Federated Learning is a novel technology that trains the model in a distributed manner with local data. However, this decentralized architecture is vulnerable to data-poisoning attacks when incorrect information is fed to the global model. This chapter discusses security vulnerabilities in federated learning systems against data-poisoning attacks. This chapter discusses two types of attack models: model degradation attacks and targeted misclassification attacks, where GANs synthesize poisoned data samples. Then, we articulate a proposed clustering-based detection method as a defense approach that employs unsupervised learning techniques during the model aggregation stage on updates sent by clients for anomalies. Experimental results show that both attack strategies significantly degraded the model. After applying the clustering defense, the impact of attacks was reduced by accurately detecting and filtering poisoned updates from compromised clients. The proposed detection approach strengthens system security without losing efficiency and improves the model integrity and reliability for real-world decentralized deployments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing Federated Learning Security: Cluster-Based Strategies to Counter GAN-Poisoned Attacks

  • Ehsan Nowroozi,
  • Yoosef Habibi,
  • Abdul Basit Mughal,
  • Mohammad Saedi,
  • Mohsen Jafari

摘要

Federated Learning is a novel technology that trains the model in a distributed manner with local data. However, this decentralized architecture is vulnerable to data-poisoning attacks when incorrect information is fed to the global model. This chapter discusses security vulnerabilities in federated learning systems against data-poisoning attacks. This chapter discusses two types of attack models: model degradation attacks and targeted misclassification attacks, where GANs synthesize poisoned data samples. Then, we articulate a proposed clustering-based detection method as a defense approach that employs unsupervised learning techniques during the model aggregation stage on updates sent by clients for anomalies. Experimental results show that both attack strategies significantly degraded the model. After applying the clustering defense, the impact of attacks was reduced by accurately detecting and filtering poisoned updates from compromised clients. The proposed detection approach strengthens system security without losing efficiency and improves the model integrity and reliability for real-world decentralized deployments.