Data Poisoning Attacks Against Federated Learning Systems

Tolpegin, Vale; Truex, Stacey; Gürsoy, Mehmet Emre; Liu, Ling

doi:10.1007/978-3-030-58951-6_24

Cited by 422 publications

(324 citation statements)

References 37 publications

(38 reference statements)

Supporting

Mentioning

263

Contrasting

Order By: Relevance

“…Data poisoning attacks have been demonstrated to many machine learning systems such as spam detection [32], [35], SVM [8], recommender systems [16], [17], [25], [45], neural networks [11], [18], [27], [30], [36], [37], and graph-based methods [20], [41], [49], as well as distributed privacy-preserving data analytics [10], [14]. FL is also vulnerable to data poisoning attacks [38], i.e., malicious clients can corrupt the global model via modifying, adding, and/or deleting examples in their local training datasets. For instance, a data poisoning attack known as label flipping attack changes the labels of the training examples on malicious clients while keeping their features unchanged.…”

Section: B Poisoning Attacks To Federated Learningmentioning

confidence: 99%

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

Cao

Fang

Liu

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

261

134

View full text Add to dashboard Cite

Section: B Poisoning Attacks To Federated Learningmentioning

confidence: 99%

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

Cao

Fang

Liu

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

261

134

View full text Add to dashboard Cite

“…Other researchers surveyed sub-problems of federated learning. For example, we find [ 18 ] focuses on personalization techniques in FL, while [ 19 ] focuses on data poisoning attacks against FL systems.…”

Section: Major Contributions Of the Papermentioning

confidence: 99%

“…Although FL appears to ensure that data remain on-premises, recent studies have shown that there is still the possibility of an actor exploiting the shared updates to extract confidential data, maliciously influencing the model output, or causing other harm such as model malfunctioning. Based on the timing of the attack in respect to the model life cycle, major attacks can be categorized into: Attacks taking place during the model aggregation phase [ 19 , 95 , 96 ] Attacks taking place after the model is deployed [ 97 , 98 , 99 , 100 , 101 , 102 ] …”

Section: Challenges Of Federated Learning and Relevant Research Workmentioning

confidence: 99%

See 1 more Smart Citation

Rebirth of Distributed AI—A Review of eHealth Research

Khan

Alkaabi

2021

Sensors

View full text Add to dashboard Cite

The envisioned smart city domains are expected to rely heavily on artificial intelligence and machine learning (ML) approaches for their operations, where the basic ingredient is data. Privacy of the data and training time have been major roadblocks to achieving the specific goals of each application domain. Policy makers, the research community, and the industrial sector have been putting their efforts into addressing these issues. Federated learning, with its distributed and local training approach, stands out as a potential solution to these challenges. In this article, we discuss the potential interplay of different technologies and AI for achieving the required features of future smart city services. Having discussed a few use-cases for future eHealth, we list design goals and technical requirements of the enabling technologies. The paper confines its focus on federated learning. After providing the tutorial on federated learning, we analyze the Federated Learning research literature. We also highlight the challenges. A solution sketch and high-level research directions may be instrumental in addressing the challenges.

show abstract

“…Data poisoning attacks can either be targeted or untargeted. Data poisoning attacks have been largely studied in the literature [93]- [96] and to counter such attacks, several defense strategies have been proposed in the literature [21]- [23]. These works proposed different aggregation rules that improve the robustness of the models against data poisoning attacks.…”

Section: A Background Related To Security Of Flmentioning

confidence: 99%

Incentive-Driven Federated Learning and Associated Security Challenges: A Systematic Review

Ali¹,

Ilahi²,

Qayyum³

et al. 2021

Preprint

View full text Add to dashboard Cite

In response to various privacy risks, researchers and practitioners have been exploring different paradigms that can leverage the increased computational capabilities of consumer devices to train machine (ML) learning models in a distributed fashion without requiring the uploading of the training data from individual devices to central facilities. For this purpose, federated learning (FL) was proposed as a technique that can learn a global machine model at a central master node by the aggregation of models trained locally using private data. However, organizations may be reluctant to train models locally and to share these local ML models due to required computational resources for model training at their end and due to privacy risks that may result from adversaries inverting these models to infer information about the private training data. Incentive mechanisms have been proposed to motivate end users to participate in collaborative training of ML models (using their local data) in return for certain rewards. However, the design of an optimal incentive mechanism for FL is challenging due to its distributed nature and the fact that the central server has no access to clients’ hyperparameters information and the amount/quality data used for training, which makes the task of determining the reward based on the contribution of individual clients in FL environment difficult. Even though several incentive mechanisms have been proposed for FL, a thorough up-to-date systematic review is missing and this paper fills this gap. According to the best of our knowledge, this paper is the first systematic review that comprehensively enlists the design principles required for implementing these incentive mechanisms and then categorizes various incentive mechanisms according to their design principles. In addition, we also provide a comprehensive overview of security challenges associated with incentive-driven FL. Finally, we highlight the limitations and pitfalls of these incentive schemes and elaborate upon open-research issues that required further research attention.

show abstract

Data Poisoning Attacks Against Federated Learning Systems

Cited by 422 publications

References 37 publications

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

Rebirth of Distributed AI—A Review of eHealth Research

Incentive-Driven Federated Learning and Associated Security Challenges: A Systematic Review

Contact Info

Product

Resources

About