Understanding Distributed Poisoning Attack in Federated Learning

Federated learning is inherently vulnerable to poisoning attacks, since no training samples will be released to and checked by trustworthy authority. Poisoning attacks are widely investigated in centralized learning paradigm, however distributed poisoning attacks, in which more than one attacker col...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) s. 233 - 239
Hlavní autoři: Cao, Di, Chang, Shan, Lin, Zhijian, Liu, Guohua, Sun, Donghong
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.12.2019
Témata:
attack success rate
defense
distributed poisoning attack
federated learning
label-flipping
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract Federated learning is inherently vulnerable to poisoning attacks, since no training samples will be released to and checked by trustworthy authority. Poisoning attacks are widely investigated in centralized learning paradigm, however distributed poisoning attacks, in which more than one attacker colludes with each other, and injects malicious training samples into local models of their own, may result in a greater catastrophe in federated learning intuitively. In this paper, through real implementation of a federated learning system and distributed poisoning attacks, we obtain several observations about the relations between the number of poisoned training samples, attackers, and attack success rate. Moreover, we propose a scheme, Sniper, to eliminate poisoned local models from malicious participants during training. Sniper identifies benign local models by solving a maximum clique problem, and suspected (poisoned) local models will be ignored during global model updating. Experimental results demonstrate the efficacy of Sniper. The attack success rates are reduced to around 2% even a third of participants are attackers.
AbstractList Federated learning is inherently vulnerable to poisoning attacks, since no training samples will be released to and checked by trustworthy authority. Poisoning attacks are widely investigated in centralized learning paradigm, however distributed poisoning attacks, in which more than one attacker colludes with each other, and injects malicious training samples into local models of their own, may result in a greater catastrophe in federated learning intuitively. In this paper, through real implementation of a federated learning system and distributed poisoning attacks, we obtain several observations about the relations between the number of poisoned training samples, attackers, and attack success rate. Moreover, we propose a scheme, Sniper, to eliminate poisoned local models from malicious participants during training. Sniper identifies benign local models by solving a maximum clique problem, and suspected (poisoned) local models will be ignored during global model updating. Experimental results demonstrate the efficacy of Sniper. The attack success rates are reduced to around 2% even a third of participants are attackers.
Author Lin, Zhijian
Cao, Di
Chang, Shan
Liu, Guohua
Sun, Donghong
Author_xml – sequence: 1
  givenname: Di
  surname: Cao
  fullname: Cao, Di
  organization: Donghua University
– sequence: 2
  givenname: Shan
  surname: Chang
  fullname: Chang, Shan
  organization: Donghua University
– sequence: 3
  givenname: Zhijian
  surname: Lin
  fullname: Lin, Zhijian
  organization: Donghua University
– sequence: 4
  givenname: Guohua
  surname: Liu
  fullname: Liu, Guohua
  organization: Donghua University
– sequence: 5
  givenname: Donghong
  surname: Sun
  fullname: Sun, Donghong
  organization: Tsinghua University
BookMark eNotjstKw0AYhUfQhdY-gSB5gcSZf-47Q2q1ELDQdl3m8lcGdSLJuPDtbdDVgfN9HM4NucxDRkLuGW0Yo_Zh023b1U5oo1UDlNmGUirggiytNkyDYSANZ9fk8ZAjjlNxOab8Vq3SVMbkvwvGajukachz25biwnuVcrXGs-1m2qMbZ3hLrk7uY8Llfy7IYf20717q_vV507V9nYDyUiMNoK2QQXBpJRgENEp7IaXlnksVkZ4UAKL3Dgyn4vwzRKWsBh-i5XxB7v52EyIev8b06cafo7Faagv8Fwo5R1Q
CODEN IEEPAD
ContentType Conference Proceeding
DBID 6IE
6IL
CBEJK
RIE
RIL
DOI 10.1109/ICPADS47876.2019.00042
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Xplore POP ALL
IEEE Xplore All Conference Proceedings
IEEE Electronic Library (IEL)
IEEE Proceedings Order Plans (POP All) 1998-Present
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
EISBN 9781728125831
1728125839
EndPage 239
ExternalDocumentID 8975792
Genre orig-research
GroupedDBID 6IE
6IL
CBEJK
RIE
RIL
ID FETCH-LOGICAL-i203t-e0c27945c4359528e2e867b45593b356de0f622eebba28304978cd66972bcd933
IEDL.DBID RIE
ISICitedReferencesCount 201
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000530854900033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
IngestDate Thu Jun 29 18:38:14 EDT 2023
IsPeerReviewed false
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-i203t-e0c27945c4359528e2e867b45593b356de0f622eebba28304978cd66972bcd933
PageCount 7
ParticipantIDs ieee_primary_8975792
PublicationCentury 2000
PublicationDate 2019-Dec
PublicationDateYYYYMMDD 2019-12-01
PublicationDate_xml – month: 12
  year: 2019
  text: 2019-Dec
PublicationDecade 2010
PublicationTitle 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS)
PublicationTitleAbbrev PADSW
PublicationYear 2019
Publisher IEEE
Publisher_xml – name: IEEE
Score 2.5309105
Snippet Federated learning is inherently vulnerable to poisoning attacks, since no training samples will be released to and checked by trustworthy authority. Poisoning...
SourceID ieee
SourceType Publisher
StartPage 233
SubjectTerms attack success rate
defense
distributed poisoning attack
federated learning
label-flipping
Title Understanding Distributed Poisoning Attack in Federated Learning
URI https://ieeexplore.ieee.org/document/8975792
WOSCitedRecordID wos000530854900033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEB5q8eBJpRXf7MGja3eTbR43S2tRkLKgld7KJpmVRdiVuvX3m9kuVcGLtzA5hJkhmUky3zcAV9IkUjnvAeuz9TCJlQ1Nrl3okwmhLEcXN7i1l0c5m6nFQqcduN5iYRCxKT7DGxo2f_musmt6KhsoLYdS-wN3R0q5wWq1oN840oOHcTqaPBHZDJUexLoh4mS_uqY0QWO6_7_lDqD_jb4L0m1cOYQOlj24nf9EoQQT4rulVlXogrSiiiCSjuo6s29BUQZT4ojIaLYlUH3tw3x69zy-D9vuB2HBIl6HGFnmN8vQJoSdZQoZKuFN668A3PChcBjlgjFEYzJi8aJWcdYJoSUz1mnOj6BbViUeQxBzn1YwboTOTZI4o3KnEo1RpqxPJ0x2Aj3Sfvm-IbhYtoqf_i0-gz0y76am4xy69WqNF7BrP-viY3XZeOULcJmPMA
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3fS8MwEA5jCvqksom_7YOP1rVJmiZvjs2x4RwFN9nbaJKrFKGT2fn3m-vKVPDFt3B5CHdHcpfkvu8IuYk1j6V1HjAuW_d5KI2vM2V9l0wIaRjYsMKtvYzjyUTO5yppkNstFgYAquIzuMNh9Zdvl2aNT2UdqeIoVu7A3Yk4p-EGrVXDfsNAdUa9pNt_RroZLD4IVUXFSX_1TanCxuDgfwsekvY3_s5LtpHliDSgaJH72U8citdHxltsVgXWS5ZYE4TSblmm5s3LC2-ALBEpztYUqq9tMhs8THtDv-5_4Oc0YKUPgaFuu0SGI3qWSqAghTOuuwQwzSJhIcgEpQBap8jjhc3ijBVCxVQbqxg7Js1iWcAJ8ULmEgvKtFCZ5txqmVnJFQSpNC6h0OkpaaH2i_cNxcWiVvzsb_E12RtOn8aL8WjyeE720dSbCo8L0ixXa7gku-azzD9WV5WHvgAUX5J3
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2019+IEEE+25th+International+Conference+on+Parallel+and+Distributed+Systems+%28ICPADS%29&rft.atitle=Understanding+Distributed+Poisoning+Attack+in+Federated+Learning&rft.au=Cao%2C+Di&rft.au=Chang%2C+Shan&rft.au=Lin%2C+Zhijian&rft.au=Liu%2C+Guohua&rft.date=2019-12-01&rft.pub=IEEE&rft.spage=233&rft.epage=239&rft_id=info:doi/10.1109%2FICPADS47876.2019.00042&rft.externalDocID=8975792