* External authors




Data Poisoning Attacks on Federated Machine Learning

Gan Sun*

Yang Cong*

Jiahua Dong*

Qiang Wang*

Lingjuan Lyu

Ji Liu*

* External authors

IEEE Internet of Things Journal



Federated machine learning which enables resource-constrained node devices (e.g., Internet of Things (IoT) devices, smartphones) to establish a knowledge-shared model while keeping the raw data local, could provide privacy preservation and economic benefit by designing an effective communication protocol. However, this communication protocol can be adopted by attackers to launch data poisoning attacks for different nodes, which has been shown as a big threat to most machine learning models. Therefore, we in this paper intend to study the model vulnerability of federated machine learning, and even on IoT systems. To be specific, we here attempt to attacking a popular federated multi-task learning framework, which uses a general multi-task learning framework to handle statistical challenges in federated learning setting. The problem of calculating optimal poisoning attacks on federated multi-task learning is formulated as a bilevel program, which is adaptive to arbitrary selection of target nodes and source attacking nodes. We then propose a novel systems-aware optimization method, called as ATTack on Federated Learning (ATFL), to efficiently derive the implicit gradients for poisoned data, and further attain optimal attack strategies in the federated machine learning. This is an earlier work, to our knowledge, that explores attacking federated machine learning via data poisoning. Finally, experiments on several real-world datasets demonstrate that when the attackers directly poison the target nodes or indirectly poison the related nodes via using the communication protocol, federated multi-task learning model is sensitive to both poisoning attacks.

Related Publications

MocoSFL: enabling cross-client collaborative self-supervised learning

ICLR, 2023
Jingtao Li, Lingjuan Lyu, Daisuke Iso, Chaitali Chakrabarti*, Michael Spranger

Existing collaborative self-supervised learning (SSL) schemes are not suitable for cross-client applications because of their expensive computation and large local data requirements. To address these issues, we propose MocoSFL, a collaborative SSL framework based on Split Fe…

IDEAL: Query-Efficient Data-Free Learning from Black-Box Models

ICLR, 2023
Jie Zhang, Chen Chen, Lingjuan Lyu

Knowledge Distillation (KD) is a typical method for training a lightweight student model with the help of a well-trained teacher model. However, most KD methods require access to either the teacher's training data or model parameter, which is unrealistic. To tackle this prob…

Twofer: Tackling Continual Domain Shift with Simultaneous Domain Generalization and Adaptation

ICLR, 2023
Chenxi Liu*, Lixu Wang, Lingjuan Lyu, Chen Sun*, Xiao Wang*, Qi Zhu*

In real-world applications, deep learning models often run in non-stationary environments where the target data distribution continually shifts over time. There have been numerous domain adaptation (DA) methods in both online and offline modes to improve cross-domain adaptat…


Shape the Future of AI with Sony AI

We want to hear from those of you who have a strong desire
to shape the future of AI.