Privacy-Enhanced Federated Learning Against Poisoning Adversaries

Liu, Xiaoyuan; Li, Hongwei; Xu, Guowen; Chen, Zongqi; Huang, Xiaoming; Lu, Rongxing

doi:10.1109/tifs.2021.3108434

Cited by 148 publications

(55 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Free riding attacks are where an intruder benefits from the global model parameters without contributing with legitimate data samples. Data or model poisoning adversaries [47] aim to affect the global model to degrade its performance or make it perform in a certain way. In terms of IoT-IDS, the attacker can manipulate the global model to fail to detect certain attack techniques or tools which can be exploited in the future.…”

Section: Security Analysismentioning

confidence: 99%

HBFL: A Hierarchical Blockchain-based Federated Learning Framework for a Collaborative IoT Intrusion Detection

Sarhan¹,

Lo²,

Layeghy³

et al. 2022

Preprint

View full text Add to dashboard Cite

The continuous strengthening of the security posture of IoT ecosystems is vital due to the increasing number of interconnected devices and the volume of sensitive data shared. The utilisation of Machine Learning (ML) capabilities in the defence against IoT cyber attacks has many potential benefits. However, the currently proposed frameworks do not consider data privacy, secure architectures, and/or scalable deployments of IoT ecosystems. In this paper, we propose a hierarchical blockchain-based federated learning framework to enable secure and privacy-preserved collaborative IoT intrusion detection. We highlight and demonstrate the importance of sharing cyber threat intelligence among inter-organisational IoT networks to improve the model's detection capabilities. The proposed ML-based intrusion detection framework follows a hierarchical federated learning architecture to ensure the privacy of the learning process and organisational data. The transactions (model updates) and processes will run on a secure immutable ledger, and the conformance of executed tasks will be verified by the smart contract. We have tested our solution and demonstrated its feasibility by implementing it and evaluating the intrusion detection performance using a key IoT data set. The outcome is a securely designed ML-based intrusion detection system capable of detecting a wide range of malicious activities while preserving data privacy.

show abstract

Section: Security Analysismentioning

confidence: 99%

HBFL: A Hierarchical Blockchain-based Federated Learning Framework for a Collaborative IoT Intrusion Detection

Sarhan¹,

Lo²,

Layeghy³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Since the global model in FL is obtained by averaging several local updates shared by participants, FL is under the risk of poisoning attacks. Malicious participants can conduct poisoning attack by uploading poisoned model updates to lower the accuracy of global model and negatively impact the convergence of FL [21].…”

Section: Poisoning Attackmentioning

confidence: 99%

“…In this work, malicious participants will conduct the label flipping attack as in [10], [21]. Specifically, attackers can label the data within one class as another class, and train the model to generate local updates based on the tampered datasets, causing the global model unable to distinguish the data of the two classes correctly.…”

Section: Poisoning Attackmentioning

confidence: 99%

Secure and Efficient Decentralized Federated Learning with Data Representation Protection

Qin¹,

Deng²,

Yan³

et al. 2022

Preprint

View full text Add to dashboard Cite

Federated learning (FL) is a promising technical support to the vision of ubiquitous artificial intelligence in the sixth generation (6G) wireless communication network. However, traditional FL heavily relies on a trusted centralized server. Besides, FL is vulnerable to poisoning attacks, and the global aggregation of model updates makes the private training data under the risk of being reconstructed. What's more, FL suffers from efficiency problem due to heavy communication cost. Although decentralized FL eliminates the problem of the central dependence of traditional FL, it makes other problems more serious. In this paper, we propose BlockDFL, an efficient fully peer-to-peer (P2P) framework for decentralized FL. It integrates gradient compression and our designed voting mechanism with blockchain to efficiently coordinate multiple peer participants without mutual trust to carry out decentralized FL, while preventing data from being reconstructed according to transmitted model updates. Extensive experiments conducted on two real-world datasets exhibit that BlockDFL obtains competitive accuracy compared to centralized FL and can defend against poisoning attacks while achieving efficiency and scalability. Especially when the proportion of malicious participants is as high as 40 percent, BlockDFL can still preserve the accuracy of FL, which outperforms existing fully decentralized FL frameworks.

show abstract

“…The most common way to generate this kind of poisoning is by maliciously tampering the labels in the data [33], this can be easily achieved by just flipping labels, thus generating mislabeled data as shown in Figure 2. Label flipping can be performed either randomly or specifically depending on the aims of the attacker; the former aims to reduce the overall accuracy of all classes, the later does not aim to perform significant accuracy reduction, rather it is focus on the misclassification of a determined class in particular.…”

Section: A Label Flipping Attacksmentioning

confidence: 99%

“…Therefore, a robust FL model needs to regard on concerns related not only to data privacy, but also rely on a certain degree of resilience against poisoning attacks and data manipulations. Liu et al [33] addresses the privacy/defense related issue in FL models by showcasing a novel framework called privacy-enhanced FL (PEFL). PELF grants the central server the ability to detect malicious gradients and block poisoner workers.…”

Section: B Defenses In Federated Learningmentioning

confidence: 99%

Poisoning Attacks and Defenses on Artificial Intelligence: A Survey

Ramirez¹,

Kim²,

Hamadi³

et al. 2022

Preprint

View full text Add to dashboard Cite

Machine learning models have been widely adopted in several fields. However, most recent studies have shown several vulnerabilities from attacks with a potential to jeopardize the integrity of the model, presenting a new window of research opportunity in terms of cyber-security. This survey is conducted with a main intention of highlighting the most relevant information related to security vulnerabilities in the context of machine learning (ML) classifiers; more specifically, directed towards training procedures against data poisoning attacks, representing a type of attack that consists of tampering the data samples fed to the model during the training phase, leading to a degradation in the model's overall accuracy during the inference phase. This work compiles the most relevant insights and findings found in the latest existing literatures addressing this type of attacks. Moreover, this paper also covers several defense techniques that promise feasible detection and mitigation mechanisms, capable of conferring a certain level of robustness to a target model against an attacker. A thorough assessment is performed on the reviewed works, comparing the effects of data poisoning on a wide range of ML models in real-world conditions, performing quantitative and qualitative analyses. This paper analyzes the main characteristics for each approach including performance success metrics, required hyperparameters, and deployment complexity. Moreover, this paper emphasizes the underlying assumptions and limitations considered by both attackers and defenders along with their intrinsic properties such as: availability, reliability, privacy, accountability, interpretability, etc. Finally, this paper concludes by making references of some of main existing research trends that provide pathways towards future research directions in the field of cyber-security.

show abstract

Privacy-Enhanced Federated Learning Against Poisoning Adversaries

Cited by 148 publications

References 26 publications

HBFL: A Hierarchical Blockchain-based Federated Learning Framework for a Collaborative IoT Intrusion Detection

HBFL: A Hierarchical Blockchain-based Federated Learning Framework for a Collaborative IoT Intrusion Detection

Secure and Efficient Decentralized Federated Learning with Data Representation Protection

Poisoning Attacks and Defenses on Artificial Intelligence: A Survey

Contact Info

Product

Resources

About