FedTrojan: Corrupting Federated Learning via Zero-Knowledge Federated Trojan Attacks

被引：0

作者：

Chang, Shan ^{[1
]}

Liu, Ye ^{[1
]}

Lin, Zhijian ^{[1
]}

Zhu, Hongzi ^{[2
]}

Zhu, Bingzhu ^{[1
]}

Wang, Cong ^{[3
]}

机构：

[1] Donghua Univ, Shanghai, Peoples R China

[2] Shanghai Jiao Tong Univ, Shanghai, Peoples R China

[3] City Univ Hong Kong, Hong Kong, Peoples R China

来源：

2024 IEEE/ACM 32ND INTERNATIONAL SYMPOSIUM ON QUALITY OF SERVICE, IWQOS | 2024年

基金：

上海市自然科学基金;

关键词：

federated learning; trojan attack; quasi-trojan; zero-knowledge; semantic feature;

D O I：

10.1109/IWQoS61813.2024.10682906

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Decentralized and open features of federated learning provides opportunities for malicious participants to inject stealthy trojan functionality into deep learning models collusively. A successful trojan attack is desired to be effective, precise and imperceptible, which generally requires priori knowledge such as aggregation rules, tight cooperation between attackers, e.g. sharing data distributions, and the use of inconspicuous triggers. However, in realistic, attackers are typically lack of the knowledge and hardly to fully cooperate (for privacy and efficiency reasons), and out of scope triggers are easy to be detected by scanners. We propose FedTrojan, a zero-knowledge federated trojan attack. Each attacker independently trains a quasi-trojaned local model with a self-select trigger. The model behaves normally on both regular and trojaned inputs. When local models are aggregated on the server side, the corresponding quasi-trojans will be assembled into a complete trojan which can be activated by the global trigger. We choose existing benign features rather than artificial patches as hidden local triggers to guarantee imperceptibility, and introduce catalytic features to eliminate the impact of local trojan triggers on behaviors of local/global models. Extensive experiments show that the performance of FedTrojan is significantly better than that of existing trojan attacks under both the classic FedAvg and Byzantine-robust aggregation rules.

引用

页数：10

共 50 条

[31] Inference attacks based on GAN in federated learning
Trung Ha
Tran Khanh Dang
INTERNATIONAL JOURNAL OF WEB INFORMATION SYSTEMS, 2022, 18 (2/3) : 117 - 136
[32] Adversarial Poisoning Attacks on Federated Learning in Metaverse
Aristodemou, Marios
Liu, Xiaolan
Lambotharan, Sangarapillai
ICC 2023-IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, 2023, : 6312 - 6317
[33] Federated optimization via knowledge codistillation
Ni, Xuanming
Shen, Xinyuan
Zhao, Huimin
EXPERT SYSTEMS WITH APPLICATIONS, 2022, 191
[34] Efficient Membership Inference Attacks against Federated Learning via Bias Differences
Zhang, Liwei
Li, Linghui
Li, Xiaoyong
Cai, Binsi
Gao, Yali
Dou, Ruobin
Chen, Luying
PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, : 222 - 235
[35] Defending against Membership Inference Attacks in Federated learning via Adversarial Example
Xie, Yuanyuan
Chen, Bing
Zhang, Jiale
Wu, Di
2021 17TH INTERNATIONAL CONFERENCE ON MOBILITY, SENSING AND NETWORKING (MSN 2021), 2021, : 153 - 160
[36] A Trojan Attack Against Smart Grid Federated Learning and Countermeasures
Bondok, Atef H.
Badr, Mahmoud M.
Mahmoud, Mohamed M. E. A.
El-Toukhy, Ahmed T.
Alsabaan, Maazen
Amsaad, Fathi
Ibrahem, Mohamed I.
IEEE ACCESS, 2024, 12 : 191828 - 191846
[37] Federated knowledge graph completion via embedding-contrastive learning
Chen, Mingyang
Zhang, Wen
Yuan, Zonggang
Jia, Yantao
Chen, Huajun
KNOWLEDGE-BASED SYSTEMS, 2022, 252
[38] Leveraging deep learning-assisted attacks against image obfuscation via federated learning
Tekli J.
Al Bouna B.
Tekli G.
Couturier R.
Charbel A.
Neural Computing and Applications, 2024, 36 (25) : 15667 - 15684
[39] MATFL: Defending Against Synergetic Attacks in Federated Learning
Yang, Wen
Peng, Luyao
Tang, Xiangyun
Weng, Yu
2023 IEEE INTERNATIONAL CONFERENCES ON INTERNET OF THINGS, ITHINGS IEEE GREEN COMPUTING AND COMMUNICATIONS, GREENCOM IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING, CPSCOM IEEE SMART DATA, SMARTDATA AND IEEE CONGRESS ON CYBERMATICS,CYBERMATICS, 2024, : 313 - 319
[40] Efficient and Secure Federated Learning Against Backdoor Attacks
Miao, Yinbin
Xie, Rongpeng
Li, Xinghua
Liu, Zhiquan
Choo, Kim-Kwang Raymond
Deng, Robert H.
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (05) : 4619 - 4636

← 1 2 3 4 5 →