Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Fake or Compromised? Making Sense of Malicious Clients in Federated Learning (2403.06319v1)

Published 10 Mar 2024 in cs.LG and cs.CR

Abstract: Federated learning (FL) is a distributed machine learning paradigm that enables training models on decentralized data. The field of FL security against poisoning attacks is plagued with confusion due to the proliferation of research that makes different assumptions about the capabilities of adversaries and the adversary models they operate under. Our work aims to clarify this confusion by presenting a comprehensive analysis of the various poisoning attacks and defensive aggregation rules (AGRs) proposed in the literature, and connecting them under a common framework. To connect existing adversary models, we present a hybrid adversary model, which lies in the middle of the spectrum of adversaries, where the adversary compromises a few clients, trains a generative (e.g., DDPM) model with their compromised samples, and generates new synthetic data to solve an optimization for a stronger (e.g., cheaper, more practical) attack against different robust aggregation rules. By presenting the spectrum of FL adversaries, we aim to provide practitioners and researchers with a clear understanding of the different types of threats they need to consider when designing FL systems, and identify areas where further research is needed.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. M. Baruch, B. Gilad, and Y. Goldberg, “A little is enough: Circumventing defenses for distributed learning,” Advances in Neural Information Processing Systems, 2019.
  2. V. Shejwalkar and A. Houmansadr, “Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning,” in Proceedings of the 28th Network and Distributed System Security Symposium, (NDSS), 2021.
  3. H. Mozaffari, V. Shejwalkar, and A. Houmansadr, “Every vote counts: Ranking-based training of federated learning to resist poisoning attacks,” in USENIX Security Symposium, 2023.
  4. X. Cao and N. Z. Gong, “Mpaf: Model poisoning attacks to federated learning based on fake clients,” arXiv preprint arXiv:2203.08669, 2022.
  5. J. Lin, M. Du, and J. Liu, “Free-riders in federated learning: Attacks and defenses,” arXiv preprint arXiv:1911.12560, 2019.
  6. Y. Fraboni, R. Vidal, and M. Lorenzi, “Free-rider attacks on model aggregation in federated learning,” in International Conference on Artificial Intelligence and Statistics.   PMLR, 2021, pp. 1846–1854.
  7. V. Shejwalkar, A. Houmansadr, P. Kairouz, and D. Ramage, “Back to the drawing board: A critical evaluation of poisoning attacks on federated learning,” arXiv preprint arXiv:2108.10241, 2021.
  8. J. Ho, A. Jain, and P. Abbeel, “Denoising diffusion probabilistic models,” in Advances in Neural Information Processing Systems, H. Larochelle, M. Ranzato, R. Hadsell, M. Balcan, and H. Lin, Eds., vol. 33.   Curran Associates, Inc., 2020, pp. 6840–6851. [Online]. Available: https://proceedings.neurips.cc/paper/2020/file/4c5bcfec8584af0d967f1ab10179ca4b-Paper.pdf
  9. A. Q. Nichol and P. Dhariwal, “Improved denoising diffusion probabilistic models,” in Proceedings of the 38th International Conference on Machine Learning, ser. Proceedings of Machine Learning Research, M. Meila and T. Zhang, Eds., vol. 139.   PMLR, 18–24 Jul 2021, pp. 8162–8171. [Online]. Available: https://proceedings.mlr.press/v139/nichol21a.html
  10. D. P. Kingma, T. Salimans, B. Poole, and J. Ho, “On density estimation with diffusion models,” in Advances in Neural Information Processing Systems, A. Beygelzimer, Y. Dauphin, P. Liang, and J. W. Vaughan, Eds., 2021. [Online]. Available: https://openreview.net/forum?id=2LdBqxc1Yv
  11. J. Choi, J. Lee, C. Shin, S. Kim, H. J. Kim, and S.-H. Yoon, “Perception prioritized training of diffusion models,” ArXiv, vol. abs/2204.00227, 2022.
  12. T. Karras, M. Aittala, T. Aila, and S. Laine, “Elucidating the design space of diffusion-based generative models,” ArXiv, vol. abs/2206.00364, 2022.
  13. J. Song, C. Meng, and S. Ermon, “Denoising diffusion implicit models,” ArXiv, vol. abs/2010.02502, 2021.
  14. T. Chen, R. Zhang, and G. Hinton, “Analog bits: Generating discrete data using diffusion models with self-conditioning,” 2022.
  15. S. Qiao, H. Wang, C. Liu, W. Shen, and A. L. Yuille, “Weight standardization,” ArXiv, vol. abs/1903.10520, 2019.
  16. T. Salimans and J. Ho, “Progressive distillation for fast sampling of diffusion models,” ArXiv, vol. abs/2202.00512, 2022.
  17. J. Ho, “Classifier-free diffusion guidance,” ArXiv, vol. abs/2207.12598, 2022.
  18. R. Sunkara and T. Luo, “No more strided convolutions or pooling: A new cnn building block for low-resolution images and small objects,” ArXiv, vol. abs/2208.03641, 2022.
  19. A. Jabri, D. J. Fleet, and T. Chen, “Scalable adaptive computation for iterative generation,” 2022.
  20. A. Radford, L. Metz, and S. Chintala, “Unsupervised representation learning with deep convolutional generative adversarial networks,” arXiv preprint arXiv:1511.06434, 2015.
  21. H. B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y. Arcas, “Communication-efficient learning of deep networks from decentralized data,” Proceedings of the 20 th International Conference on Artificial Intelligence and Statistics, 2017.
  22. P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. N. Bhagoji, K. Bonawitz, Z. Charles, G. Cormode, R. Cummings et al., “Advances and open problems in federated learning,” arXiv preprint arXiv:1912.04977, 2019.
  23. J. Konečnỳ, H. B. McMahan, F. X. Yu, P. Richtárik, A. T. Suresh, and D. Bacon, “Federated learning: Strategies for improving communication efficiency,” arXiv preprint arXiv:1610.05492, 2016.
  24. M. Fang, X. Cao, J. Jia, and N. Z. Gong, “Local model poisoning attacks to byzantine-robust federated learning,” in 29th USENIX Security Symposium, USENIX Security, S. Capkun and F. Roesner, Eds., 2020.
  25. P. Blanchard, R. Guerraoui, J. Stainer et al., “Machine learning with adversaries: Byzantine tolerant gradient descent,” in Advances in Neural Information Processing Systems, 2017, pp. 119–129.
  26. E. M. E. Mhamdi, R. Guerraoui, and S. Rouault, “The hidden vulnerability of distributed learning in byzantium,” in Proceedings of the 35th International Conference on Machine Learning, ICML, 2018.
  27. D. Yin, Y. Chen, K. Ramchandran, and P. L. Bartlett, “Byzantine-robust distributed learning: Towards optimal statistical rates,” in ICML, 2018.
  28. H. Chang, V. Shejwalkar, R. Shokri, and A. Houmansadr, “Cronus: Robust and heterogeneous collaborative learning with black-box knowledge transfer,” 2019.
  29. H. Mozaffari, V. J. Marathe, and D. Dice, “Fedperm: Private and robust federated learning by parameter permutation,” arXiv preprint arXiv:2208.07922, 2022.
  30. H. Wang, K. Sreenivasan, S. Rajput, H. Vishwakarma, S. Agarwal, J.-y. Sohn, K. Lee, and D. Papailiopoulos, “Attack of the tails: Yes, you really can backdoor federated learning,” arXiv preprint arXiv:2007.05084, 2020.
  31. A. N. Bhagoji, S. Chakraborty, P. Mittal, and S. Calo, “Analyzing federated learning through an adversarial lens,” in International Conference on Machine Learning, 2019, pp. 634–643.
  32. S. P. Karimireddy, S. Kale, M. Mohri, S. Reddi, S. Stich, and A. T. Suresh, “Scaffold: Stochastic controlled averaging for federated learning,” in International Conference on Machine Learning.   PMLR, 2020, pp. 5132–5143.
  33. S. P. Karimireddy, M. Jaggi, S. Kale, M. Mohri, S. J. Reddi, S. U. Stich, and A. T. Suresh, “Mime: Mimicking centralized stochastic algorithms in federated learning,” arXiv preprint arXiv:2008.03606, 2020.
  34. H. Ludwig, N. Baracaldo, G. Thomas, and Y. Zhou, “IBM federated learning: an enterprise framework white paper V0.1,” CoRR, vol. abs/2007.10987, 2020.
  35. M. Paulik, M. Seigel, and H. M. and, “Federated evaluation and tuning for on-device personalization: System design & applications,” CoRR, vol. abs/2102.08503, 2021. [Online]. Available: https://arxiv.org/abs/2102.08503
  36. Z. Sun, P. Kairouz, A. T. Suresh, and H. B. McMahan, “Can you really backdoor federated learning?” in NeurIPS FL Workshop, 2019.
  37. A. Krizhevsky and G. Hinton, “Learning multiple layers of features from tiny images,” 2009.
  38. S. Caldas, P. Wu, T. Li, J. Konečný, H. B. McMahan, V. Smith, and A. Talwalkar, “LEAF: A benchmark for federated settings,” CoRR, vol. abs/1812.01097, 2018. [Online]. Available: http://arxiv.org/abs/1812.01097
  39. G. Cohen, S. Afshar, J. Tapson, and A. van Schaik, “EMNIST: extending MNIST to handwritten letters,” in 2017 International Joint Conference on Neural Networks, IJCNN, 2017.
  40. S. J. Reddi, Z. Charles, M. Zaheer, Z. Garrett, K. Rush, J. Konečnỳ, S. Kumar, and H. B. McMahan, “Adaptive federated optimization,” in ICLR, 2020.
  41. T.-M. H. Hsu, H. Qi, and M. Brown, “Measuring the effects of non-identical data distribution for federated visual classification,” arXiv preprint arXiv:1909.06335, 2019.
  42. “Denoising Diffusion Probabilistic Model, in Pytorch,” https://github.com/lucidrains/denoising-diffusion-pytorch, 2022.
  43. “Denoising Diffusion Probabilistic Model, in Tensorflow,” https://github.com/hojonathanho/diffusion, 2020.
  44. “PyTorch Implementation of DCGAN trained on the CelebA dataset,” https://github.com/Natsu6767/DCGAN-PyTorch.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now