References & Citations
Computer Science > Machine Learning
Title: Backdoor Attacks in Peer-to-Peer Federated Learning
(Submitted on 23 Jan 2023 (v1), last revised 25 Jun 2023 (this version, v3))
Abstract: Most machine learning applications rely on centralized learning processes, opening up the risk of exposure of their training datasets. While federated learning (FL) mitigates to some extent these privacy risks, it relies on a trusted aggregation server for training a shared global model. Recently, new distributed learning architectures based on Peer-to-Peer Federated Learning (P2PFL) offer advantages in terms of both privacy and reliability. Still, their resilience to poisoning attacks during training has not been investigated. In this paper, we propose new backdoor attacks for P2PFL that leverage structural graph properties to select the malicious nodes, and achieve high attack success, while remaining stealthy. We evaluate our attacks under various realistic conditions, including multiple graph topologies, limited adversarial visibility of the network, and clients with non-IID data. Finally, we show the limitations of existing defenses adapted from FL and design a new defense that successfully mitigates the backdoor attacks, without an impact on model accuracy.
Submission history
From: Gökberk Yar [view email][v1] Mon, 23 Jan 2023 21:49:28 GMT (15208kb,D)
[v2] Tue, 7 Feb 2023 02:58:12 GMT (2565kb,D)
[v3] Sun, 25 Jun 2023 14:08:26 GMT (4324kb,D)
Link back to: arXiv, form interface, contact.