Deep Model Poisoning Attack on Federated Learning

Deep Model Poisoning Attack on Federated Learning

Federated learning is a novel distributed learning framework, which enables thousands of participants to collaboratively construct a deep learning model. In order to protect confidentiality of the training data, the shared information between server and participants are only limited to model paramet...

Full description

Bibliographic Details
Main Authors: Xingchen Zhou, Ming Xu, Yiming Wu, Ning Zheng
Format: Article
Language:English
Published: MDPI AG 2021-03-01
Series:Future Internet
Subjects:
federated learning
model poisoning attack
decentralized approach
Online Access:https://www.mdpi.com/1999-5903/13/3/73
id doaj-1993c60ff39f4a58890410c77aeb15ea
record_format Article
spelling doaj-1993c60ff39f4a58890410c77aeb15ea2021-03-15T00:03:23ZengMDPI AGFuture Internet1999-59032021-03-0113737310.3390/fi13030073Deep Model Poisoning Attack on Federated LearningXingchen Zhou0Ming Xu1Yiming Wu2Ning Zheng3School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, ChinaSchool of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, ChinaSchool of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, ChinaSchool of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, ChinaFederated learning is a novel distributed learning framework, which enables thousands of participants to collaboratively construct a deep learning model. In order to protect confidentiality of the training data, the shared information between server and participants are only limited to model parameters. However, this setting is vulnerable to model poisoning attack, since the participants have permission to modify the model parameters. In this paper, we perform systematic investigation for such threats in federated learning and propose a novel optimization-based model poisoning attack. Different from existing methods, we primarily focus on the effectiveness, persistence and stealth of attacks. Numerical experiments demonstrate that the proposed method can not only achieve high attack success rate, but it is also stealthy enough to bypass two existing defense methods.https://www.mdpi.com/1999-5903/13/3/73federated learningmodel poisoning attackdecentralized approach
collection DOAJ
language English
format Article
sources DOAJ
author Xingchen Zhou
Ming Xu
Yiming Wu
Ning Zheng
spellingShingle Xingchen Zhou
Ming Xu
Yiming Wu
Ning Zheng
Deep Model Poisoning Attack on Federated Learning
Future Internet
federated learning
model poisoning attack
decentralized approach
author_facet Xingchen Zhou
Ming Xu
Yiming Wu
Ning Zheng
author_sort Xingchen Zhou
title Deep Model Poisoning Attack on Federated Learning
title_short Deep Model Poisoning Attack on Federated Learning
title_full Deep Model Poisoning Attack on Federated Learning
title_fullStr Deep Model Poisoning Attack on Federated Learning
title_full_unstemmed Deep Model Poisoning Attack on Federated Learning
title_sort deep model poisoning attack on federated learning
publisher MDPI AG
series Future Internet
issn 1999-5903
publishDate 2021-03-01
description Federated learning is a novel distributed learning framework, which enables thousands of participants to collaboratively construct a deep learning model. In order to protect confidentiality of the training data, the shared information between server and participants are only limited to model parameters. However, this setting is vulnerable to model poisoning attack, since the participants have permission to modify the model parameters. In this paper, we perform systematic investigation for such threats in federated learning and propose a novel optimization-based model poisoning attack. Different from existing methods, we primarily focus on the effectiveness, persistence and stealth of attacks. Numerical experiments demonstrate that the proposed method can not only achieve high attack success rate, but it is also stealthy enough to bypass two existing defense methods.
topic federated learning
model poisoning attack
decentralized approach
url https://www.mdpi.com/1999-5903/13/3/73
work_keys_str_mv AT xingchenzhou deepmodelpoisoningattackonfederatedlearning
AT mingxu deepmodelpoisoningattackonfederatedlearning
AT yimingwu deepmodelpoisoningattackonfederatedlearning
AT ningzheng deepmodelpoisoningattackonfederatedlearning
_version_ 1724221154842902528

Similar Items