Flower Gone? Exploring Insider Attacks and the Effects on Federated Learning
摘要
Federated learning (FL) is a privacy-aware machine-learning paradigm due to its decentralised data silos. However, its distributed nature introduces new risks for malicious insiders to compromise model integrity. In this work, we aim to investigate the empirical impacts of insider attacks on global model performance. We take advantage of a simulated Flower federated learning environment with an MNIST classification task to evaluate several attacks, including general and targeted label flipping, general and targeted model poisoning, fixed and random free-riding and backdoor and parameter scaling attacks. We establish a comprehensive view of model performance using the classification metrics–accuracy, precision, recall, F1 score and model loss. We perform a benchmark assessment and then varied the ratio of insiders for each attack type to detail how this impacted performance. The results indicate a decrease in model performance as the insider ratio increased for most attack types, with random free-riding and parameter scaling being the most impactful at low insider ratios. Targeted model poisoning and backdoor attacks remained consistent with the benchmark, making them challenging to detect. We conclude that a high insider ratio is required for most attacks to have a noticeable impact on model performance, which is unfeasible in larger-scale federated learning systems.