Articles producció científicaEnginyeria Informàtica i Matemàtiques

FL-Defender: Combating targeted attacks in federated learning

  • Dades identificatives

    Identificador:  imarina:9287550
    Handlehttps://hdl.handle.net/20.500.11797/imarina9287550
    Autors:  Jebreel, Najeeb Moharram; Domingo-Ferrer, Josep
    Resum:
    Federated learning (FL) enables learning a global machine learning model from data distributed among a set of participating workers. This makes it possible (i) to train more accurate models due to learning from rich, joint training data and (ii) to improve privacy by not sharing the workers’ local private data with others. However, the distributed nature of FL makes it vulnerable to targeted poisoning attacks that negatively impact on the integrity of the learned model while, unfortunately, being difficult to detect. Existing defenses against those attacks are limited by assumptions on the workers’ data distribution and/or are ill-suited to high-dimensional models. In this paper, we analyze targeted attacks against FL, specifically label-flipping and backdoor attacks, and find that the neurons in the last layer of a deep learning (DL) model that are related to these attacks exhibit a different behavior from the unrelated neurons. This makes the last-layer gradients valuable features for attack detection. Accordingly, we propose FL-Defender to combat FL targeted attacks. It consists of (i) engineering robust discriminative features by calculating the worker-wise angle similarity for the workers’ last-layer gradients, (ii) compressing the resulting similarity vectors using PCA to reduce redundant information, and (iii) re-weighting the workers’ updates based on their deviation from the centroid of the compressed similarity vectors. Experiments on three data sets show the effectiveness of our method in defending against label-flipping and backdoor attacks. Compared to several state-of-the-art defenses, FL-Defender achieves the lowest attack success rates while maintaining the main task accuracy.

  • Altres:

    Enllaç font original: https://www.sciencedirect.com/science/article/abs/pii/S0950705122012746
    Referència de l'ítem segons les normes APA: Jebreel, Najeeb Moharram; Domingo-Ferrer, Josep (2023). FL-Defender: Combating targeted attacks in federated learning. Knowledge-Based Systems, 260(), 110178-. DOI: 10.1016/j.knosys.2022.110178
    Referència a l'article segons font original: Knowledge-Based Systems. 260 110178-
    DOI de l'article: 10.1016/j.knosys.2022.110178
    Any de publicació de la revista: 2023
    Entitat: Universitat Rovira i Virgili
    Versió de l'article dipositat: info:eu-repo/semantics/acceptedVersion
    Data d'alta del registre: 2024-10-12
    Autor/s de la URV: Domingo Ferrer, Josep
    Departament: Enginyeria Informàtica i Matemàtiques
    URL Document de llicència: https://repositori.urv.cat/ca/proteccio-de-dades/
    Tipus de publicació: Journal Publications
    Autor segons l'article: Jebreel, Najeeb Moharram; Domingo-Ferrer, Josep
    Accès a la llicència d'ús: https://creativecommons.org/licenses/by/3.0/es/
    Àrees temàtiques: Software, Matemática / probabilidade e estatística, Management information systems, Interdisciplinar, Information systems and management, Información y documentación, Engenharias iv, Engenharias iii, Economia, Computer science, artificial intelligence, Ciencias sociales, Ciências biológicas i, Ciência da computação, Astronomia / física, Artificial intelligence, Administração pública e de empresas, ciências contábeis e turismo
    Adreça de correu electrònic de l'autor: josep.domingo@urv.cat

  • Paraules clau:

    Targeted poisoning attacks
    Security and robustness
    Label-flipping attacks
    Federated learning
    Backdoor attacks
    Artificial Intelligence
    Computer Science
    Information Systems and Management
    Management Information Systems
    Software
    Matemática / probabilidade e estatística
    Interdisciplinar
    Información y documentación
    Engenharias iv
    Engenharias iii
    Economia
    Ciencias sociales
    Ciências biológicas i
    Ciência da computação
    Astronomia / física
    Administração pública e de empresas
    ciências contábeis e turismo

  • Documents:

    DocumentPrincipal

  • Cerca a google

    Search to google scholar