BadSFL: backdoor attack in scaffold federated learning
Federated learning (FL) enables the training of deep learning models on distributed clients aiming at the preservation of data privacy. However, malicious clients can potentially embed a backdoor functionality into the global model by uploading poisoned local models that cause target misclassificati...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/174843 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Federated learning (FL) enables the training of deep learning models on distributed clients aiming at the preservation of data privacy. However, malicious clients can potentially embed a backdoor functionality into the global model by uploading poisoned local models that cause target misclassification. Existing backdoor attacks primarily focus on FL scenarios with independently and identically distributed (IID) data, while real-world FL training data are typically NON-IID. Current NON-IID backdoor attack strategies suffer from limitations in effectiveness and durability. In this paper, we address this gap by proposing a novel backdoor attack BadSFL specifically targeting the FL framework with Scaffold aggregation algorithm tailed for NON-IID scenarios. Our strategy leverages a Generative Adversarial Network (GAN) based on the global model and achieves high accuracy in both backdoor and benign samples. It maintains stealthiness by selecting a specific feature as a backdoor trigger and utilizes Scaffold's control variate to predict the global model's convergence direction, ensuring the persistence of the backdoor function the within global model. Our evaluation results demonstrate the effectiveness of our attack with stealthiness, durability, and high accuracy in both backdoor and primary tasks. |
|---|