BADFL: Backdoor attack defense in federated learning from local model perspective

BADFL: Backdoor attack defense in federated learning from local model perspective

There is substantial attention to federated learning with its ability to train a powerful global model collaboratively while protecting data privacy. Despite its many advantages, federated learning is vulnerable to backdoor attacks, where an adversary injects malicious weights into the global model,...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Haiyan, LI, Xinghua, XU, Mengfan, LIU, Ximeng, WU, Tong, WENG, Jian, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2024
Subjects:
Servers
Artificial Neural Networks
Accuracy
Training
Fires
Anomaly Detection
Adaptation Models
Federated Learning
Backdoor Attack
Clustering
Interpretability
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/9535
https://ink.library.smu.edu.sg/context/sis_research/article/10535/viewcontent/BADFL_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-10535
record_format dspace
spelling sg-smu-ink.sis_research-105352024-11-15T07:32:01Z BADFL: Backdoor attack defense in federated learning from local model perspective ZHANG, Haiyan LI, Xinghua XU, Mengfan LIU, Ximeng WU, Tong WENG, Jian DENG, Robert H. There is substantial attention to federated learning with its ability to train a powerful global model collaboratively while protecting data privacy. Despite its many advantages, federated learning is vulnerable to backdoor attacks, where an adversary injects malicious weights into the global model, making the global model's targeted predictions incorrect. Existing defenses based on identifying and eliminating malicious weights ignore the similarity variation of the local weights during iterations in the malicious model detection and the presence of benign weights in the malicious model during the malicious local weight elimination, resulting in a poor defense and a degradation of global model accuracy. In this paper, we defend against backdoor attacks from the perspective of local models. First, a malicious model detection method based on interpretability techniques is proposed. The method appends a sampling check after clustering to identify malicious models accurately. We further design a malicious local weight elimination method based on local weight contributions. This method preserves the benign weights in the malicious model to maintain their contributions to the global model. Finally, we analyze the security of the proposed method in terms of model closeness and then verify the effectiveness of the proposed method through experiments. In comparison with existing defenses, the results show that BADFL improves the global model accuracy by 23.14% while reducing the attack success rate to 0.04% in the best case. 2024-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9535 info:doi/10.1109/TKDE.2024.3420778 https://ink.library.smu.edu.sg/context/sis_research/article/10535/viewcontent/BADFL_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Servers Artificial Neural Networks Accuracy Training Fires Anomaly Detection Adaptation Models Federated Learning Backdoor Attack Clustering Interpretability Federated Learning Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Servers
Artificial Neural Networks
Accuracy
Training
Fires
Anomaly Detection
Adaptation Models
Federated Learning
Backdoor Attack
Clustering
Interpretability
Federated Learning
Information Security
spellingShingle Servers
Artificial Neural Networks
Accuracy
Training
Fires
Anomaly Detection
Adaptation Models
Federated Learning
Backdoor Attack
Clustering
Interpretability
Federated Learning
Information Security
ZHANG, Haiyan
LI, Xinghua
XU, Mengfan
LIU, Ximeng
WU, Tong
WENG, Jian
DENG, Robert H.
BADFL: Backdoor attack defense in federated learning from local model perspective
description There is substantial attention to federated learning with its ability to train a powerful global model collaboratively while protecting data privacy. Despite its many advantages, federated learning is vulnerable to backdoor attacks, where an adversary injects malicious weights into the global model, making the global model's targeted predictions incorrect. Existing defenses based on identifying and eliminating malicious weights ignore the similarity variation of the local weights during iterations in the malicious model detection and the presence of benign weights in the malicious model during the malicious local weight elimination, resulting in a poor defense and a degradation of global model accuracy. In this paper, we defend against backdoor attacks from the perspective of local models. First, a malicious model detection method based on interpretability techniques is proposed. The method appends a sampling check after clustering to identify malicious models accurately. We further design a malicious local weight elimination method based on local weight contributions. This method preserves the benign weights in the malicious model to maintain their contributions to the global model. Finally, we analyze the security of the proposed method in terms of model closeness and then verify the effectiveness of the proposed method through experiments. In comparison with existing defenses, the results show that BADFL improves the global model accuracy by 23.14% while reducing the attack success rate to 0.04% in the best case.
format text
author ZHANG, Haiyan
LI, Xinghua
XU, Mengfan
LIU, Ximeng
WU, Tong
WENG, Jian
DENG, Robert H.
author_facet ZHANG, Haiyan
LI, Xinghua
XU, Mengfan
LIU, Ximeng
WU, Tong
WENG, Jian
DENG, Robert H.
author_sort ZHANG, Haiyan
title BADFL: Backdoor attack defense in federated learning from local model perspective
title_short BADFL: Backdoor attack defense in federated learning from local model perspective
title_full BADFL: Backdoor attack defense in federated learning from local model perspective
title_fullStr BADFL: Backdoor attack defense in federated learning from local model perspective
title_full_unstemmed BADFL: Backdoor attack defense in federated learning from local model perspective
title_sort badfl: backdoor attack defense in federated learning from local model perspective
publisher Institutional Knowledge at Singapore Management University
publishDate 2024
url https://ink.library.smu.edu.sg/sis_research/9535
https://ink.library.smu.edu.sg/context/sis_research/article/10535/viewcontent/BADFL_av.pdf
_version_ 1816859125566406656

Similar Items