effectively open a new poisoning attack vector for the adversary. Our theoretical analysis and empirical evaluation on a smart grid dataset show the FL performance degradation (sub-optimal model generation) scenario due to the differential noise-exploited selective model poisoning attacks. As a countermeasure, we propose a reinforcement learning-based differential privacy level selection (rDP) process. The rDP process utilizes the differential privacy parameters (privacy loss, information leakage probability, etc.) and the losses to intelligently generate an optimal privacy level for the nodes. The evaluation shows the accumulated reward and errors of the proposed technique converge to an optimal privacy policy.

show abstract

Section: Privacy Preserved Aggregation Rules In Flmentioning

confidence: 99%

Section: Basic Mechanism Of Dp-exploited Poison-ing Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures

Tamjid¹,

Badsha²,

Hung³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, defenses have arisen towards this Boosting-based model replacement attacks because it increases the l n norm of the vector of weights (see Section VI). Additionally, several proposed stealthy techniques evaded such defenses [48], [49], [50], [51], [52], [53]. Furthermore, [54] proposed Sybils that evaded and improved attacks quality.…”

Section: A Targeting Integrity and Availabilitymentioning

confidence: 99%

On the Security & Privacy in Federated Learning

Abad¹,

Picek²,

Ramírez-Durán³

et al. 2021

Preprint

View full text Add to dashboard Cite

Advances in Machine Learning (ML) and its wide range of applications boosted its popularity. Recent privacy awareness initiatives as the EU General Data Protection Regulation (GDPR) -European Parliament and Council Regulation No 2016/679, subdued ML to privacy and security assessments. Federated Learning (FL) grants a privacy-driven, decentralized training scheme that improves ML models' security. The industry's fast-growing adaptation and security evaluations of FL technology exposed various vulnerabilities. Depending on the FL phase, i.e., training or inference, the adversarial actor capabilities, and the attack type threaten FL's confidentiality, integrity, or availability (CIA). Therefore, the researchers apply the knowledge from distinct domains as countermeasures, like cryptography and statistics.This work assesses the CIA of FL by reviewing the state-of-theart (SoTA) for creating a threat model that embraces the attack's surface, adversarial actors, capabilities, and goals. We propose the first unifying taxonomy for attacks and defenses by applying this model. Additionally, we provide critical insights extracted by applying the suggested novel taxonomies to the SoTA, yielding promising future research directions.

show abstract

DeSMP: Differential Privacy-exploited Stealthy Model Poisoning Attacks in Federated Learning

Cited by 2 publications

References 20 publications

Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures

Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures

On the Security & Privacy in Federated Learning

Contact Info

Product

Resources

About