An adaptive robust defending algorithm against backdoor attacks in federated learning

Yongkang Wang, Di Hua Zhai*, Yongping He, Yuanqing Xia

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

13 Citations (Scopus)

Abstract

To address the backdoor attacks in federated learning due to the inherently distributed and privacy-preserving peculiarities, we propose RDFL including four components: selecting the eligible parameters to compute the cosine distance; executing adaptive clustering; detecting and removing the suspicious malicious local models; performing adaptive clipping and noising operations. We evaluate the performance of RDFL compared with the existing baselines on MNIST, FEMNIST, and CIFAR-10 datasets under non-independent and identically distributed scenario, and we consider various attack scenarios, including the different numbers of malicious attackers, distributed backdoor attack, different poison ratios of local data and model poisoning attack. Experimental results show that RDFL can effectively mitigate the backdoor attacks, and outperforms the compared baselines.

Original languageEnglish
Pages (from-to)118-131
Number of pages14
JournalFuture Generation Computer Systems
Volume143
DOIs
Publication statusPublished - Jun 2023

Keywords

  • Adaptive clustering
  • Backdoor attack
  • Clipping
  • Differential privacy
  • Federated learning
  • Similarity distance

Fingerprint

Dive into the research topics of 'An adaptive robust defending algorithm against backdoor attacks in federated learning'. Together they form a unique fingerprint.

Cite this