BR-FEEL: A backdoor resilient approach for federated edge learning with fragment-sharing

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2024-08-09 DOI:10.1016/j.sysarc.2024.103258

Senmao Qi , Hao Ma , Yifei Zou , Yuan Yuan , Peng Li , Dongxiao Yu

{"title":"BR-FEEL: A backdoor resilient approach for federated edge learning with fragment-sharing","authors":"Senmao Qi , Hao Ma , Yifei Zou , Yuan Yuan , Peng Li , Dongxiao Yu","doi":"10.1016/j.sysarc.2024.103258","DOIUrl":null,"url":null,"abstract":"<div><p>In the resource-constrained federated edge learning (FEEL) systems, fragment-sharing is an efficient approach for multiple clients to cooperatively train a giant model with billions of parameters. Compared with the classical federated learning schemes where the local model is fully trained and exchanged by each client, the fragment-sharing only requires each client to optionally choose a parameter-fragment to train and share, according to its storage, computing, and networking abilities. However, when the full model is no longer delivered in fragment-sharing, the backdoor attacks hidden behind the fragments become harder to be detected, which introduces formidable challenge for the security of FEEL systems. In this paper, we firstly show that the existing fragment-sharing works suffer a lot from the backdoor attacks. Then, a Backdoor-Resilient approach, named BR-FEEL, is introduced to defend against the potential backdoor attacks. Specifically, a twin model is built by each benign client to integrate the parameter-fragments from others. A knowledge distillation process is designed on each client to transfer the clean knowledge from its twin model to local model. With the twin model and knowledge distillation process, our BR-FEEL approach makes sure that the local models of the benign clients will not be backdoored. Experiments on CIFAR-10 and GTSRB datasets with MobileNetV2 and ResNet-34 are conducted. The numerical results demonstrate the efficacy of BR-FEEL on reducing attack success rates by over 90% compared to other baselines under various attack methods.</p></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"155 ","pages":"Article 103258"},"PeriodicalIF":3.7000,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762124001954","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

In the resource-constrained federated edge learning (FEEL) systems, fragment-sharing is an efficient approach for multiple clients to cooperatively train a giant model with billions of parameters. Compared with the classical federated learning schemes where the local model is fully trained and exchanged by each client, the fragment-sharing only requires each client to optionally choose a parameter-fragment to train and share, according to its storage, computing, and networking abilities. However, when the full model is no longer delivered in fragment-sharing, the backdoor attacks hidden behind the fragments become harder to be detected, which introduces formidable challenge for the security of FEEL systems. In this paper, we firstly show that the existing fragment-sharing works suffer a lot from the backdoor attacks. Then, a Backdoor-Resilient approach, named BR-FEEL, is introduced to defend against the potential backdoor attacks. Specifically, a twin model is built by each benign client to integrate the parameter-fragments from others. A knowledge distillation process is designed on each client to transfer the clean knowledge from its twin model to local model. With the twin model and knowledge distillation process, our BR-FEEL approach makes sure that the local models of the benign clients will not be backdoored. Experiments on CIFAR-10 and GTSRB datasets with MobileNetV2 and ResNet-34 are conducted. The numerical results demonstrate the efficacy of BR-FEEL on reducing attack success rates by over 90% compared to other baselines under various attack methods.

查看原文本刊更多论文

BR-FEEL：利用片段共享实现联合边缘学习的后门弹性方法

在资源受限的联合边缘学习（FEEL）系统中，片段共享是多个客户端合作训练一个拥有数十亿参数的巨型模型的有效方法。与传统的联合学习方案（每个客户端都要对本地模型进行完全训练和交换）相比，片段共享只要求每个客户端根据其存储、计算和网络能力，有选择地选择一个参数片段进行训练和共享。然而，当片段共享不再提供完整模型时，隐藏在片段背后的后门攻击就变得难以察觉，这给 FEEL 系统的安全性带来了巨大挑战。在本文中，我们首先指出现有的片段共享技术存在大量后门攻击。然后，我们提出了一种名为 BR-FEEL 的后门弹性方法来抵御潜在的后门攻击。具体来说，每个良性客户端都会建立一个孪生模型，以整合来自其他客户端的参数片段。每个客户端都设计了一个知识蒸馏过程，将孪生模型中的干净知识转移到本地模型中。有了孪生模型和知识蒸馏过程，我们的 BR-FEEL 方法就能确保良性客户机的本地模型不会被回溯。我们使用 MobileNetV2 和 ResNet-34 在 CIFAR-10 和 GTSRB 数据集上进行了实验。数值结果表明，在各种攻击方法下，与其他基线相比，BR-FEEL 能有效降低 90% 以上的攻击成功率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.