Decentralized Federated Learning (DFL) has emerged as a powerful paradigm for collaborative model training across distributed devices. However, this distributed nature introduces new security challenges, including the threat of selection attacks via neighbor deception (SAND). In this paper, we investigate vulnerabilities arising from malicious clients seeking to manipulate both the neighbor selection process and the data distribution of other participants. Employing a neighbor selection mechanism that utilizes a similarity metric, clients exchange statistical information to identify correlated neighbors. Our analysis reveals that a malicious client can exploit this mechanism by imitating a victim’s statistical profile to maximize their similarity score, thereby securing their position as neighbors. Subsequently, they gain direct access to the victim’s model update process. With this access, a malicious user can facilitate the injection of corrupted updates that result in misclassifications during the victim’s training process. Our study underscores the importance of robust security measures in DFL and shed lights on potential countermeasures to mitigate the impact of SANDs.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Stuck in the SAND: When Your Neighbor Becomes Your Enemy

  • Tre’ R. Jeter,
  • Minh N. Vu,
  • Raed Alharbi,
  • My T. Thai

摘要

Decentralized Federated Learning (DFL) has emerged as a powerful paradigm for collaborative model training across distributed devices. However, this distributed nature introduces new security challenges, including the threat of selection attacks via neighbor deception (SAND). In this paper, we investigate vulnerabilities arising from malicious clients seeking to manipulate both the neighbor selection process and the data distribution of other participants. Employing a neighbor selection mechanism that utilizes a similarity metric, clients exchange statistical information to identify correlated neighbors. Our analysis reveals that a malicious client can exploit this mechanism by imitating a victim’s statistical profile to maximize their similarity score, thereby securing their position as neighbors. Subsequently, they gain direct access to the victim’s model update process. With this access, a malicious user can facilitate the injection of corrupted updates that result in misclassifications during the victim’s training process. Our study underscores the importance of robust security measures in DFL and shed lights on potential countermeasures to mitigate the impact of SANDs.