Privacy and Robustness in Federated Learning: Attacks and Defenses

Lyu, Lingjuan; Han, Yu; Ma, Xingjun; Chen, Chen; Sun, Lichao; Zhao, Jun; Yang, Qiang; Yu, Philip S.

doi:10.48550/arxiv.2012.06337

Cited by 40 publications

(53 citation statements)

References 105 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These attacks poison local model updates before uploading them to the server. More details of poisoning attacks and other threats of FL can be found from the survey paper [40].…”

Section: Robust Federated Learningmentioning

confidence: 99%

See 1 more Smart Citation

PRECAD: Privacy-Preserving and Robust Federated Learning via Crypto-Aided Differential Privacy

Gu¹,

Li²,

Xiong³

2021

Preprint

View full text Add to dashboard Cite

Federated Learning (FL) allows multiple participating clients to train machine learning models collaboratively by keeping their datasets local and only exchanging model updates. Existing FL protocol designs have been shown to be vulnerable to attacks that aim to compromise data privacy and/or model robustness. Recently proposed defenses focused on ensuring either privacy or robustness, but not both. In this paper, we develop a framework called PRECAD, which simultaneously achieves differential privacy (DP) and enhances robustness against model poisoning attacks with the help of cryptography. Using secure multi-party computation (MPC) techniques (e.g., secret sharing), noise is added to the model updates by the honest-but-curious server(s) (instead of each client) without revealing clients' inputs, which achieves the benefit of centralized DP in terms of providing a better privacy-utility tradeoff than local DP based solutions. Meanwhile, a crypto-aided secure validation protocol is designed to verify that the contribution of model update from each client is bounded without leaking privacy. We show analytically that the noise added to ensure DP also provides enhanced robustness against malicious model submissions. We experimentally demonstrate that our PRECAD framework achieves higher privacy-utility tradeoff and enhances robustness for the trained models.

show abstract

“…These attacks poison local model updates before uploading them to the server. More details of poisoning attacks and other threats of FL can be found from the survey paper [40].…”

Section: Robust Federated Learningmentioning

confidence: 99%

“…Following[40,49,54], we use LDP to refer to the client based approaches for ease of presentation, but it is different from the traditional LDP for data collection in[21,29,57].…”

mentioning

confidence: 99%

PRECAD: Privacy-Preserving and Robust Federated Learning via Crypto-Aided Differential Privacy

Gu¹,

Li²,

Xiong³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Several survey works [27], [73]- [80] have also summarized some of the threats and defenses in collaborative learning. However, they have certain drawbacks.…”

Section: Introductionmentioning

confidence: 99%

“…. For example, Second, several surveys [73], [74], [79] mainly target on the threats and defenses in federated learning. Vepakommacite et al vepakomma2018no summarize the privacy problems and defenses in distributed learning systems.…”

Section: Introductionmentioning

confidence: 99%

Robust and Privacy-Preserving Collaborative Learning: A Comprehensive Survey

Guo¹,

Zhang²,

Yang³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the rapid demand of data and computational resources in deep learning systems, a growing number of algorithms to utilize collaborative machine learning techniques, for example, federated learning, to train a shared deep model across multiple participants. It could effectively take advantage of resource of each participant and obtain a more powerful learning system. However, integrity and privacy threats in such systems have greatly obstructed the applications of collaborative learning. And a large amount of works have been proposed to maintain the model integrity and mitigate the privacy leakage of training data during the training phase for different collaborate learning systems. Compared with existing surveys that mainly focus on one specific collaborate learning system, this survey aims to provide a systematic and comprehensive review of security and privacy researches in collaborative learning. Our survey first provides the system overview of collaborative learning, followed by an brief introduction of integrity and privacy threats. In an organized way, we then detail the existing integrity and privacy attacks as well as their defenses. We also list some open problems in this area and opensource the related papers on GitHub: https://github.com/csl-cqu/awesome-secure-collebrativelearning-papers.

show abstract

“…However, FLNs with frequent model updates and communications are vulnerable to various types of privacy attacks, such as eavesdropping attacks, inference attacks, poisoning attacks and backdoor attacks, which in turn, have inspired a myriad of defense mechanisms (a.k.a. countermeasures) [3].…”

Section: Introductionmentioning

confidence: 99%

Securing Federated Learning: A Covert Communication-based Approach

Xie¹,

Kang²,

Niyato³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Federated Learning Networks (FLNs) have been envisaged as a promising paradigm to collaboratively train models among mobile devices without exposing their local privacy data. Due to the need for frequent model updates and communications, FLNs are vulnerable to various attacks (e.g., eavesdropping attacks, inference attacks, poisoning attacks, and backdoor attacks). Balancing privacy protection with efficient distributed model training is a key challenge for FLNs. Existing countermeasures incur high computation costs and are only designed for specific attacks on FLNs. In this paper, we bridge this gap by proposing the Covert Communication-based Federated Learning (CCFL) approach. Based on the emerging communication security technique of covert communication which hides the existence of wireless communication activities, CCFL can degrade attackers' capability of extracting useful information from the FLN training protocol, which is a fundamental step for most existing attacks, and thereby holistically enhances the privacy of FLNs. We experimentally evaluate CCFL extensively under real-world settings in which the FL latency is optimized under given security requirements. Numerical results demonstrate the significant effectiveness of the proposed approach in terms of both training efficiency and communication security.

show abstract

Privacy and Robustness in Federated Learning: Attacks and Defenses

Cited by 40 publications

References 105 publications

PRECAD: Privacy-Preserving and Robust Federated Learning via Crypto-Aided Differential Privacy

PRECAD: Privacy-Preserving and Robust Federated Learning via Crypto-Aided Differential Privacy

Robust and Privacy-Preserving Collaborative Learning: A Comprehensive Survey

Securing Federated Learning: A Covert Communication-based Approach

Contact Info

Product

Resources

About