Litcius/Paper detail

Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning

Virat Shejwalkar, Amir Houmansadr

2021506 citationsDOIOpen Access PDF

Abstract

Federated learning (FL) enables many data owners (e.g., mobile devices) to train a joint ML model (e.g., a nextword prediction classifier) without the need of sharing their private training data. However, FL is known to be susceptible to poisoning attacks by malicious participants (e.g., adversaryowned mobile devices) who aim at hampering the accuracy of the jointly trained model through sending malicious inputs during the federated training process. In this paper, we present a generic framework for model poisoning attacks on FL. We show that our framework leads to poisoning attacks that substantially outperform state-of-the-art model poisoning attacks by large margins. For instance, our attacks result in 1.5 to 60 higher reductions in the accuracy of FL models compared to previously discovered poisoning attacks.

Topics & Concepts

Computer scienceByzantine fault toleranceComputer securityByzantine architectureFederated learningArtificial intelligenceDistributed computingFault toleranceAncient historyHistoryAdversarial Robustness in Machine LearningPrivacy-Preserving Technologies in DataNetwork Security and Intrusion Detection