Dual Perspectives on GAN-Based Data Poisoning in Federated Learning: VagueGAN Attacks and Data Poisoning Detection
摘要
Since training data in Federated Learning (FL) is based on an “available but not visible” mechanism, this raises big challenges such as security vulnerabilities, especially locally for data poisoning. Therefore, malicious clients can result in poisonous model updates, corrupting the model’s accuracy, or reaching certain adversarial objectives. Even though current data-poisoning attacks on FL systems in the literature seem effective, they leave large statistical footprints. In this chapter, we discuss VagueGAN architecture which is a poison attack model that leverages GANs to produce apparently benign vague records containing precisely crafted, poisonous noise. Several experiments prove their degradation effectiveness with least effort and being less detectable. Moreover, we discuss detection mechanism against poisoning attacks by combining Shapley Additive Explanation (SHAP), a mechanism to explain the output data from machine learning models, with Support Vector Machines (SVMs) to successfully differentiate between malicious and pristine clients.