Privacy-Enhancing and Robust Backdoor Defense for Federated Learning on Heterogeneous Data

被引:10
作者
Chen, Zekai [1 ]
Yu, Shengxing [2 ]
Fan, Mingyuan [3 ]
Liu, Ximeng [1 ,4 ]
Deng, Robert H. [5 ]
机构
[1] Fuzhou Univ, Coll Math & Comp Sci, Fuzhou 350108, Peoples R China
[2] Peking Univ, Sch Elect Engn & Comp Sci, Beijing 100871, Peoples R China
[3] East China Normal Univ, Sch Data Sci & Engn, Shanghai 200050, Peoples R China
[4] City Univ Macau, Fac Data Sci, Taipa, Macau, Peoples R China
[5] Singapore Management Univ, Sch Informat Syst, Singapore 188065, Singapore
基金
中国国家自然科学基金;
关键词
Federate learning; backdoor defense; distributed backdoor attack; privacy-preserving; heterogeneity data;
D O I
10.1109/TIFS.2023.3326983
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Federated learning (FL) allows multiple clients to train deep learning models collaboratively while protecting sensitive local datasets. However, FL has been highly susceptible to security for federated backdoor attacks (FBA) through injecting triggers and privacy for potential data leakage from uploaded models in practical application scenarios. FBA defense strategies consider specific and limited attacker models, and a sufficient amount of noise injected can only mitigate rather than eliminate the attack. To address these deficiencies, we introduce a Robust Federated Backdoor Defense Scheme (RFBDS) and Privacy preserving RFBDS (PrivRFBDS) to ensure the elimination of adversarial backdoors. Our RFBDS to overcome FBA consists of amplified magnitude sparsification, adaptive OPTICS clustering, and adaptive clipping. The experimental evaluation of RFBDS is conducted on three benchmark datasets and an extensive comparison is made with state-of-the-art studies. The results demonstrate the promising defense performance from RFBDS, moderately improved by 31.75% similar to 73.75% in clustering defense methods, and 0.03% similar to 56.90% for Non-IID to the utmost extent for the average FBA success rate over MNIST, FMNIST, and CIFAR10. Besides, our privacy-preserving shuffling in PrivRFBDS maintains is 7.83e-5 similar to 0.42x that of state-of-the-art works.
引用
收藏
页码:693 / 707
页数:15
相关论文
共 37 条
[1]   A Survey on Homomorphic Encryption Schemes: Theory and Implementation [J].
Acar, Abbas ;
Aksu, Hidayet ;
Uluagac, A. Selcuk ;
Conti, Mauro .
ACM COMPUTING SURVEYS, 2018, 51 (04)
[2]  
Bagdasaryan E, 2020, PR MACH LEARN RES, V108, P2938
[3]  
Beimel Amos, 2011, Coding and Cryptology. Proceedings of the Third International Workshop, IWCC 2011, P11, DOI 10.1007/978-3-642-20901-7_2
[4]  
Bhagoji AN, 2019, PR MACH LEARN RES, V97
[5]   High-performance secure multi-party computation for data mining applications [J].
Bogdanov, Dan ;
Niitsoo, Margus ;
Toft, Tomas ;
Willemson, Jan .
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2012, 11 (06) :403-418
[6]  
Bogdanov D, 2008, LECT NOTES COMPUT SC, V5283, P192
[7]   Secure outsourced garbled circuit evaluation for mobile devices [J].
Carter, Henry ;
Mood, Benjamin ;
Traynor, Patrick ;
Butler, Kevin .
JOURNAL OF COMPUTER SECURITY, 2016, 24 (02) :137-180
[8]   FedEqual: Defending Model Poisoning Attacks in Heterogeneous Federated Learning [J].
Chen, Ling-Yuan ;
Chiu, Te-Chuan ;
Pang, Ai-Chun ;
Cheng, Li-Chen .
2021 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2021,
[9]   Fedward: Flexible Federated Backdoor Defense Framework with Non-IID Data [J].
Chen, Zekai ;
Wang, Fuyi ;
Zheng, Zhiwei ;
Liu, Ximeng ;
Lin, Yujie .
2023 IEEE INTERNATIONAL CONFERENCE ON MULTIMEDIA AND EXPO, ICME, 2023, :348-353
[10]   Personalized Retrogress-Resilient Federated Learning Toward Imbalanced Medical Data [J].
Chen, Zhen ;
Yang, Chen ;
Zhu, Meilu ;
Peng, Zhe ;
Yuan, Yixuan .
IEEE TRANSACTIONS ON MEDICAL IMAGING, 2022, 41 (12) :3663-3674