This chapter examines how federated learning (FL) systems can be compromised by adversaries and how to defend against such attacks. It begins by introducing two basic attack vectors: model poisoning, where attackers tamper with model updates, and data poisoning, where they manipulate local datasets. The chapter then categorizes attacks based on their goals, including denial-of-service, backdoor, and model inversion attacks. Each attack type targets a different vulnerability in the FL workflow. Next, the chapter describes how to design GTVMin-based FL methods that are more robust. Defense strategies include clipping or trimming suspicious updates, using robust loss functions, and adding noise to maintain differential privacy. The chapter concludes by highlighting that well-designed FL systems must balance robustness, privacy protection, and resilience to ensure secure and reliable learning across distributed devices.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cybersecurity in FL: Attacks and Defenses

  • Alexander Jung

摘要

This chapter examines how federated learning (FL) systems can be compromised by adversaries and how to defend against such attacks. It begins by introducing two basic attack vectors: model poisoning, where attackers tamper with model updates, and data poisoning, where they manipulate local datasets. The chapter then categorizes attacks based on their goals, including denial-of-service, backdoor, and model inversion attacks. Each attack type targets a different vulnerability in the FL workflow. Next, the chapter describes how to design GTVMin-based FL methods that are more robust. Defense strategies include clipping or trimming suspicious updates, using robust loss functions, and adding noise to maintain differential privacy. The chapter concludes by highlighting that well-designed FL systems must balance robustness, privacy protection, and resilience to ensure secure and reliable learning across distributed devices.