Details
Originalsprache | Englisch |
---|---|
Titel des Sammelwerks | Proceedings |
Untertitel | 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022 |
Herausgeber (Verlag) | Institute of Electrical and Electronics Engineers Inc. |
Seiten | 820-830 |
Seitenumfang | 11 |
ISBN (elektronisch) | 9781665471770 |
ISBN (Print) | 978-1-6654-7178-7 |
Publikationsstatus | Veröffentlicht - 2022 |
Veranstaltung | 42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022 - Bologna, Italien Dauer: 10 Juli 2022 → 13 Juli 2022 |
Publikationsreihe
Name | Proceedings - International Conference on Distributed Computing Systems |
---|---|
Band | 2022-July |
Abstract
Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Software
- Informatik (insg.)
- Hardware und Architektur
- Informatik (insg.)
- Computernetzwerke und -kommunikation
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
Proceedings : 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022. Institute of Electrical and Electronics Engineers Inc., 2022. S. 820-830 (Proceedings - International Conference on Distributed Computing Systems; Band 2022-July).
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - Toward Cleansing Backdoored Neural Networks in Federated Learning
AU - Wu, Chen
AU - Yang, Xian
AU - Zhu, Sencun
AU - Mitra, Prasenjit
PY - 2022
Y1 - 2022
N2 - Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.
AB - Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.
KW - backdoor attack
KW - federated learning
KW - federated model pruning
KW - machine-learning security
UR - http://www.scopus.com/inward/record.url?scp=85140918570&partnerID=8YFLogxK
U2 - 10.1109/ICDCS54860.2022.00084
DO - 10.1109/ICDCS54860.2022.00084
M3 - Conference contribution
AN - SCOPUS:85140918570
SN - 978-1-6654-7178-7
T3 - Proceedings - International Conference on Distributed Computing Systems
SP - 820
EP - 830
BT - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022
Y2 - 10 July 2022 through 13 July 2022
ER -