Precision Guided Approach to Mitigate Data Poisoning Attacks in Federated Learning

K Naveen Kumar,C Krishna Mohan,Aravind Machiry
2024-04-05
Abstract:Federated Learning (FL) is a collaborative learning paradigm enabling participants to collectively train a shared machine learning model while preserving the privacy of their sensitive data. Nevertheless, the inherent decentralized and data-opaque characteristics of FL render its susceptibility to data poisoning attacks. These attacks introduce malformed or malicious inputs during local model training, subsequently influencing the global model and resulting in erroneous predictions. Current FL defense strategies against data poisoning attacks either involve a trade-off between accuracy and robustness or necessitate the presence of a uniformly distributed root dataset at the server. To overcome these limitations, we present FedZZ, which harnesses a zone-based deviating update (ZBDU) mechanism to effectively counter data poisoning attacks in FL. Further, we introduce a precision-guided methodology that actively characterizes these client clusters (zones), which in turn aids in recognizing and discarding malicious updates at the server. Our evaluation of FedZZ across two widely recognized datasets: CIFAR10 and EMNIST, demonstrate its efficacy in mitigating data poisoning attacks, surpassing the performance of prevailing state-of-the-art methodologies in both single and multi-client attack scenarios and varying attack volumes. Notably, FedZZ also functions as a robust client selection strategy, even in highly non-IID and attack-free scenarios. Moreover, in the face of escalating poisoning rates, the model accuracy attained by FedZZ displays superior resilience compared to existing techniques. For instance, when confronted with a 50% presence of malicious clients, FedZZ sustains an accuracy of 67.43%, while the accuracy of the second-best solution, FL-Defender, diminishes to 43.36%.
Cryptography and Security,Artificial Intelligence
What problem does this paper attempt to address?
The problem that this paper attempts to solve is how to effectively resist data poisoning attacks in Federated Learning (FL). Specifically, Federated Learning is a decentralized machine - learning paradigm that allows participants to jointly train a shared machine - learning model without revealing sensitive data. However, due to its inherent decentralization and data opacity characteristics, Federated Learning is vulnerable to data poisoning attacks. These attacks affect the performance of the global model by introducing malicious or abnormal inputs during the local model training process, leading to prediction errors. Currently, the defense strategies against data poisoning attacks either have a trade - off between accuracy and robustness or require a uniformly distributed root data set on the server side. To overcome these limitations, this paper proposes a Zone - Based Deviating Update (ZBDU) mechanism and uses an accuracy - guided method to identify and discard malicious updates, thereby effectively resisting data poisoning attacks. The main contributions of the paper include: 1. Proposing a new defense method - Zone - Based Deviating Update (ZBDU) - for resisting non - targeted data poisoning attacks. 2. Designing and implementing the tool F/e.sc/d.scZZ, which uses an accuracy - guided method to create and maintain client zones, an important requirement for ZBDU. 3. Through extensive evaluation of various attack configurations, it is shown that F/e.sc/d.scZZ can still maintain a relatively high accuracy (about 67%) under a high attack rate and outperforms existing technologies in terms of detection rate and false positive rate. 4. Making the implementation open - source to support future research. Through these methods, the paper aims to improve the robustness and security of Federated Learning systems, especially their performance in the face of data poisoning attacks.