Never Too Late: Tracing and Mitigating Backdoor Attacks in Federated Learning

Zeng, Hui Yong; Zhou, Tongqing; Guo, Shirong; Cai, Zhiping

doi:10.1109/srds55811.2022.00017

Cited by 3 publications

(7 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 3 shows an example of inference attacks. In a backdoor attack, the attacker's goal is to destroy the global FL model and replace the actual global FL model with the attacker's model [74]. This attack can also be classified as a model poisoning attack but it is more harmful than poisoning attacks [60].…”

Section: Privacy Leakage and Threats In Flmentioning

confidence: 99%

Privacy-Enhancing Technologies in Federated Learning for the Internet of Healthcare Things: A Survey

et al. 2023

View full text Add to dashboard Cite

Advancements in wearable medical devices using the IoT technology are shaping the modern healthcare system. With the emergence of the Internet of Healthcare Things (IoHT), efficient healthcare services can be provided to patients. Healthcare professionals have effectively used AI-based models to analyze the data collected from IoHT devices to treat various diseases. Data must be processed and analyzed while avoiding privacy breaches, in compliance with legal rules and regulations, such as the HIPAA and GDPR. Federated learning (FL) is a machine learning-based approach allowing multiple entities to train an ML model collaboratively without sharing their data. It is particularly beneficial in healthcare, where data privacy and security are substantial concerns. Even though FL addresses some privacy concerns, there is still no formal proof of privacy guarantees for IoHT data. Privacy-enhancing technologies (PETs) are tools and techniques designed to enhance the privacy and security of online communications and data sharing. PETs provide a range of features that help protect users’ personal information and sensitive data from unauthorized access and tracking. This paper comprehensively reviews PETs concerning FL in the IoHT scenario and identifies several key challenges for future research.

show abstract

Section: Privacy Leakage and Threats In Flmentioning

confidence: 99%

Privacy-Enhancing Technologies in Federated Learning for the Internet of Healthcare Things: A Survey

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Person Re-identification (ReID) is a fundamental yet challenging task in computer vision (CV), playing a paramount role in plenty of applications such as intelligent video surveillance, urban security, and smart retailing (Ye et al 2021;Zeng et al 2022).…”

Section: Introductionmentioning

confidence: 99%

Text-Based Occluded Person Re-identification via Multi-Granularity Contrastive Consistency Learning

Wu,

Ma,

Guo

et al. 2024

AAAI

View full text Add to dashboard Cite

Text-based Person Re-identification (T-ReID), which aims at retrieving a specific pedestrian image from a collection of images via text-based information, has received significant attention. However, previous research has overlooked a challenging yet practical form of T-ReID: dealing with image galleries mixed with occluded and inconsistent personal visuals, instead of ideal visuals with a full-body and clear view. Its major challenges lay in the insufficiency of benchmark datasets and the enlarged semantic gap incurred by arbitrary occlusions and modality gap between text description and visual representation of the target person. To alleviate these issues, we first design an Occlusion Generator (OGor) for the automatic generation of artificial occluded images from generic surveillance images. Then, a fine-granularity token selection mechanism is proposed to minimize the negative impact of occlusion for robust feature learning, and a novel multi-granularity contrastive consistency alignment framework is designed to leverage intra-/inter-granularity of visual-text representations for semantic alignment of occluded visuals and query texts. Experimental results demonstrate that our method exhibits superior performance. We believe this work could inspire the community to investigate more dedicated designs for implementing T-ReID in real-world scenarios. The source code is available at https://github.com/littlexinyi/MGCC.

show abstract

“…Federated Learning (FL) (McMahan et al 2017) enables multiple devices to jointly train machine learning models without sharing their raw data. Due to the unreachability to distributed data, it is vulnerable to attacks from malicious clients (Wang et al 2020), especially backdoor attacks that neither significantly alter the statistical characteristics of models as Gaussian-noise attacks (Blanchard et al 2017) nor cause a distinct modification to the training data as label-flipping attacks (Liu et al 2021), and thus, are more covert against many existing defenses (Zeng et al 2022).…”

Section: Introductionmentioning

confidence: 99%

“…The former may negatively impact global model accuracy (Yu et al 2021). The latter assumes globally clear boundaries between benign and infected model updates (Zeng et al 2022). However, backdoor attacks typically manipulate a limited subset of parameters, resulting in the similarity between benign and infected model updates.…”

Section: Introductionmentioning

confidence: 99%

“…In such cases, anomaly detections based on linear similarity may not perform satisfactorily. Besides, when facing a relatively high malicious client ratio (MCR), infected model updates are easier to be mistreated as benign ones, however, many existing defenses are only evaluated with MCR ≤ 10% (Xie et al 2021;Ozdayi, Kantarcioglu, and Gel 2021;Zeng et al 2022;Lu et al 2022). Although model deviations may be better captured by nonlinear neural networks, the patterns of benign models in FL are usually hard to acquire due to unpredictable distributions and trajectory shifts of model updates.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Resisting Backdoor Attacks in Federated Learning via Bidirectional Elections and Individual Perspective

Qin,

Chen,

Zhi

et al. 2024

AAAI

View full text Add to dashboard Cite

Existing approaches defend against backdoor attacks in federated learning (FL) mainly through a) mitigating the impact of infected models, or b) excluding infected models. The former negatively impacts model accuracy, while the latter usually relies on globally clear boundaries between benign and infected model updates. However, in reality, model updates can easily become mixed and scattered throughout due to the diverse distributions of local data. This work focuses on excluding infected models in FL. Unlike previous perspectives from a global view, we propose Snowball, a novel anti-backdoor FL framework through bidirectional elections from an individual perspective inspired by one principle deduced by us and two principles in FL and deep learning. It is characterized by a) bottom-up election, where each candidate model update votes to several peer ones such that a few model updates are elected as selectees for aggregation; and b) top-down election, where selectees progressively enlarge themselves through picking up from the candidates. We compare Snowball with state-of-the-art defenses to backdoor attacks in FL on five real-world datasets, demonstrating its superior resistance to backdoor attacks and slight impact on the accuracy of the global model.

show abstract

Never Too Late: Tracing and Mitigating Backdoor Attacks in Federated Learning

Cited by 3 publications

References 24 publications

Privacy-Enhancing Technologies in Federated Learning for the Internet of Healthcare Things: A Survey

Privacy-Enhancing Technologies in Federated Learning for the Internet of Healthcare Things: A Survey

Text-Based Occluded Person Re-identification via Multi-Granularity Contrastive Consistency Learning

Resisting Backdoor Attacks in Federated Learning via Bidirectional Elections and Individual Perspective

Contact Info

Product

Resources

About