Defending Against Data Poisoning Attacks: From Distributed Learning to Federated Learning

Tian, Yuan; Zhang, W; Simpson, Anthony; Liu, Yang; Jiang, Zhang

doi:10.1093/comjnl/bxab192

Cited by 10 publications

(9 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the GAN-based methods are promising in solving the non-IID problem, the high computational resource demands for training the generator and discriminator limit their applicability in practical systems. Besides, VHL [37] instituted a virtual homogeneous dataset to calibrate the features from the heterogeneous clients, which can be generated from pure noise shared across clients. Moreover, zero-shot learning was also applied for synthetic data generation to promote the fairness of FL [38], but only knowing the global model is incapable of generating synthetic data with sufficient quality.…”

Section: Non-iid Problem In Flmentioning

confidence: 99%

HFML: heterogeneous hierarchical federated mutual learning on non-IID data

2023

Ann Oper Res

View full text Add to dashboard Cite

Federated learning (FL) has emerged as a privacy-preserving paradigm that trains neural networks on edge devices without collecting data at a central server. However, FL encounters an inherent challenge in dealing with non-independent and identically distributed (non-IID) data among devices. To address this challenge, this paper proposes a hard feature matching data synthesis (HFMDS) method to share auxiliary data besides local models. Specifically, synthetic data are generated by learning the essential class-relevant features of real samples and discarding the redundant features, which helps to effectively tackle the non-IID issue. For better privacy preservation, we propose a hard feature augmentation method to transfer real features towards the decision boundary, with which the synthetic data not only improve the model generalization but also erase the information of real features. By integrating the proposed HFMDS method with FL, we present a novel FL framework with data augmentation to relieve data heterogeneity. The theoretical analysis highlights the effectiveness of our proposed data synthesis method in solving the non-IID challenge. Simulation results further demonstrate that our proposed HFMDS-FL algorithm outperforms the baselines in terms of accuracy, privacy preservation, and computational cost on various benchmark datasets.

show abstract

Section: Non-iid Problem In Flmentioning

confidence: 99%

HFML: heterogeneous hierarchical federated mutual learning on non-IID data

2023

Ann Oper Res

View full text Add to dashboard Cite

show abstract

“…In recent years, some defense schemes have been studied to against data poison attack that can delete outliers by calculating the similarity between data information [58]. In the aspect of this way, Tian et al [59] proposed a strategy for detecting and suppressing potential outliers to defend against data poisoning attacks in FL. In the FL scenario of traffic flow prediction, Qi et al [60] came up with a FL framework which using consortium blockchain technique.…”

Section: Homomorphic Encryptionmentioning

confidence: 99%

A survey on federated learning: challenges and applications

Zhang

Lan

et al. 2022

Int. J. Mach. Learn. & Cyber.

View full text Add to dashboard Cite

y impact on human life [1][2][3]. As great progress has been made in AI technology in recent years, various application fields have stepped into intelligence [4,5]. On the road of AI development, models, computing power, chip performance, and other technical issues have been the focus of academic research, so that AI technology can continue to evolve. For machines to truly approach the level of human thought, they need to be trained with vast amounts of real data [6,7]. However, cloud computing power, data security, data silos and other risks will inevitably become constraints for AI to win user trust, collect private data, and achieve largescale implementation [8]. Therefore, it is an urgent need for a practical and effective technique to alleviate the above problems and make the AI full of vitality again. Under this background, the concept of "federated learning (FL) " came into being.The notion of FL is first proposed by Google in 2016, mainly to make android mobile phone users update models locally without revealing private personal data [9]. After then, Google implemented an application-oriented FL system. The designed FL system, which focused on running federated average (FedAvg) algorithms on mobile phones, can perform federated analytics and be applied to monitor statistics for large-scale cluster equipment without recording raw device data to the cloud server. FL is one of the most Zhihua Cui

show abstract

“…Xingyu Li et al [25] proposed LoMar, a two-phase defence algorithm that improves target label accuracy testing under label rollover strike on the Amazon dataset from 96.0 percent to 98.8 percent and total average precision from 90.1 percent to 97.0 percent, in comparison to FG+Krum. Yuchen Tian et al [26] proposed a defence against data poisoning assaults in FL situations that detects and suppresses potential outliers (DSPO), which outperformed existing defences in numerous cases. V. Tolpegin et al [27] introduced a FL system aggregator that performs gradient clustering before the summary arguments are updated per round.…”

Section: Data Poisoning Defencementioning

confidence: 99%

“…Assuming the server is trusted, defenses focus on detection of incorrectly updated parameters. There are two usual methods of detecting anomalous update parameters [26]. One is by precision testing.…”

Section: Model Poisoning Defencementioning

confidence: 99%

Analysis on Security and Privacy-preserving in Federated Learning

Li¹,

Zhang²

2022

HSET

View full text Add to dashboard Cite

Data privacy breaches during the training and implementation of the model are the main challenges that impede the development of artificial intelligence technologies today. Federated Learning has been an effective tool for the protection of privacy. Federated Learning is a distributive machine learning method that trains a non-destructive learning module based on a local training and passage of parameters from participants, with no required direct access to data source. Federated Learning still holds many pitfalls. This paper first introduces the types of federated learning, including horizontal federated learning, vertical federated learning and federated transfer learning, and then analyses the existing security risks of poisoning attacks, adversarial attacks and privacy leaks, with privacy leaks becoming a security risk that cannot be ignored at this stage. This paper also summarizes the corresponding defence measures, from three aspects: Poison attack defence, Privacy Leak Defence, and Defence against attack, respectively. This paper introduces the defence measures taken against some threats faced by federated learning, and finally gives some future research directions.

show abstract

Defending Against Data Poisoning Attacks: From Distributed Learning to Federated Learning

Cited by 10 publications

References 45 publications

HFML: heterogeneous hierarchical federated mutual learning on non-IID data

HFML: heterogeneous hierarchical federated mutual learning on non-IID data

A survey on federated learning: challenges and applications

Analysis on Security and Privacy-preserving in Federated Learning

Contact Info

Product

Resources

About