Detecting and mitigating poisoning attacks in federated learning using generative adversarial networks

Zhao, Y; Chen, J; Zhang, J; Wu, D; Blumenstein, M; Yu, S

Detecting and mitigating poisoning attacks in federated learning using generative adversarial networks

Zhao, Y Chen, J Zhang, J Wu, D Blumenstein, M

Yu, S

Permalink

Publisher:: WILEY
Publication Type:: Journal Article
Citation:: Concurrency Computation, 2022, 34, (7)
Issue Date:: 2022-03-22

Closed Access

	Filename	Description	Size
	Concurrency and Computation - 2020 - Zhao - Detecting and mitigating poisoning attacks in federated learning using.pdf	Published version	5.65 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhao, Y
dc.contributor.author	Chen, J
dc.contributor.author	Zhang, J
dc.contributor.author	Wu, D
dc.contributor.author	Blumenstein, M https://orcid.org/0000-0002-9908-3744
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.date.accessioned	2023-03-24T05:42:23Z
dc.date.available	2023-03-24T05:42:23Z
dc.date.issued	2022-03-22
dc.identifier.citation	Concurrency Computation, 2022, 34, (7)
dc.identifier.issn	1532-0626
dc.identifier.issn	1532-0634
dc.identifier.uri	http://hdl.handle.net/10453/168340
dc.description.abstract	In the age of the Internet of Things (IoT), large numbers of sensors and edge devices are deployed in various application scenarios; Therefore, collaborative learning is widely used in IoT to implement crowd intelligence by inviting multiple participants to complete a training task. As a collaborative learning framework, federated learning is designed to preserve user data privacy, where participants jointly train a global model without uploading their private training data to a third party server. Nevertheless, federated learning is under the threat of poisoning attacks, where adversaries can upload malicious model updates to contaminate the global model. To detect and mitigate poisoning attacks in federated learning, we propose a poisoning defense mechanism, which uses generative adversarial networks to generate auditing data in the training procedure and removes adversaries by auditing their model accuracy. Experiments conducted on two well-known datasets, MNIST and Fashion-MNIST, suggest that federated learning is vulnerable to the poisoning attack, and the proposed defense method can detect and mitigate the poisoning attack.
dc.language	English
dc.publisher	WILEY
dc.relation.ispartof	Concurrency Computation
dc.relation.isbasedon	10.1002/cpe.5906
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0801 Artificial Intelligence and Image Processing, 0803 Computer Software, 0805 Distributed Computing
dc.subject.classification	Distributed Computing
dc.title	Detecting and mitigating poisoning attacks in federated learning using generative adversarial networks
dc.type	Journal Article
utslib.citation.volume	34
utslib.for	0801 Artificial Intelligence and Image Processing
utslib.for	0803 Computer Software
utslib.for	0805 Distributed Computing
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - AAII - Australian Artificial Intelligence Institute
pubs.organisational-group	/University of Technology Sydney/Strength - QSI - Centre for Quantum Software and Information
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2023-03-24T05:42:14Z
pubs.issue	7
pubs.publication-status	Published
pubs.volume	34
utslib.citation.issue	7

Abstract:

In the age of the Internet of Things (IoT), large numbers of sensors and edge devices are deployed in various application scenarios; Therefore, collaborative learning is widely used in IoT to implement crowd intelligence by inviting multiple participants to complete a training task. As a collaborative learning framework, federated learning is designed to preserve user data privacy, where participants jointly train a global model without uploading their private training data to a third party server. Nevertheless, federated learning is under the threat of poisoning attacks, where adversaries can upload malicious model updates to contaminate the global model. To detect and mitigate poisoning attacks in federated learning, we propose a poisoning defense mechanism, which uses generative adversarial networks to generate auditing data in the training procedure and removes adversaries by auditing their model accuracy. Experiments conducted on two well-known datasets, MNIST and Fashion-MNIST, suggest that federated learning is vulnerable to the poisoning attack, and the proposed defense method can detect and mitigate the poisoning attack.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/168340