Journal on Communications ›› 2023, Vol. 44 ›› Issue (5): 110-122.doi: 10.11959/j.issn.1000-436x.2023086
• Papers • Previous Articles Next Articles
Shengxing YU1, Zekai CHEN2, Zhong CHEN1, Ximeng LIU2
Revised:
2023-04-12
Online:
2023-05-25
Published:
2023-05-01
Supported by:
CLC Number:
Shengxing YU, Zekai CHEN, Zhong CHEN, Ximeng LIU. DAGUARD: distributed backdoor attack defense scheme under federated learning[J]. Journal on Communications, 2023, 44(5): 110-122.
"
防御方案 | PDR | MNIST | FASHION | |||||
NIR=0.25 | NIR=0.50 | NIR=0.75 | NIR=0.25 | NIR=0.50 | NIR=0.75 | |||
FedAvg | 0.156 25 | 95.23% | 94.71% | 94.65% | 96.92% | 91.05% | 91.06% | |
0.312 50 | 98.18% | 94.30% | 94.28% | 93.24% | 97.02% | 97.02% | ||
0.468 75 | 97.46% | 98.46% | 98.36% | 97.88% | 98.62% | 98.62% | ||
Median | 0.156 25 | 2.58% | 2.19% | 2.17% | 47.23% | 43.51% | 43.52% | |
0.312 50 | 12.92% | 2.81% | 2.71% | 66.17% | 62.75% | 62.74% | ||
0.468 75 | 15.42% | 9.32% | 9.29% | 56.50% | 61.21% | 61.19% | ||
FLAME | 0.156 25 | 11.16% | 0.98% | 0.97% | 9.54% | 7.81% | 7.80% | |
0.312 50 | 1.59% | 0.83% | 0.82% | 9.38% | 27.24% | 27.22% | ||
0.468 75 | 1.74% | 0.86% | 0.85% | 11.89% | 7.25% | 7.23% | ||
DAGUARD | 0.156 25 | 1.27% | 0.75% | 0.73% | 9.38% | 6.37% | 6.35% | |
0.312 50 | 0.85% | 0.99% | 0.98% | 9.04% | 6.31% | 6.29% | ||
0.468 75 | 0.84% | 0.78% | 0.80% | 6.60% | 6.90% | 6.85% |
[1] | MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[C]// Artificial intelligence and statistics. New York:PMLR, 2017: 1273-1282. |
[2] | LIU Y , FAN T , CHEN T J ,et al. FATE:an industrial grade platform for collaborative learning with data protection[J]. The Journal of Machine Learning Research, 2021,22(1): 10320-10325. |
[3] | KURUPATHI S R , MAASS W . Survey on federated learning towards privacy preserving AI[C]// Proceedings of Computer Science & Information Technology (CS & IT). Chennai:AIRCC Publishing Corporation, 2020: 235-253. |
[4] | BOGDANOVA A , NAKAI A , OKADA Y ,et al. Federated learning system without model sharing through integration of dimensional reduced data representations[J]. arXiv Preprint,arXiv:2011.06803, 2020. |
[5] | BIGGIO B , NELSON B , LASKOV P . Poisoning attacks against support vector machines[J]. arXiv Preprint,arXiv:1206.6389, 2012. |
[6] | NELSON B , BARRENO M , CHI F J ,et al. Exploiting machine learning to subvert your spam filter[C]// Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. Berkeley:USENIX Association, 2008: 1-9. |
[7] | FANG M H , CAO X Y , JIA J Y ,et al. Local model poisoning attacks to Byzantine-robust federated learning[C]// Proceedings of the 29th USENIX Conference on Security Symposium. Berkeley:USENIX Association, 2020: 1623-1640. |
[8] | BHAGOJI A N , CHAKRABORTY S , MITTAL P ,et al. Analyzing federated learning through an adversarial lens[C]// International Conference on Machine Learning. New York:PMLR, 2019: 634-643. |
[9] | XIE C , HUANG K , CHEN P Y ,et al. DBA:distributed backdoor attacks against federated learning[C]// Proceedings of the 8th International Conference on Learning Representations. [S.l.]:OpenReview, 2020: 1-19. |
[10] | BAGDASARYAN E , VEIT A , HUA Y ,et al. How to backdoor federated learning[C]// International Conference on Artificial Intelligence and Statistics. New York:PMLR, 2020: 2938-2948. |
[11] | YIN D , CHEN Y , RAMCHANDRAN K ,et al. Byzantine-robust distributed learning:towards optimal statistical rates[C]// International Conference on Machine Learning. New York:PMLR, 2018: 5650-5659. |
[12] | BLANCHARD P , EL-MHAMDI E M , GUERRAOUI R ,et al. Machine learning with adversaries:Byzantine tolerant gradient descent[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems. New York:ACM Press, 2017: 118-128. |
[13] | NGUYEN T D , RIEGER P , MIETTINEN M ,et al. Poisoning attacks on federated learning-based IoT intrusion detection system[C]// Proceedings of 2020 Workshop on Decentralized IoT Systems and Security. Reston:Internet Society, 2020: 1-7. |
[14] | SHOKRI R , STRONATI M , SONG C Z ,et al. Membership inference attacks against machine learning models[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2017: 3-18. |
[15] | GANJU K R , WANG Q , YANG W ,et al. Property inference attacks on fully connected neural networks using permutation invariant representations[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 619-633. |
[16] | PYRGELIS A , TRONCOSO C , CRISTOFARO E D . Knock knock,who’s there? membership inference on aggregate location data[J]. arXiv Preprint,arXiv:1708.06145, 2017. |
[17] | CHEN Y D , SU L L , XU J M . Distributed statistical machine learning in adversarial settings:Byzantine gradient descent[C]// Proceedings of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems. New York:ACM Press, 2018:96. |
[18] | XU J , HUANG S , SONG L ,et al. SignGuard:Byzantine-robust federated learning through collaborative malicious gradient filtering[J]. arXiv Preprint,arXiv:2109.05872, 2021. |
[19] | SHEN S Q , TOPLE S , SAXENA P . Auror:defending against poisoning attacks in collaborative deep learning systems[C]// Proceedings of the 32nd Annual Conference on Computer Security Applications. New York:ACM Press, 2016: 508-519. |
[20] | NGUYEN T D , RIEGER P , CHEN H ,et al. FLAME:taming backdoors in federated learning[C]// Proceedings of the 31st USENIX Security Symposium. Berkeley:USENIX Association, 2022: 1415-1432. |
[21] | WEN W , XU C , YAN F ,et al. TernGrad:ternary gradients to reduce communication in distributed deep learning[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems. New York:ACM Press, 2017: 1508-1518. |
[22] | ESTER M , KRIEGEL H P , SANDER J ,et al. A density-based algorithm for discovering clusters in large spatial databases with noise[C]// Proceedings of the Second International Conference on Knowledge Discovery and Data Mining. Palo Alto:AAAI Press, 1996: 226-231. |
[23] | CAMPELLO R J G B , MOULAVI D , SANDER J . Density-based clustering based on hierarchical density estimates[C]// Pacific-Asia Conference on Knowledge Discovery and Data Mining. Berlin:Springer, 2013: 160-172. |
[24] | HAN J , PEI J , TONG H . Data mining:concepts and techniques[M]. San Francisco: Margan Kaufmann, 2022. |
[25] | MURTAGH F , CONTRERAS P . Algorithms for hierarchical clustering:an overview[J]. Wiley Interdisciplinary Reviews:Data Mining and Knowledge Discovery, 2012,2(1): 86-97. |
[26] | KRISHNA K , NARASIMHA M M . Genetic K-means algorithm[J]. IEEE Transactions on Systems,Man,and Cybernetics,Part B (Cybernetics), 1999,29(3): 433-439. |
[27] | AMINI A , WAH T Y , SAYBANI M R ,et al. A study of density-grid based clustering algorithms on data streams[C]// Proceedings of 2011 Eighth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD). Piscataway:IEEE Press, 2011: 1652-1656. |
[28] | DWORK C . Differential privacy:a survey of results[C]// International Conference on Theory and Applications of Models of Computation. Berlin:Springer, 2008: 1-19. |
[29] | HUANG Z H , HU R , GUO Y X ,et al. DP-ADMM:ADMM-based distributed learning with differential privacy[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 1002-1012. |
[30] | DWORK C , ROTH A . The algorithmic foundations of differential privacy[J]. Foundations and Trends in Theoretical Computer Science, 2013,9(3/4): 211-407. |
[31] | BONAWITZ K , IVANOV V , KREUTER B ,et al. Practical secure aggregation for privacy-preserving machine learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 1175-1191. |
[32] | ANDERSON A G , BERG C P . The high-dimensional geometry of binary neural networks[J]. arXiv Preprint,arXiv:1705.07199, 2017. |
[33] | SUN Z , KAIROUZ P , SURESH A T ,et al. Can you really backdoor federated learning?[J]. arXiv Preprint,arXiv:1911.07963, 2019. |
[34] | DU M , JIA R , SONG D . Robust anomaly detection and backdoor attack detection via differential privacy[J]. arXiv Preprint,arXiv:1911.07116, 2019. |
[35] | LECUN Y , BOTTOU L , BENGIO Y ,et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998,86(11): 2278-2324. |
[36] | XIAO H , RASUL K , VOLLGRAF R . Fashion-MNIST:a novel image dataset for benchmarking machine learning algorithms[J]. arXiv Preprint,arXiv:1708.07747, 2017. |
[1] | Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102. |
[2] | Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153. |
[3] | Kaiju LI, Qiang XU, Hao WANG. Communication-efficient federated learning method via redundant data elimination [J]. Journal on Communications, 2023, 44(5): 79-93. |
[4] | Hui JIANG, Tianliu HE, Min LIU, Sheng SUN, Yuwei WANG. High-performance federated continual learning algorithm for heterogeneous streaming data [J]. Journal on Communications, 2023, 44(5): 123-136. |
[5] | Youliang TIAN, Shihong WU, Ta LI, Lindong WANG, Hua ZHOU. Federated learning optimization algorithm based on incentive mechanism [J]. Journal on Communications, 2023, 44(5): 169-180. |
[6] | Jiale ZHANG, Chengcheng ZHU, Xiaobing SUN, Bing CHEN. Membership inference attack and defense method in federated learning based on GAN [J]. Journal on Communications, 2023, 44(5): 193-205. |
[7] | Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233. |
[8] | Yu DONG, Youpeng ZHANG. Conflict evidence combination method based on clustering weighting [J]. Journal on Communications, 2023, 44(3): 157-163. |
[9] | Shufen ZHANG, Yanling DONG, Jingcheng XU, Haoshi WANG. AdaBoost algorithm based on target perturbation [J]. Journal on Communications, 2023, 44(2): 198-209. |
[10] | Shengxing YU, Zhong CHEN. Efficient secure federated learning aggregation framework based on homomorphic encryption [J]. Journal on Communications, 2023, 44(1): 14-28. |
[11] | Lingtao TANG, Di WANG, Shengyun LIU. Data augmentation scheme for federated learning with non-IID data [J]. Journal on Communications, 2023, 44(1): 164-176. |
[12] | Chengsheng YUAN, Qiang GUO, Zhangjie FU. Copyright protection algorithm based on differential privacy deep fake fingerprint detection model [J]. Journal on Communications, 2022, 43(9): 181-193. |
[13] | Jing ZHAO, Jun LI, Chun LONG, Wei WAN, Jinxia WEI, Kai CHEN. Unsupervised detection method of RoQ covert attacks based on multilayer features [J]. Journal on Communications, 2022, 43(9): 224-239. |
[14] | Hanyi WANG, Xiaoguang LI, Wenqing BI, Yahong CHEN, Fenghua LI, Ben NIU. Multi-level local differential privacy algorithm recommendation framework [J]. Journal on Communications, 2022, 43(8): 52-64. |
[15] | Shaoshuai FAN, Jianbo WU, Hui TIAN. Federated learning resource management for energy-constrained industrial IoT devices [J]. Journal on Communications, 2022, 43(8): 65-77. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|