Poisoning Attacks in Federated Learning: A Survey

Xia, Geming; Chen, Jian; Yu, Chaodong; Ma, Jun

doi:10.1109/access.2023.3238823

Cited by 29 publications

(6 citation statements)

References 78 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, like in centralized ML deployments, FL is subject to various types of security attacks, including Byzantine clients, which do not behave as expected. Specifically, poisoning attacks are intended to modify the data or directly the weights shared by clients with the aggregator to degrade the model's performance and hinder its convergence Xia, Chen, Yu, and Ma (2023). Indeed, previous works confirm FL's susceptibility to poisoning attacks Baruch, Baruch, and Goldberg (2019), particularly highlighting the vulnerability of the average function or FedAvg McMahan et al (2017) as an aggregation approach.…”

Section: Introductionmentioning

confidence: 99%

Evaluating Federated Learning for intrusion detection in Internet of Things: Review and challenges

et al. 2022

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Evaluating Federated Learning for intrusion detection in Internet of Things: Review and challenges

et al. 2022

View full text Add to dashboard Cite

“…In our work, we evaluate various approaches for combining local RF models for cybersecurity applications. In addition, differential privacy property is added to our model making it private by design and providing a countermeasure to potential data poisoning attacks [53]. To achieve that, we decided to follow the work from [17] where differential privacy is done with the Exponential mechanism giving strong privacy guarantees and high accuracy performances in practice.…”

Section: Random Forest With Differential Privacymentioning

confidence: 99%

Random forest with differential privacy in federated learning framework for network attack detection and classification

Markovic,

Leon,

Buffoni

et al. 2024

Appl Intell

View full text Add to dashboard Cite

Communication networks are crucial components of the underlying digital infrastructure in any smart city setup. The increasing usage of computer networks brings additional cyber security concerns, and every organization has to implement preventive measures to protect valuable data and business processes. Due to the inherent distributed nature of the city infrastructures as well as the critical nature of its resources and data, any solution to the attack detection calls for distributed, efficient and privacy preserving solutions. In this paper, we extend the evaluation of our federated learning framework for network attacks detection and classification based on random forest. Previously the framework was evaluated only for attack detection using four well-known intrusion detection datasets (KDD, NSL-KDD, UNSW-NB15, and CIC-IDS-2017). In this paper, we extend the evaluation for attack classification. We also evaluate how adding differential privacy into random forest, as an additional protective mechanism, affects the framework performances. The results show that the framework outperforms the average performance of independent random forests on clients for both attack detection and classification. Adding differential privacy penalizes the performance of random forest, as expected, but the use of the proposed framework still brings benefits in comparison to the use of independent local models. The code used in this paper is publicly available, to enable transparency and facilitate reproducibility within the research community.

show abstract

“…A recent survey in the field highlights the most advanced schemes of federated learning poisoning attacks and defenses [20]. They classify the defense strategies against poisoning attacks in federated learning into three categories: model analysis, byzantine robust aggregation and verification-based.…”

Section: Related Workmentioning

confidence: 99%

Untargeted Poisoning Attack Detection in Federated Learning via Behavior AttestationAl

Mallah,

López,

Badu-Marfo

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Federated Learning (FL) is a paradigm in Machine Learning (ML) that addresses data privacy, security, access rights and access to heterogeneous information issues by training a global model using distributed nodes. Despite its advantages, there is an increased potential for cyberattacks on FL-based ML techniques that can undermine the benefits. Model-poisoning attacks on FL target the availability of the model. The adversarial objective is to disrupt the training. We propose attestedFL, a defense mechanism that monitors the training of individual nodes through state persistence in order to detect a malicious worker in small to medium federation size. A fine-grained assessment of the history of the worker permits the evaluation of its behavior in time and results in innovative detection strategies. We present three lines of defense that aim at assessing if the worker is reliable by observing if the node is truly training, while advancing towards a goal. Our defense exposes an attacker's malicious behavior and removes unreliable nodes from the aggregation process so that the FL process converge faster. attestedFL increased the accuracy of the model in different FL settings, under different attacking patterns, and scenarios e.g., attacks performed at different stages of the convergence, colluding attackers, and continuous attacks.INDEX TERMS Security and privacy, intrusion detection systems, distributed systems security, federated learning, poisoning attack, behavior.

show abstract

Poisoning Attacks in Federated Learning: A Survey

Cited by 29 publications

References 78 publications

Evaluating Federated Learning for intrusion detection in Internet of Things: Review and challenges

Evaluating Federated Learning for intrusion detection in Internet of Things: Review and challenges

Random forest with differential privacy in federated learning framework for network attack detection and classification

Untargeted Poisoning Attack Detection in Federated Learning via Behavior AttestationAl

Contact Info

Product

Resources

About