SecDefender: Detecting low-quality models in multidomain federated learning systems

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

Future Generation Computer Systems-The International Journal of Escience Pub Date : 2024-11-04 DOI:10.1016/j.future.2024.107587

Sameera K.M. , Arnaldo Sgueglia , Vinod P. , Rafidha Rehiman K.A. , Corrado Aaron Visaggio , Andrea Di Sorbo , Mauro Conti

{"title":"SecDefender: Detecting low-quality models in multidomain federated learning systems","authors":"Sameera K.M. , Arnaldo Sgueglia , Vinod P. , Rafidha Rehiman K.A. , Corrado Aaron Visaggio , Andrea Di Sorbo , Mauro Conti","doi":"10.1016/j.future.2024.107587","DOIUrl":null,"url":null,"abstract":"<div><div>Federated learning (FL) is an innovative distributed learning paradigm that permits multiple parties to train models collaboratively while protecting individual privacy. However, it encounters security challenges, making it vulnerable to several adversarial attacks and leading to compromising model performance. Existing research on FL poisoning attacks and defense techniques tends to be application-specific, primarily emphasizing attack capabilities. However, it fails to consider inherent vulnerabilities in FL and the impact of attack intensity. To our knowledge, no existing work has delved into these issues within a multi-domain FL environment. This paper addresses these concerns by investigating the consequences of targeted label-flipping attacks within FL systems and comprehensively examining the effects of the attacks in single-label, double-label, and triple-label scenarios with different levels of poisoning intensities. Additionally, we investigate the influence of a temporal label-flipping attack, where we study the impact of adversaries available only for specific federated training rounds. Moreover, we propose a novel server-based defense mechanism called SecDefender to detect low-quality models in both IID and Non-IID settings of multi-domain environments. Our approach is rigorously evaluated against state-of-the-art alternatives using six benchmark datasets: CIC-Darknet2020, Fashion-MNIST, FEDMNIST, GTSR, HAR, and MNIST. Extensive experiments demonstrate that our proposed SecDefender significantly enhances its performance by over 65% in terms of source class recall, maintaining a low attack success rate. Consequently, there is a 1% to 2% enhancement in global model accuracy compared to existing approaches.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"164 ","pages":"Article 107587"},"PeriodicalIF":6.2000,"publicationDate":"2024-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X2400551X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Federated learning (FL) is an innovative distributed learning paradigm that permits multiple parties to train models collaboratively while protecting individual privacy. However, it encounters security challenges, making it vulnerable to several adversarial attacks and leading to compromising model performance. Existing research on FL poisoning attacks and defense techniques tends to be application-specific, primarily emphasizing attack capabilities. However, it fails to consider inherent vulnerabilities in FL and the impact of attack intensity. To our knowledge, no existing work has delved into these issues within a multi-domain FL environment. This paper addresses these concerns by investigating the consequences of targeted label-flipping attacks within FL systems and comprehensively examining the effects of the attacks in single-label, double-label, and triple-label scenarios with different levels of poisoning intensities. Additionally, we investigate the influence of a temporal label-flipping attack, where we study the impact of adversaries available only for specific federated training rounds. Moreover, we propose a novel server-based defense mechanism called SecDefender to detect low-quality models in both IID and Non-IID settings of multi-domain environments. Our approach is rigorously evaluated against state-of-the-art alternatives using six benchmark datasets: CIC-Darknet2020, Fashion-MNIST, FEDMNIST, GTSR, HAR, and MNIST. Extensive experiments demonstrate that our proposed SecDefender significantly enhances its performance by over 65% in terms of source class recall, maintaining a low attack success rate. Consequently, there is a 1% to 2% enhancement in global model accuracy compared to existing approaches.

查看原文本刊更多论文

SecDefender：检测多域联合学习系统中的低质量模型

联合学习（FL）是一种创新的分布式学习模式，它允许多方协作训练模型，同时保护个人隐私。然而，它也面临着安全挑战，容易受到一些对抗性攻击，导致模型性能受损。现有的 FL 中毒攻击和防御技术研究往往针对特定应用，主要强调攻击能力。但是，这些研究没有考虑 FL 固有的漏洞和攻击强度的影响。据我们所知，目前还没有研究在多域 FL 环境中深入探讨这些问题。本文通过研究 FL 系统内有针对性的标签翻转攻击的后果，以及在单标签、双标签和三标签场景中不同程度的中毒强度下全面检查攻击的影响，来解决这些问题。此外，我们还研究了时间标签翻转攻击的影响，其中我们研究了仅在特定联合训练轮次中可用的对手的影响。此外，我们还提出了一种名为 SecDefender 的基于服务器的新型防御机制，用于在多域环境的 IID 和 Non-IID 设置中检测低质量模型。我们使用六个基准数据集对我们的方法与最先进的替代方法进行了严格评估：这六个基准数据集是：CIC-Darknet2020、Fashion-MNIST、FEDMNIST、GTSR、HAR 和 MNIST。广泛的实验表明，我们提出的 SecDefender 在源类召回率方面显著提高了 65% 以上，同时保持了较低的攻击成功率。因此，与现有方法相比，全局模型准确性提高了 1%-2%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.