Single-client GAN-based backdoor attacks for Asynchronous Federated Learning

Abstract

Federated Learning (FL) enables distributed collaborative training while preserving data privacy; however, it demonstrates significant vulnerability to backdoor attacks. Existing attack methodologies predominantly require control of numerous malicious clients to achieve efficacy and largely neglect asynchronous FL scenarios. In response to these limitations, we propose a novel GAN-based backdoor attack framework capable of injecting effective and covert backdoors with minimal malicious client participation, functioning efficiently across both synchronous and asynchronous environments. Our framework operates effectively with a single malicious client, eliminating the need for coordination among multiple adversarial participants or prior knowledge of benign client data distributions. This reduction in resource requirements enhances the framework's practicality in real-world FL implementations. The malicious client employs a Generative Adversarial Network to synthesize adversarial samples containing predefined triggers, which are subsequently incorporated into local training datasets. The concurrent training on legitimate and triggered data enhances attack effectiveness, while gradient injection—manipulating differences between local and global gradients to introduce strategic noise—facilitates backdoor embedding with improved stealth characteristics. Empirical evaluations demonstrate that in a configuration of 200 clients with a single attacker, our framework achieves attack success rates of 98.66 % on MNIST and 86.29 % on CIFAR-10 datasets. Comprehensive experimentation across both datasets substantiates the framework's effectiveness, imperceptibility, and resilience in synchronous and asynchronous FL environments. This research contributes significant insights into backdoor attack strategies in FL, particularly within asynchronous contexts, and underscores the imperative for developing robust defensive countermeasures.