Venue
- IEEE Internet of Things Journal
Date
- 2021
Data Poisoning Attacks on Federated Machine Learning
Gan Sun*
Yang Cong*
Jiahua Dong*
Qiang Wang*
Ji Liu*
* External authors
IEEE Internet of Things Journal
2021
Abstract
Federated machine learning which enables resource-constrained node devices (e.g., Internet of Things (IoT) devices, smartphones) to establish a knowledge-shared model while keeping the raw data local, could provide privacy preservation and economic benefit by designing an effective communication protocol. However, this communication protocol can be adopted by attackers to launch data poisoning attacks for different nodes, which has been shown as a big threat to most machine learning models. Therefore, we in this paper intend to study the model vulnerability of federated machine learning, and even on IoT systems. To be specific, we here attempt to attacking a popular federated multi-task learning framework, which uses a general multi-task learning framework to handle statistical challenges in federated learning setting. The problem of calculating optimal poisoning attacks on federated multi-task learning is formulated as a bilevel program, which is adaptive to arbitrary selection of target nodes and source attacking nodes. We then propose a novel systems-aware optimization method, called as ATTack on Federated Learning (ATFL), to efficiently derive the implicit gradients for poisoned data, and further attain optimal attack strategies in the federated machine learning. This is an earlier work, to our knowledge, that explores attacking federated machine learning via data poisoning. Finally, experiments on several real-world datasets demonstrate that when the attackers directly poison the target nodes or indirectly poison the related nodes via using the communication protocol, federated multi-task learning model is sensitive to both poisoning attacks.
Related Publications
In this paper, we propose WaterMark Detection (WMD), the first invisible watermark detection method under a black-box and annotation-free setting. WMD is capable of detecting arbitrary watermarks within a given reference dataset using a clean non watermarked dataset as a ref…
Current image anonymization techniques, largely focus on localized pseudonymization, typically modify identifiable features like faces or full bodies and evaluate anonymity through metrics such as detection and re-identification rates. However, this approach often overlooks …
We present COALA, a vision-centric Federated Learning (FL) platform, and a suite of benchmarks for practical FL scenarios, which we categorize as task, data, and model levels. At the task level, COALA extends support from simple classification to 15 computer vision tasks, in…
JOIN US
Shape the Future of AI with Sony AI
We want to hear from those of you who have a strong desire
to shape the future of AI.