Leveraging inter- and intra-class distances for poisoning attacks

Bel Ribes, Eduard Josep

Belongs to TFM:SerieGeneralMESIIA collection

TITLE:

Leveraging inter- and intra-class distances for poisoning attacks - TFM:1634

Handle:

https://hdl.handle.net/20.500.11797/TFM1634

Student:	Bel Ribes, Eduard Josep
Language:	en
Title in original language:	Leveraging inter- and intra-class distances for poisoning attacks
Keywords:	Federated Learning, Label Flipping, Machine Learning
Subject:	Enginyeria informàtica
Abstract:	In the interconnected world we live in, Artificial Intelligence (AI) and Machine Learning (ML) have revolutionised our interactions with technology. Among emerging paradigms, Federated Learning (FL) is a new approach to train ML models in a decentralised way. FL allows ML models to obtain responses from users' data without compromising their privacy, making it essential for applications such as predictive text keyboards, speech recognition systems, and even disease diagnostic models. However, the intrinsic decentralisation of FL also exposes it to security vulnerabilities. This research is motivated by the need to understand and address these vulnerabilities as FL is increasingly integrated into real-world applications, including critical systems such as autonomous driving vehicles. The main objective of this study is to investigate the vulnerabilities faced by FL systems and identify strategies to effectively mitigate possible attacks. Specifically, we explore the feasibility of intelligent label-flipping techniques compared to brute force methods when attacking FL systems. Our goal is to determine whether a strategic selection of samples for label-flipping can produce more successful attacks than indiscriminate label-flipping. In this thesis, we have conducted experiments on label-flipping attacks and can draw two key conclusions. First, we found that the effectiveness of label-flipping attacks increases as the number of samples with flipped labels rises, particularly in scenarios with numerous attackers and weak defences. Second, our proposed stealthier attacks exhibit greater resilience against defence mechanisms compared to the standard attack.
Project director:	Blanco Justicia, Alberto
Department:	Enginyeria Informàtica i Matemàtiques
Education area(s):	Enginyeria de la Seguretat Informàtica i Intel·ligència Artificial
Entity:	Universitat Rovira i Virgili (URV)
Work's public defense date:	2023-09-15
Academic year:	2022-2023
Confidenciality:	No
Subject areas:	Computer engineering
APS:	No
Creation date in repository:	2024-04-09
Access Rights:	info:eu-repo/semantics/openAccess

Search your record at:

Available files
File	Description	Format
Memòria	Memory	application/pdf

All objects of this collection

Coverage:	No
Type:	info:eu-repo/semantics/masterThesis
Títol:	Leveraging inter- and intra-class distances for poisoning attacks
Contributor:	Blanco Justicia, Alberto
Subject:	Enginyeria informàtica Computer engineering Ingeniería informática Enginyeria informàtica
Date:	2023-09-15
Language:	en
Format:	Universitat Rovira i Virgili (URV)
Creator:	Bel Ribes, Eduard Josep
Rights:	info:eu-repo/semantics/openAccess

Information