Network-Level Adversaries in Federated Learning

Severi, Giorgio; Jagielski, Matthew; Yar, Gokberk; Wang, Yuxuan; Oprea, Alina; Nita-Rotaru, Cristina

doi:10.1109/cns56114.2022.9947237

Cited by 9 publications

(5 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For detail, see a survey paper, such as [3]. As another direction of the vulnerability issue, Severi et al pointed out the possibility of network-based adversarial attacks and explored defense methods [32].…”

Section: B Vulnerability Issue On the Global Modelmentioning

confidence: 99%

FedFit: Server Aggregation Through Linear Regression in Federated Learning

Kashima,

Kishida,

Amma

et al. 2024

IEEE Access

View full text Add to dashboard Cite

We present a conceptually novel framework for Federated Learning (FL) called FedFit for a flexible solver to address FL problems. FedFit framework consists of two components: model compression to upload a local model from a client to the server and reconstruction of the compressed local model in the server. Clients upload a compressed local model using a ''key'' shared with the server to formulate the server aggregation as linear regression. Therefore, the global model's parameters are updated through a linear regression solver in the server while naturally contributing to reducing upload costs from clients to the server. Thanks to our framework design, the server can flexibly utilize various established linear regression techniques to address some open problems of FL by considering server aggregation from a different perspective -linear regression. As an example of the broad applicability of our idea, we demonstrate the effectiveness of robust regression and LASSO regression implemented on FedFit, which can alleviate the vulnerability issues against attacks on the global model from the collapsed clients and introduce sparsity to the global model toward the reduction of model size, respectively.

show abstract

Section: B Vulnerability Issue On the Global Modelmentioning

confidence: 99%

FedFit: Server Aggregation Through Linear Regression in Federated Learning

Kashima,

Kishida,

Amma

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…More specifically, backdoor attacks studied in centralized Federated Learning [25], [28]. In addition to classical poisoning attacks, recent work on network-level adversaries in federated learning showed that adversaries might cleverly drop network packets and significantly reduce the model's performance on sub-populations [65]. Edge federated learning.…”

Section: Related Workmentioning

confidence: 99%

Backdoor Attacks in Peer-to-Peer Federated Learning

Yar¹,

Nita-Rotaru²,

Oprea³

2023

Preprint

View full text Add to dashboard Cite

We study backdoor attacks in peer-to-peer federated learning systems on different graph topologies and datasets. We show that only 5% attacker nodes are sufficient to perform a backdoor attack with 42% attack success without decreasing the accuracy on clean data by more than 2%. We also demonstrate that the attack can be amplified by the attacker crashing a small number of nodes. We evaluate defenses proposed in the context of centralized federated learning and show they are ineffective in peer-to-peer settings. Finally, we propose a defense that mitigates the attacks by applying different clipping norms to the model updates received from peers and local model trained by a node.

show abstract

“…However, securing the network and in-transit data is an essential ingredient to allow privacy preservation in an FL setup. Only a few works in the literature have focused their efforts on investigating networklevel risks and countermeasures in FL [1]. In the present paper, a networking approach is proposed to target privacy preservation in K8s-based FL.…”

Section: A Privacy Preservation In Flmentioning

confidence: 99%

“…Federated Learning (FL) is a popular Machine Learning (ML) technique for training models on decentralised, sensitive data while preserving data privacy [1]. This paradigm allows local nodes to collaboratively train a shared model and use it for a given task (e.g., classification or regression) while keeping the data locally without sharing their direct information with the FL server [2].…”

Section: Introductionmentioning

confidence: 99%

“…This tries to tackle privacy from a data-intransit perspective different to common FL applicationlevel approaches like secure aggregation combined with HTTPS [3], [2]. Communication between clients and the server is also critical in FL processes, introducing another vulnerability surface [1]. 2) Proof-of-concept implementation environment: We deploy a two-site implementation in different geographical locations, along with multiple collaborative clients with a task from the medical domain using the Medical MNIST image classification dataset [14].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy Preservation in Kubernetes-based Federated Learning: A Networking Approach

Parra-Ullauri,

Gonzalez,

Bravalheri

et al. 2023

IEEE INFOCOM 2023 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

View full text Add to dashboard Cite

Federated Learning (FL) is a distributed Machine Learning paradigm that enables multiple clients to collaboratively train a model under the control of a central server while preserving data locally in heterogeneous edge devices. To facilitate scalable deployment of FL systems, cloud computing and container-based approaches such as Kubernetes (K8s) have been recently proposed. K8s enables container orchestration for cloud and edge applications while reducing workload management complexity in FL ecosystems. Nonetheless, K8s can violate fundamental FL privacy principles, e.g., the inherent flat networking approach in K8s can potentially allow FL clients to access other client or domain resources. The latter poses an open research problem and gap in the literature because serious privacy risks can arise from attackers gaining access to any client in the FL setup. To address this problem, this paper presents a networking approach via network isolation at the link layer level, and authentication and data packet encryption at the network layer level. The former allows to create secure resource sharing, and the latter is used to protect in-transit data. For this purpose, we use a K8s networking operator and a secure network protocol suite. The above combination facilitates on-demand link-layer connectivity, per-link data source authentication, and confidentiality between FL actors. We tested our approach on a network testbed composed of different geo-located nodes where FL clients are deployed. Our promising results showcase the feasibility of the solution for privacy preservation at the network level in K8s-based FL.

show abstract

Network-Level Adversaries in Federated Learning

Cited by 9 publications

References 19 publications

FedFit: Server Aggregation Through Linear Regression in Federated Learning

FedFit: Server Aggregation Through Linear Regression in Federated Learning

Backdoor Attacks in Peer-to-Peer Federated Learning

Privacy Preservation in Kubernetes-based Federated Learning: A Networking Approach

Contact Info

Product

Resources

About