Defending Poisoning Attacks in Federated Learning via Adversarial Training Method

Zhang, J; Wu, D; Liu, C; Chen, B

Defending Poisoning Attacks in Federated Learning via Adversarial Training Method

Zhang, J Wu, D Liu, C Chen, B

Permalink

Publisher:: Springer
Publication Type:: Conference Proceeding
Citation:: Frontiers in Cyber Security, 2020, 1286, pp. 83-94
Issue Date:: 2020-01-01

Closed Access

	Filename	Description	Size
	Binder2.pdf	Published version	905.67 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhang, J
dc.contributor.author	Wu, D
dc.contributor.author	Liu, C
dc.contributor.author	Chen, B
dc.date	2020-11-15
dc.date.accessioned	2023-01-06T02:45:47Z
dc.date.available	2023-01-06T02:45:47Z
dc.date.issued	2020-01-01
dc.identifier.citation	Frontiers in Cyber Security, 2020, 1286, pp. 83-94
dc.identifier.isbn	9789811597381
dc.identifier.issn	1865-0929
dc.identifier.issn	1865-0937
dc.identifier.uri	http://hdl.handle.net/10453/164739
dc.description.abstract	Recently, federated learning has shown its significant advantages in protecting training data privacy by maintaining a joint model across multiple clients. However, its model security issues have not only been recently explored but shown that federated learning exhibits inherent vulnerabilities on the active attacks launched by malicious participants. Poisoning is one of the most powerful active attacks where an inside attacker can upload the crafted local model updates to further impact the global model performance. In this paper, we first illustrate how the poisoning attack works in the context of federated learning. Then, we correspondingly propose a defense method that mainly relies upon a well-researched adversarial training technique: pivotal training, which improves the robustness of the global model with poisoned local updates. The main contribution of this work is that the countermeasure method is simple and scalable since it does not require complex accuracy validations, while only changing the optimization objectives and loss functions. We finally demonstrate the effectiveness of our proposed mitigation mechanisms through extensive experiments.
dc.language	en
dc.publisher	Springer
dc.relation.ispartof	Frontiers in Cyber Security
dc.relation.ispartof	International Conference on Frontiers in Cyber Security
dc.relation.ispartofseries	Communications in Computer and Information Science
dc.relation.isbasedon	10.1007/978-981-15-9739-8_7
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Defending Poisoning Attacks in Federated Learning via Adversarial Training Method
dc.type	Conference Proceeding
utslib.citation.volume	1286
utslib.location.activity	Tianjin, China
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2023-01-06T02:45:46Z
pubs.finish-date	2020-11-17
pubs.place-of-publication	Switzerland
pubs.publication-status	Published
pubs.start-date	2020-11-15
pubs.volume	1286
dc.location	Switzerland

Abstract:

Recently, federated learning has shown its significant advantages in protecting training data privacy by maintaining a joint model across multiple clients. However, its model security issues have not only been recently explored but shown that federated learning exhibits inherent vulnerabilities on the active attacks launched by malicious participants. Poisoning is one of the most powerful active attacks where an inside attacker can upload the crafted local model updates to further impact the global model performance. In this paper, we first illustrate how the poisoning attack works in the context of federated learning. Then, we correspondingly propose a defense method that mainly relies upon a well-researched adversarial training technique: pivotal training, which improves the robustness of the global model with poisoned local updates. The main contribution of this work is that the countermeasure method is simple and scalable since it does not require complex accuracy validations, while only changing the optimization objectives and loss functions. We finally demonstrate the effectiveness of our proposed mitigation mechanisms through extensive experiments.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/164739