基于隐私保护的量化联邦学习中模型损坏的恶意用户检测

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2023-10-01 DOI:10.1016/j.cose.2023.103406

Hua Ma , Qun Li , Yifeng Zheng , Zhi Zhang , Xiaoning Liu , Yansong Gao , Said F. Al-Sarawi , Derek Abbott

{"title":"基于隐私保护的量化联邦学习中模型损坏的恶意用户检测","authors":"Hua Ma , Qun Li , Yifeng Zheng , Zhi Zhang , Xiaoning Liu , Yansong Gao , Said F. Al-Sarawi , Derek Abbott","doi":"10.1016/j.cose.2023.103406","DOIUrl":null,"url":null,"abstract":"<div>The use of cryptographic privacy-preserving techniques in Federated Learning (FL) inadvertently induces a security dilemma because tampered local model parameters are encrypted and thus prevented from auditing. This work firstly demonstrates the triviality of performing model corruption attacks against privacy-preserving FL. We consider the scenario where the model updates are quantized to reduce the communication overhead, whilst the adversary can simply provide local parameters out of a legitimate range to corrupt the model. We then propose MUD-PQFed, a protocol that can precisely detect malicious attacks and enforce fair penalties on malicious clients. By deleting the contributions from the detected malicious clients, the global model utility is preserved as compared to the baseline global model in the absence of the corruption attack. Extensive experiments on MNIST, CIFAR-10, and CelebA benchmark datasets validate the efficacy in terms of retaining the baseline accuracy and effectiveness in terms of detecting malicious clients in a fine-grained manner.</div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"133 ","pages":"Article 103406"},"PeriodicalIF":4.8000,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MUD-PQFed: Towards Malicious User Detection on model corruption in Privacy-preserving Quantized Federated learning\",\"authors\":\"Hua Ma , Qun Li , Yifeng Zheng , Zhi Zhang , Xiaoning Liu , Yansong Gao , Said F. Al-Sarawi , Derek Abbott\",\"doi\":\"10.1016/j.cose.2023.103406\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>The use of cryptographic privacy-preserving techniques in Federated Learning (FL) inadvertently induces a security dilemma because tampered local model parameters are encrypted and thus prevented from auditing. This work firstly demonstrates the triviality of performing model corruption attacks against privacy-preserving FL. We consider the scenario where the model updates are quantized to reduce the communication overhead, whilst the adversary can simply provide local parameters out of a legitimate range to corrupt the model. We then propose MUD-PQFed, a protocol that can precisely detect malicious attacks and enforce fair penalties on malicious clients. By deleting the contributions from the detected malicious clients, the global model utility is preserved as compared to the baseline global model in the absence of the corruption attack. Extensive experiments on MNIST, CIFAR-10, and CelebA benchmark datasets validate the efficacy in terms of retaining the baseline accuracy and effectiveness in terms of detecting malicious clients in a fine-grained manner.</div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"133 \",\"pages\":\"Article 103406\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2023-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404823003164\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404823003164","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在联合学习（FL）中使用加密隐私保护技术无意中导致了安全困境，因为被篡改的局部模型参数被加密，从而被阻止进行审计。这项工作首先证明了对保护隐私的FL执行模型破坏攻击的重要性。我们考虑的场景是，对模型更新进行量化以减少通信开销，而对手可以简单地提供合法范围外的局部参数来破坏模型。然后，我们提出了MUD PQFed，这是一种可以精确检测恶意攻击并对恶意客户端实施公平惩罚的协议。通过从检测到的恶意客户端中删除贡献，与没有损坏攻击的基线全局模型相比，全局模型实用程序得以保留。在MNIST、CIFAR-10和CelebA基准数据集上进行的大量实验验证了在保持基线准确性方面的有效性，以及在以细粒度方式检测恶意客户端方面的有效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

MUD-PQFed: Towards Malicious User Detection on model corruption in Privacy-preserving Quantized Federated learning

The use of cryptographic privacy-preserving techniques in Federated Learning (FL) inadvertently induces a security dilemma because tampered local model parameters are encrypted and thus prevented from auditing. This work firstly demonstrates the triviality of performing model corruption attacks against privacy-preserving FL. We consider the scenario where the model updates are quantized to reduce the communication overhead, whilst the adversary can simply provide local parameters out of a legitimate range to corrupt the model. We then propose MUD-PQFed, a protocol that can precisely detect malicious attacks and enforce fair penalties on malicious clients. By deleting the contributions from the detected malicious clients, the global model utility is preserved as compared to the baseline global model in the absence of the corruption attack. Extensive experiments on MNIST, CIFAR-10, and CelebA benchmark datasets validate the efficacy in terms of retaining the baseline accuracy and effectiveness in terms of detecting malicious clients in a fine-grained manner.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.