Augmented Dual-Shuffle-based Moving Target Defense to Ensure CIA-triad in Federated Learning

Zhou, Z; Xu, C; Wang, M; Ma, T; Yu, S

Augmented Dual-Shuffle-based Moving Target Defense to Ensure CIA-triad in Federated Learning

Zhou, Z Xu, C Wang, M Ma, T Yu, S

Permalink

Publisher:: IEEE
Publication Type:: Conference Proceeding
Citation:: 2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings, 2022, 00
Issue Date:: 2022-01-01

Closed Access

	Filename	Description	Size
	Augmented_Dual-Shuffle-based_Moving_Target_Defense_to_Ensure_CIA-triad_in_Federated_Learning.pdf	Published version	5.25 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhou, Z
dc.contributor.author	Xu, C
dc.contributor.author	Wang, M
dc.contributor.author	Ma, T
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.date	2021-12-07
dc.date.accessioned	2023-04-06T03:31:21Z
dc.date.available	2023-04-06T03:31:21Z
dc.date.issued	2022-01-01
dc.identifier.citation	2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings, 2022, 00
dc.identifier.isbn	9781728181042
dc.identifier.issn	2334-0983
dc.identifier.issn	2576-6813
dc.identifier.uri	http://hdl.handle.net/10453/169297
dc.description.abstract	In today's 'Internet of Everything (IoE)' era, the collaboration from massive participants significantly boosts the performance and efficiency of model training. This trend also un-avoidably stirs up considerable concerns about multi-dimensional security problems. Under the circumstances, federated learning (FL) is enthusiastically adopted, as it protects privacy to a certain extent by only processing personal data locally. Nevertheless, FL's characteristics of concealment also pave the way for sev-eral emerging attacks during the training process, i.e., model inversion, poisoning, and backdoor. Currently, although partially mitigating attack effects, existing countermeasures against those threats are studied separately and orthogonal. This separation makes those defense methods mutually exclusive and restrictive in real-world application scenarios, far from satisfying. In this paper, we extensively model different attack paradigms into three types based on CIA-triad, the well-known information security primitive, and propose a novel dual-shuffle method to thwart aforementioned threats jointly. Concretely speaking, our primary model shuffling mechanism provides the confidentiality guarantee based on the information-theoretic notion of identifiability; then, an augmented client shuffling mechanism purges the user group of adversaries proactively without any compromise of anonymous constraints. By conducting a series of experiments on bench-mark datasets, we demonstrate that our method could achieve significant security and convergence performance against three state-of-the-art attacks.
dc.language	en
dc.publisher	IEEE
dc.relation.ispartof	2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings
dc.relation.ispartof	1 IEEE Global Communications Conference
dc.relation.ispartofseries	IEEE Global Communications Conference
dc.relation.isbasedon	10.1109/GLOBECOM46510.2021.9685154
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Augmented Dual-Shuffle-based Moving Target Defense to Ensure CIA-triad in Federated Learning
dc.type	Conference Proceeding
utslib.citation.volume	00
utslib.location.activity	Madrid, Spain
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2023-04-06T03:31:20Z
pubs.finish-date	2021-12-11
pubs.place-of-publication	Piscataway, USA
pubs.publication-status	Published
pubs.start-date	2021-12-07
pubs.volume	00
dc.location	Piscataway, USA

Abstract:

In today's 'Internet of Everything (IoE)' era, the collaboration from massive participants significantly boosts the performance and efficiency of model training. This trend also un-avoidably stirs up considerable concerns about multi-dimensional security problems. Under the circumstances, federated learning (FL) is enthusiastically adopted, as it protects privacy to a certain extent by only processing personal data locally. Nevertheless, FL's characteristics of concealment also pave the way for sev-eral emerging attacks during the training process, i.e., model inversion, poisoning, and backdoor. Currently, although partially mitigating attack effects, existing countermeasures against those threats are studied separately and orthogonal. This separation makes those defense methods mutually exclusive and restrictive in real-world application scenarios, far from satisfying. In this paper, we extensively model different attack paradigms into three types based on CIA-triad, the well-known information security primitive, and propose a novel dual-shuffle method to thwart aforementioned threats jointly. Concretely speaking, our primary model shuffling mechanism provides the confidentiality guarantee based on the information-theoretic notion of identifiability; then, an augmented client shuffling mechanism purges the user group of adversaries proactively without any compromise of anonymous constraints. By conducting a series of experiments on bench-mark datasets, we demonstrate that our method could achieve significant security and convergence performance against three state-of-the-art attacks.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/169297