4 research outputs found
Defending against Backdoors in Federated Learning with Robust Learning Rate
Federated learning (FL) allows a set of agents to collaboratively train a
model without sharing their potentially sensitive data. This makes FL suitable
for privacy-preserving applications. At the same time, FL is susceptible to
adversarial attacks due to decentralized and unvetted data. One important line
of attacks against FL is the backdoor attacks. In a backdoor attack, an
adversary tries to embed a backdoor functionality to the model during training
that can later be activated to cause a desired misclassification. To prevent
backdoor attacks, we propose a lightweight defense that requires minimal change
to the FL protocol. At a high level, our defense is based on carefully
adjusting the aggregation server's learning rate, per dimension and per round,
based on the sign information of agents' updates. We first conjecture the
necessary steps to carry a successful backdoor attack in FL setting, and then,
explicitly formulate the defense based on our conjecture. Through experiments,
we provide empirical evidence that supports our conjecture, and we test our
defense against backdoor attacks under different settings. We observe that
either backdoor is completely eliminated, or its accuracy is significantly
reduced. Overall, our experiments suggest that our defense significantly
outperforms some of the recently proposed defenses in the literature. We
achieve this by having minimal influence over the accuracy of the trained
models. In addition, we also provide convergence rate analysis for our proposed
scheme.Comment: Published at AAAI 202
Privacy and Robustness in Federated Learning: Attacks and Defenses
As data are increasingly being stored in different silos and societies
becoming more aware of data privacy issues, the traditional centralized
training of artificial intelligence (AI) models is facing efficiency and
privacy challenges. Recently, federated learning (FL) has emerged as an
alternative solution and continue to thrive in this new reality. Existing FL
protocol design has been shown to be vulnerable to adversaries within or
outside of the system, compromising data privacy and system robustness. Besides
training powerful global models, it is of paramount importance to design FL
systems that have privacy guarantees and are resistant to different types of
adversaries. In this paper, we conduct the first comprehensive survey on this
topic. Through a concise introduction to the concept of FL, and a unique
taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against
robustness; 3) inference attacks and defenses against privacy, we provide an
accessible review of this important topic. We highlight the intuitions, key
techniques as well as fundamental assumptions adopted by various attacks and
defenses. Finally, we discuss promising future research directions towards
robust and privacy-preserving federated learning.Comment: arXiv admin note: text overlap with arXiv:2003.02133; text overlap
with arXiv:1911.11815 by other author
Heterogeneous Federated Learning: State-of-the-art and Research Challenges
Federated learning (FL) has drawn increasing attention owing to its potential
use in large-scale industrial applications. Existing federated learning works
mainly focus on model homogeneous settings. However, practical federated
learning typically faces the heterogeneity of data distributions, model
architectures, network environments, and hardware devices among participant
clients. Heterogeneous Federated Learning (HFL) is much more challenging, and
corresponding solutions are diverse and complex. Therefore, a systematic survey
on this topic about the research challenges and state-of-the-art is essential.
In this survey, we firstly summarize the various research challenges in HFL
from five aspects: statistical heterogeneity, model heterogeneity,
communication heterogeneity, device heterogeneity, and additional challenges.
In addition, recent advances in HFL are reviewed and a new taxonomy of existing
HFL methods is proposed with an in-depth analysis of their pros and cons. We
classify existing methods from three different levels according to the HFL
procedure: data-level, model-level, and server-level. Finally, several critical
and promising future research directions in HFL are discussed, which may
facilitate further developments in this field. A periodically updated
collection on HFL is available at https://github.com/marswhu/HFL_Survey.Comment: 42 pages, 11 figures, and 4 table