Toward Cleansing Backdoored Neural Networks in Federated Learning

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Chen Wu
  • Xian Yang
  • Sencun Zhu
  • Prasenjit Mitra

Organisationseinheiten

Externe Organisationen

  • Pennsylvania State University
  • North Carolina State University
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des SammelwerksProceedings
Untertitel2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
Seiten820-830
Seitenumfang11
ISBN (elektronisch)9781665471770
ISBN (Print)978-1-6654-7178-7
PublikationsstatusVeröffentlicht - 2022
Veranstaltung42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022 - Bologna, Italien
Dauer: 10 Juli 202213 Juli 2022

Publikationsreihe

NameProceedings - International Conference on Distributed Computing Systems
Band2022-July

Abstract

Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.

ASJC Scopus Sachgebiete

Zitieren

Toward Cleansing Backdoored Neural Networks in Federated Learning. / Wu, Chen; Yang, Xian; Zhu, Sencun et al.
Proceedings : 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022. Institute of Electrical and Electronics Engineers Inc., 2022. S. 820-830 (Proceedings - International Conference on Distributed Computing Systems; Band 2022-July).

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Wu, C, Yang, X, Zhu, S & Mitra, P 2022, Toward Cleansing Backdoored Neural Networks in Federated Learning. in Proceedings : 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022. Proceedings - International Conference on Distributed Computing Systems, Bd. 2022-July, Institute of Electrical and Electronics Engineers Inc., S. 820-830, 42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022, Bologna, Italien, 10 Juli 2022. https://doi.org/10.1109/ICDCS54860.2022.00084
Wu, C., Yang, X., Zhu, S., & Mitra, P. (2022). Toward Cleansing Backdoored Neural Networks in Federated Learning. In Proceedings : 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022 (S. 820-830). (Proceedings - International Conference on Distributed Computing Systems; Band 2022-July). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDCS54860.2022.00084
Wu C, Yang X, Zhu S, Mitra P. Toward Cleansing Backdoored Neural Networks in Federated Learning. in Proceedings : 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022. Institute of Electrical and Electronics Engineers Inc. 2022. S. 820-830. (Proceedings - International Conference on Distributed Computing Systems). doi: 10.1109/ICDCS54860.2022.00084
Wu, Chen ; Yang, Xian ; Zhu, Sencun et al. / Toward Cleansing Backdoored Neural Networks in Federated Learning. Proceedings : 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022. Institute of Electrical and Electronics Engineers Inc., 2022. S. 820-830 (Proceedings - International Conference on Distributed Computing Systems).
Download
@inproceedings{a2de47f29df143b2a292c095668a2fb3,
title = "Toward Cleansing Backdoored Neural Networks in Federated Learning",
abstract = "Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and {"}backdoor neurons{"}, which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.",
keywords = "backdoor attack, federated learning, federated model pruning, machine-learning security",
author = "Chen Wu and Xian Yang and Sencun Zhu and Prasenjit Mitra",
year = "2022",
doi = "10.1109/ICDCS54860.2022.00084",
language = "English",
isbn = "978-1-6654-7178-7",
series = "Proceedings - International Conference on Distributed Computing Systems",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "820--830",
booktitle = "Proceedings",
address = "United States",
note = "42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022 ; Conference date: 10-07-2022 Through 13-07-2022",

}

Download

TY - GEN

T1 - Toward Cleansing Backdoored Neural Networks in Federated Learning

AU - Wu, Chen

AU - Yang, Xian

AU - Zhu, Sencun

AU - Mitra, Prasenjit

PY - 2022

Y1 - 2022

N2 - Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.

AB - Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.

KW - backdoor attack

KW - federated learning

KW - federated model pruning

KW - machine-learning security

UR - http://www.scopus.com/inward/record.url?scp=85140918570&partnerID=8YFLogxK

U2 - 10.1109/ICDCS54860.2022.00084

DO - 10.1109/ICDCS54860.2022.00084

M3 - Conference contribution

AN - SCOPUS:85140918570

SN - 978-1-6654-7178-7

T3 - Proceedings - International Conference on Distributed Computing Systems

SP - 820

EP - 830

BT - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022

Y2 - 10 July 2022 through 13 July 2022

ER -