Untargeted Poisoning Attack Detection in Federated Learning via Behavior Attestation

Mallah, Ranwa Al; López, David; Marfo, Godwin Badu; Farooq, Bilal

doi:10.48550/arxiv.2101.10904

Cited by 3 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FLTrust [80] ReLU cosine similarity, weighted mean High DnC [88] Random subsampling mean, numerical clipping High Ensemble [54] Group Training Voting low GAA [91] Credit scoring, validation dataset High attestedFL [92] Horizontal and vertical comparison test Medium…”

Section: Other Defense Methodsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Federated Learning PoisoningAttacks and Defenses

Liang

Rong

2022

Preprint

View full text Add to dashboard Cite

As one kind of distributed machine learning technique, federated learning enables multiple clients to build a model across decentralized datacollaboratively without explicitly aggregating the data. Due to its abilityto break data silos, federated learning has received increasing attentionin many fields, including finance, healthcare, and education. However,the invisibility of clients’ training data and the local training process result in some security issues. Recently, many works have beenproposed to research the security attacks and defenses in federatedlearning, but there has been no special survey on poisoning attacks onfederated learning and the corresponding defenses. In this paper, weinvestigate the most advanced schemes on federated learning poisoningattacks and defenses and point out the future directions in these areas.

show abstract

Section: Other Defense Methodsmentioning

confidence: 99%

“…attestedFL [92]. This solution uses a fusion of multiple methods to determine whether a client is malicious or benign through multiple comparisons.…”

Section: Other Model Aggregation Methodsmentioning

confidence: 99%

A Survey on Federated Learning PoisoningAttacks and Defenses

Liang

Rong

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…We can divide methods for detecting poisoning attacks based on evaluating model performance into two categories: evaluating local models [55], [57], [59], [62] and evaluating global models [56], [60], [63].…”

Section: ) Performance Evaluationmentioning

confidence: 99%

“…Yuao et al [57] updated the global model using only the local model that performed well on the test set and marked the client that uploaded a low-accuracy model as a malicious client. Furthermore, Mallah et al [59] defend the poisoning attack by monitoring: 1) the convergence of the local model during training, 2) the angular distance of successive local model updates, and 3) removing local model updates from clients whose performance does not improve to defend against poisoning attacks. In addition, Yi et al [62] proposed a method to automatically verify the validity of model updates through smart contracts in the blockchain, one of which is to test the performance of local models uploaded by users.…”

Section: ) Performance Evaluationmentioning

confidence: 99%

Poisoning Attacks in Federated Learning: A Survey

Xia

Chen

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Federated learning faces many security and privacy issues. Among them, poisoning attacks can significantly impact global models, and malicious attackers can prevent global models from converging or even manipulating the prediction results of global models. Defending against poisoning attacks is a very urgent and challenging task. However, the systematic reviews of poisoning attacks and their corresponding defense strategies from a privacy-preserving perspective still need more effort. This survey provides an in-depth and up-to-date overview of poisoning attacks and corresponding defense strategies in federated learning. We first classify the poisoning attacks according to their methods and targets. Next, we analyze the differences and connections between the various categories of poisoning attacks. In addition, we classify the defense strategies against poisoning attacks in federated learning into three categories and analyze their advantages and disadvantages. Finally, we discuss the privacy protection problem in poisoning attacks and their countermeasure and propose potential research directions from the perspective of attack and defense, respectively.INDEX TERMS Federated learning, distributed machine learning, poisoning attacks, defense of poisoning attacks.

show abstract

“…Therefore, reducing the adversarial relevance on the global model. Other confidence or score-based anomaly detection have been proposed [77], [129], [130].…”

Section: B Defending Integrity and Availabilitymentioning

confidence: 99%

On the Security & Privacy in Federated Learning

Abad¹,

Picek²,

Ramírez-Durán³

et al. 2021

Preprint

View full text Add to dashboard Cite

Advances in Machine Learning (ML) and its wide range of applications boosted its popularity. Recent privacy awareness initiatives as the EU General Data Protection Regulation (GDPR) -European Parliament and Council Regulation No 2016/679, subdued ML to privacy and security assessments. Federated Learning (FL) grants a privacy-driven, decentralized training scheme that improves ML models' security. The industry's fast-growing adaptation and security evaluations of FL technology exposed various vulnerabilities. Depending on the FL phase, i.e., training or inference, the adversarial actor capabilities, and the attack type threaten FL's confidentiality, integrity, or availability (CIA). Therefore, the researchers apply the knowledge from distinct domains as countermeasures, like cryptography and statistics.This work assesses the CIA of FL by reviewing the state-of-theart (SoTA) for creating a threat model that embraces the attack's surface, adversarial actors, capabilities, and goals. We propose the first unifying taxonomy for attacks and defenses by applying this model. Additionally, we provide critical insights extracted by applying the suggested novel taxonomies to the SoTA, yielding promising future research directions.

show abstract

Untargeted Poisoning Attack Detection in Federated Learning via Behavior Attestation

Cited by 3 publications

References 9 publications

A Survey on Federated Learning PoisoningAttacks and Defenses

A Survey on Federated Learning PoisoningAttacks and Defenses

Poisoning Attacks in Federated Learning: A Survey

On the Security & Privacy in Federated Learning

Contact Info

Product

Resources

About