Cybersecurity in FL: Attacks and Defenses
摘要
This chapter examines how federated learning (FL) systems can be compromised by adversaries and how to defend against such attacks. It begins by introducing two basic attack vectors: model poisoning, where attackers tamper with model updates, and data poisoning, where they manipulate local datasets. The chapter then categorizes attacks based on their goals, including denial-of-service, backdoor, and model inversion attacks. Each attack type targets a different vulnerability in the FL workflow. Next, the chapter describes how to design GTVMin-based FL methods that are more robust. Defense strategies include clipping or trimming suspicious updates, using robust loss functions, and adding noise to maintain differential privacy. The chapter concludes by highlighting that well-designed FL systems must balance robustness, privacy protection, and resilience to ensure secure and reliable learning across distributed devices.