Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey

Wang, Zhilin; Qiao, Kang; Zhang, Xinyi; Hu, Qin

doi:10.1109/wcnc51071.2022.9771619

Cited by 14 publications

(4 citation statements)

References 202 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As argued in Sun et al (2019b), norm-bounding is thought to be sufficient to prevent these attacks. We acknowledge that other defenses exist, see overviews in Wang et al (2022) and Qiu et al (2022), yet the proposed attack is designed to be used against norm-bounded FL systems and we verify in Appendix A.5 that it does not break other defenses. We focus on norm bounding because it is a key defense that is widely adopted in industrial implementations of federated learning (Bonawitz et al, 2019;Paulik et al, 2021;Dimitriadis et al, 2022).…”

Section: Can You Backdoor Federated Learning?mentioning

confidence: 87%

Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning

Wen¹,

Geiping²,

Fowl³

et al. 2022

Preprint

View full text Add to dashboard Cite

Federated learning is particularly susceptible to model poisoning and backdoor attacks because individual users have direct control over the training data and model updates. At the same time, the attack power of an individual user is limited because their updates are quickly drowned out by those of many other users. Existing attacks do not account for future behaviors of other users, and thus require many sequential updates and their effects are quickly erased. We propose an attack that anticipates and accounts for the entire federated learning pipeline, including behaviors of other clients, and ensures that backdoors are effective quickly and persist even after multiple rounds of community updates. We show that this new attack is effective in realistic scenarios where the attacker only contributes to a small fraction of randomly sampled rounds and demonstrate this attack on image classification, next-word prediction, and sentiment analysis. Code is available at https://github.com/YuxinWenRick/ thinking-two-moves-ahead.

show abstract

Section: Can You Backdoor Federated Learning?mentioning

confidence: 87%

Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning

Wen¹,

Geiping²,

Fowl³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…However, the poisoning attack is one of the many security vulnerabilities they discussed and is only briefly described in their paper. Zhilin et al [12] discussed defense strategies against model poisoning attacks in federated learning. They classified existing defense strategies into two categories: evaluation methods for local model updates and aggregation methods for the global model.…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, federated learning is considered effective in protecting user privacy during training. However, further research shows that federated learning also faces many security and privacy risks [7], [8], [9], [10], such as poisoning attacks [11], [12], [13], [14], [15] and privacy leakage [16], [17], [18], [19], [20], [21]. This paper focuses on the risk of poisoning attacks in federated learning.…”

Section: Introductionmentioning

confidence: 99%

Poisoning Attacks in Federated Learning: A Survey

Xia

Chen

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Federated learning faces many security and privacy issues. Among them, poisoning attacks can significantly impact global models, and malicious attackers can prevent global models from converging or even manipulating the prediction results of global models. Defending against poisoning attacks is a very urgent and challenging task. However, the systematic reviews of poisoning attacks and their corresponding defense strategies from a privacy-preserving perspective still need more effort. This survey provides an in-depth and up-to-date overview of poisoning attacks and corresponding defense strategies in federated learning. We first classify the poisoning attacks according to their methods and targets. Next, we analyze the differences and connections between the various categories of poisoning attacks. In addition, we classify the defense strategies against poisoning attacks in federated learning into three categories and analyze their advantages and disadvantages. Finally, we discuss the privacy protection problem in poisoning attacks and their countermeasure and propose potential research directions from the perspective of attack and defense, respectively.INDEX TERMS Federated learning, distributed machine learning, poisoning attacks, defense of poisoning attacks.

show abstract

“…Major contents [20] early work that concludes data poisoning, model poisoning, and defense [21] problems of communication, poisoning attacks, inference attacks and privacy leakage [22] the concept of semi-supervised federated learning and applications [23] defenses against model poisoning and privacy inference attacks [24] block chain-based privacy protection for federated learning [25] privacy protection classification of federated learning and the defenses [26] federated learning privacy protection, communication overhead, and malicious participant defenses [27] defense methods for model poisoning [28] federated learning privacy protection convergence programme [29] survey and evaluation of federated learning privacy attacks and defenses programs [30] federated learning robustness, privacy attacks, and defenses…”

Section: Refmentioning

confidence: 99%

A Survey on Federated Learning PoisoningAttacks and Defenses

Liang

Rong

2022

Preprint

View full text Add to dashboard Cite

As one kind of distributed machine learning technique, federated learning enables multiple clients to build a model across decentralized datacollaboratively without explicitly aggregating the data. Due to its abilityto break data silos, federated learning has received increasing attentionin many fields, including finance, healthcare, and education. However,the invisibility of clients’ training data and the local training process result in some security issues. Recently, many works have beenproposed to research the security attacks and defenses in federatedlearning, but there has been no special survey on poisoning attacks onfederated learning and the corresponding defenses. In this paper, weinvestigate the most advanced schemes on federated learning poisoningattacks and defenses and point out the future directions in these areas.

show abstract

Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey

Cited by 14 publications

References 202 publications

Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning

Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning

Poisoning Attacks in Federated Learning: A Survey

A Survey on Federated Learning PoisoningAttacks and Defenses

Contact Info

Product

Resources

About