A Selective Defense Strategy for Federated Learning Against Attacks

被引:0
|
作者
Chen Z. [1 ]
Jiang H. [1 ]
Zhou Y. [2 ]
机构
[1] College of Computer Science and Engineering, Chongqing University of Technology, Chongqing
[2] Department of Computer Science and Software Engineering, Auburn University, Auburn
来源
Dianzi Yu Xinxi Xuebao/Journal of Electronics and Information Technology | 2024年 / 46卷 / 03期
基金
中国国家自然科学基金;
关键词
Adversarial attack; Adversarial training; Defense strategy; Federated Learning (FL);
D O I
10.11999/JEIT230137
中图分类号
学科分类号
摘要
Federated Learning (FL) performs model training based on local training on clients and continuous model parameters interaction between terminals and server, which effectively solving data leakage and privacy risks in centralized machine learning models. However, since multiple malicious terminals participating in FL can achieve adversarial attacks by inputting small perturbations in the process of local learning, and then lead to incorrect results output by the global model. An effective federated defense strategy – SelectiveFL is proposed in this paper. This strategy first establishes a selective federated defense framework, and then updates the uploaded local model on the server on the basis of extracting attack characteristics through adversarial training at the terminals. At the same time, selective aggregation is carried out according to the attack characteristics, and finally multiple adaptive defense models can be obtained. Finally, the proposed defense method is evaluated on several representative benchmark datasets. The experimental results show that compared with the existing research work, the accuracy of the model can be improved by 2% to 11%. © 2024 Science Press. All rights reserved.
引用
收藏
页码:1119 / 1127
页数:8
相关论文
共 21 条
  • [1] WU Yulei, Hongning DAI, WANG Hao, Convergence of blockchain and edge computing for secure and scalable IIoT critical infrastructures in industry 4.0[J], IEEE Internet of Things Journal, 8, 4, pp. 2300-2317, (2021)
  • [2] LIU Yi, YU J J Q, KANG Jiawen, Et al., Privacy-preserving traffic flow prediction: A federated learning approach[J], IEEE Internet of Things Journal, 7, 8, pp. 7751-7763, (2020)
  • [3] KHAN L U, YAQOOB I, TRAN N H, Et al., Edge-computing-enabled smart cities: A comprehensive survey[J], IEEE Internet of Things Journal, 7, 10, pp. 10200-10232, (2020)
  • [4] WAN C P, CHEN Qifeng, Robust federated learning with attack-adaptive aggregation, (2021)
  • [5] HONG Junyuan, WANG Haotao, WANG Zhangyang, Et al., Federated robustness propagation: Sharing adversarial robustness in federated learning, The Tenth International Conference on Learning Representations, (2022)
  • [6] REN Huali, HUANG Teng, YAN Hongyang, Adversarial examples: Attacks and defenses in the physical world[J], International Journal of Machine Learning and Cybernetics, 12, 11, pp. 3325-3336, (2021)
  • [7] GOODFELLOW I J, SHLENS J, SZEGEDY C., Explaining and harnessing adversarial examples[C], The 3rd International Conference on Learning Representations, pp. 1-11, (2015)
  • [8] KURAKIN A, GOODFELLOW I J, BENGIO S., Adversarial examples in the physical world[C], The 5th International Conference on Learning Representations, pp. 1-14, (2017)
  • [9] MADRY A, MAKELOV A, SCHMIDT L, Et al., Towards deep learning models resistant to adversarial attacks, The 6th International Conference on Learning Representations, (2018)
  • [10] DONG Yinpeng, LIAO Fangzhou, PANG Tianyu, Et al., Boosting adversarial attacks with momentum[C], 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9185-9193, (2018)
123