An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning

ROSZEL, Mary; NORVILL, Robert; STATE, Radu

doi:10.1007/978-3-031-13448-7_12

Demander un accès

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning

ROSZEL, Mary; NORVILL, Robert; STATE, Radu

2022 • In Torra, Vicenç (Ed.) Modeling Decisions for Artificial Intelligence - 19th International Conference, MDAI 2022, Proceedings

Peer reviewed

Permalien
https://hdl.handle.net/10993/60475

DOI
10.1007/978-3-031-13448-7_12

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

MDAI_Federated_Defenses-3.pdf

Postprint Auteur (15.12 MB)

Demander un accès

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Mots-clés :

Aggregation mechanism; Aggregation methods; Attacks scenarios; Backdoors; Fixed frequency; Learning settings; Machine learning models; Malicious participant; Model updates; Poisoning attacks; Theoretical Computer Science; Computer Science (all)

Résumé :

[en] Federated learning is a distributed setting where multiple participants jointly train a machine learning model without exchanging data. Recent work has found that federated learning is vulnerable to backdoor model poisoning attacks, where an attacker leverages the unique environment to submit malicious model updates. To address these malicious participants, several Byzantine-Tolerant aggregation methods have been applied to the federated learning setting, including Krum, Multi-Krum, RFA, and Norm-Difference Clipping. In this work, we analyze the effectiveness and limits of each aggregation method and provide a thorough analysis of their success in various fixed-frequency attack settings. Further, we analyze the fairness of such aggregation methods on the success of the model on its intended tasks. Our results indicate that only one defense can successfully mitigate attacks in all attack scenarios, but a significant fairness issue is observed, highlighting the issues with preventing malicious attacks in a federated setting.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

ROSZEL, Mary ; University of Luxembourg

NORVILL, Robert ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE

STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

Co-auteurs externes :

Langue du document :

Anglais

Titre :

An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning

Date de publication/diffusion :

30 août 2022

Nom de la manifestation :

Modeling Decisions for Artificial Intelligence - 19th International Conference, MDAI 2022

Lieu de la manifestation :

Sant Cugat, Esp

Date de la manifestation :

30-08-2022 => 02-09-2022

Manifestation à portée :

International

Titre de l'ouvrage principal :

Modeling Decisions for Artificial Intelligence - 19th International Conference, MDAI 2022, Proceedings

Editeur scientifique :

Torra, Vicenç

Maison d'édition :

Springer Science and Business Media Deutschland GmbH

ISBN/EAN :

978-3-03-113447-0

Peer reviewed :

Peer reviewed

URL complémentaire :

https://link.springer.com/content/pdf/10.1007/978-3-031-13448-7_12

Disponible sur ORBilu :

depuis le 01 mars 2024

Statistiques

Nombre de vues

67 (dont 1 Unilu)

Nombre de téléchargements

1 (dont 1 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

citations OpenAlex

citations WoS^™

Bibliographie

Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938–2948. PMLR (2020)
Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.: Analyzing federated learning through an adversarial lens. In: International Conference on Machine Learning, pp. 634–643. PMLR (2019)
Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. In: Proceedings of the 31st International Conference on Neural Information Processing Systems (2017)
Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: Byzantine gradient descent. Proc. ACM Measur. Anal. Comput. Syst. 1(2), 1–25 (2017)
Cohen, G., Afshar, S., Tapson, J., Van Schaik, A.: EMNIST: extending MNIST to handwritten letters. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 2921–2926. IEEE (2017)
Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to Byzantine Robust federated learning. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 1605–1622 (2020)
Fung, C., Yoon, C.J., Beschastnikh, I.: Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866 (2018)
Kairouz, P., et al.: Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977 (2019)
Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)
Kusetogullari, H., Yavariabdi, A., Cheddad, A., Grahn, H., Johan, H.: ARDIS: a Swedish historical handwritten digit dataset. Neural Comput. Appl. 32(21), 16505– 16518 (2020). https://doi.org/10.1007/s00521-019-04163-3
Li, L., Fan, Y., Tse, M., Lin, K.Y.: A review of applications in federated learning. Comput. Ind. Eng. 149, 106854 (2020)
Li, X., Huang, K., Yang, W., Wang, S., Zhang, Z.: On the convergence of FedAvg on Non-IID data. arXiv preprint arXiv:1907.02189 (2019)
Lim, W.Y.B., et al.: Federated learning in mobile edge networks: a comprehensive survey. IEEE Commun. Surv. Tutor. 22(3), 2031–2063 (2020)
Long, G., Tan, Y., Jiang, J., Zhang, C.: Federated learning for open banking. In: Yang, Q., Fan, L., Yu, H. (eds.) Federated Learning. LNCS (LNAI), vol. 12500, pp. 240–254. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63076-8 17
Luo, J., et al.: Real-world image datasets for federated learning. arXiv preprint arXiv:1910.11089 (2019)
McMahan, B., Moore, E., Ramage, D., Hampson, S., Aguera y Arcas, B.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282. PMLR (2017)
Paszke, A., et al.: PyTorch: an imperative style, high-performance deep learning library. In: Advances in Neural Information Processing Systems, vol. 32, pp. 8026– 8037 (2019)
Pillutla, K., Kakade, S.M., Harchaoui, Z.: Robust aggregation for federated learning. arXiv preprint arXiv:1912.13445 (2019)
Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)
Sun, Z., Kairouz, P., Suresh, A.T., McMahan, H.B.: Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019)
Wang, H., et al.: Attack of the tails: yes, you really can backdoor federated learning. arXiv preprint arXiv:2007.05084 (2020)
Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650–5659. PMLR (2018)