Model Poisoning Defense on Federated Learning: A Validation Based Approach

Wang, Y; Zhu, T; Chang, W; Shen, S; Ren, W

Model Poisoning Defense on Federated Learning: A Validation Based Approach

Wang, Y Zhu, T Chang, W Shen, S Ren, W

Permalink

Publisher:: Springer International Publishing
Publication Type:: Conference Proceeding
Citation:: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2020, 12570 LNCS, pp. 207-223
Issue Date:: 2020-01-01

Closed Access

	Filename	Description	Size
	Pages from 2020_Book_NetworkAndSystemSecurity-2.pdf	Published version	1.78 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Wang, Y
dc.contributor.author	Zhu, T
dc.contributor.author	Chang, W
dc.contributor.author	Shen, S
dc.contributor.author	Ren, W
dc.date.accessioned	2021-02-15T19:40:37Z
dc.date.available	2021-02-15T19:40:37Z
dc.date.issued	2020-01-01
dc.identifier.citation	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2020, 12570 LNCS, pp. 207-223
dc.identifier.isbn	9783030657444
dc.identifier.issn	0302-9743
dc.identifier.issn	1611-3349
dc.identifier.uri	http://hdl.handle.net/10453/146115
dc.description.abstract	© 2020, Springer Nature Switzerland AG. Federated learning is an improved distributed machine learning approach for privacy preservation. All clients collaboratively train the model using on-device data, and the centralized server only aggregates clients’ training results instead of collecting their data. However, there is a serious shortcoming for federated learning that the centralized server cannot detect the validity of clients’ training data and correctness of training results due to its limitation on monitoring clients’ training processes. Federated learning is vulnerable to some attacks when attackers maliciously manipulate training data or updates, such as model poisoning attacks. Attackers who execute model poisoning attacks can negatively affect the global models’ performance on a targeted class by manipulating the label of this class at one or more clients. Currently, there is a gap in the defense methods against model poisoning attacks in federated learning. To address the above shortcoming, we propose an effective defense method against model poisoning attack in federated learning in this paper. We validate each client’s local model with a validation set. The server will only receive updates from well-performing clients to protect against model poisoning attacks. We consider the following two cases: all clients have a very similar distribution of training data and all clients have a very different distribution of training data, and design our methods and experiments for both cases. The experimental results show that our defense method can significantly reduce the success rate of model poisoning attacks in both cases in a federated learning setting.
dc.language	en
dc.publisher	Springer International Publishing
dc.relation.ispartof	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
dc.relation.isbasedon	10.1007/978-3-030-65745-1_12
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject.classification	Artificial Intelligence & Image Processing
dc.title	Model Poisoning Defense on Federated Learning: A Validation Based Approach
dc.type	Conference Proceeding
utslib.citation.volume	12570 LNCS
pubs.organisational-group	/University of Technology Sydney
utslib.copyright.status	closed_access	*
dc.date.updated	2021-02-15T19:40:06Z
pubs.publication-status	Published
pubs.volume	12570 LNCS

Abstract:

© 2020, Springer Nature Switzerland AG. Federated learning is an improved distributed machine learning approach for privacy preservation. All clients collaboratively train the model using on-device data, and the centralized server only aggregates clients’ training results instead of collecting their data. However, there is a serious shortcoming for federated learning that the centralized server cannot detect the validity of clients’ training data and correctness of training results due to its limitation on monitoring clients’ training processes. Federated learning is vulnerable to some attacks when attackers maliciously manipulate training data or updates, such as model poisoning attacks. Attackers who execute model poisoning attacks can negatively affect the global models’ performance on a targeted class by manipulating the label of this class at one or more clients. Currently, there is a gap in the defense methods against model poisoning attacks in federated learning. To address the above shortcoming, we propose an effective defense method against model poisoning attack in federated learning in this paper. We validate each client’s local model with a validation set. The server will only receive updates from well-performing clients to protect against model poisoning attacks. We consider the following two cases: all clients have a very similar distribution of training data and all clients have a very different distribution of training data, and design our methods and experiments for both cases. The experimental results show that our defense method can significantly reduce the success rate of model poisoning attacks in both cases in a federated learning setting.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/146115