Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data
Federated learning (FL) allows multiple clients to train deep learning models collaboratively while protecting sensitive local datasets. However, FL has been highly susceptible to security for federated backdoor attacks (FBA) through injecting triggers and privacy for potential data leakage from upl...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8631 https://doi.org/10.1109/TIFS.2023.3326983 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9634 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-96342024-11-15T08:16:20Z Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data CHEN, Zekai YU, Shengxing FAN, Mingyuan LIU, Ximeng DENG, Robert H. Federated learning (FL) allows multiple clients to train deep learning models collaboratively while protecting sensitive local datasets. However, FL has been highly susceptible to security for federated backdoor attacks (FBA) through injecting triggers and privacy for potential data leakage from uploaded models in practical application scenarios. FBA defense strategies consider specific and limited attacker models, and a sufficient amount of noise injected can only mitigate rather than eliminate the attack. To address these deficiencies, we introduce a Robust Federated Backdoor Defense Scheme (RFBDS) and Privacy preserving RFBDS (PrivRFBDS) to ensure the elimination of adversarial backdoors. Our RFBDS to overcome FBA consists of amplified magnitude sparsification, adaptive OPTICS clustering, and adaptive clipping. The experimental evaluation of RFBDS is conducted on three benchmark datasets and an extensive comparison is made with state-of-the-art studies. The results demonstrate the promising defense performance from RFBDS, moderately improved by 31.75% similar to 73.75% in clustering defense methods, and 0.03% similar to 56.90% for Non-IID to the utmost extent for the average FBA success rate over MNIST, FMNIST, and CIFAR10. Besides, our privacy-preserving shuffling in PrivRFBDS maintains is 7.83e-5 similar to 0.42x that of state-of-the-art works. 2024-01-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/8631 info:doi/10.1109/TIFS.2023.3326983 https://doi.org/10.1109/TIFS.2023.3326983 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Federate learning backdoor defense distributed backdoor attack privacy-preserving heterogeneity data Information Security Numerical Analysis and Scientific Computing |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Federate learning backdoor defense distributed backdoor attack privacy-preserving heterogeneity data Information Security Numerical Analysis and Scientific Computing |
| spellingShingle |
Federate learning backdoor defense distributed backdoor attack privacy-preserving heterogeneity data Information Security Numerical Analysis and Scientific Computing CHEN, Zekai YU, Shengxing FAN, Mingyuan LIU, Ximeng DENG, Robert H. Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| description |
Federated learning (FL) allows multiple clients to train deep learning models collaboratively while protecting sensitive local datasets. However, FL has been highly susceptible to security for federated backdoor attacks (FBA) through injecting triggers and privacy for potential data leakage from uploaded models in practical application scenarios. FBA defense strategies consider specific and limited attacker models, and a sufficient amount of noise injected can only mitigate rather than eliminate the attack. To address these deficiencies, we introduce a Robust Federated Backdoor Defense Scheme (RFBDS) and Privacy preserving RFBDS (PrivRFBDS) to ensure the elimination of adversarial backdoors. Our RFBDS to overcome FBA consists of amplified magnitude sparsification, adaptive OPTICS clustering, and adaptive clipping. The experimental evaluation of RFBDS is conducted on three benchmark datasets and an extensive comparison is made with state-of-the-art studies. The results demonstrate the promising defense performance from RFBDS, moderately improved by 31.75% similar to 73.75% in clustering defense methods, and 0.03% similar to 56.90% for Non-IID to the utmost extent for the average FBA success rate over MNIST, FMNIST, and CIFAR10. Besides, our privacy-preserving shuffling in PrivRFBDS maintains is 7.83e-5 similar to 0.42x that of state-of-the-art works. |
| format |
text |
| author |
CHEN, Zekai YU, Shengxing FAN, Mingyuan LIU, Ximeng DENG, Robert H. |
| author_facet |
CHEN, Zekai YU, Shengxing FAN, Mingyuan LIU, Ximeng DENG, Robert H. |
| author_sort |
CHEN, Zekai |
| title |
Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| title_short |
Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| title_full |
Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| title_fullStr |
Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| title_full_unstemmed |
Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| title_sort |
privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/8631 https://doi.org/10.1109/TIFS.2023.3326983 |
| _version_ |
1816859134644977664 |