Efficiently Achieving Privacy Preservation and Poisoning Attack Resistance in Federated Learning

Xueyang Li,Xue Yang,Zhengchun Zhou,Rongxing Lu
DOI: https://doi.org/10.1109/tifs.2024.3378006
IF: 7.231
2024-01-01
IEEE Transactions on Information Forensics and Security
Abstract:Federated learning enables clients to train models locally and provide local updates to the server instead of raw dataset, thereby preserving data privacy to some extent. However, adversaries can still pry users’ privacy by inferring updates, and compromise the integrity of the global model through poisoning attack. Therefore, many related works have integrated poisoning attack detection method with secure computation to address both issues. Nevertheless, they still encounter two major challenges: (i) the efficiency is too low to be applied in practice, and (ii) the privacy is still at risk of being leaked, e.g., the distance of two local updates for detecting poisoning attack could be exposed to the server. Aiming at the challenges, in this paper, we propose an Efficient Privacy-preserving and Poisoning attack Resistant scheme for Federated Learning, named EPPRFL, which preserves the privacy for local updates and some intermediate information used to detect poisoning attack. In particular, we design an efficient poisoning attack detection method based on Euclidean distance filtering & clipping technique, named F&C. Then, considering the privacy preservation of the F&C method, we efficiently customize secure comparison, secure median, secure distance computation and secure clipping protocols based on additive secret sharing. Experimental results and theoretical analysis show that compared with existing schemes, EPPRFL can better resist poisoning attack and has lower computational and communication overheads on the client side.
computer science, theory & methods,engineering, electrical & electronic
What problem does this paper attempt to address?
### Problems the Paper Aims to Solve This paper aims to address two key issues in Federated Learning: 1. **Privacy Protection**: Although Federated Learning protects user data privacy to some extent by training models locally instead of uploading raw data, attackers can still infer user privacy through update information. 2. **Adversarial Poisoning Attacks**: Malicious clients can compromise the integrity of the global model by submitting tampered updates. To tackle these challenges, existing solutions typically combine poisoning attack detection methods with Secure Multi-Party Computation (SMC). However, these solutions have the following major issues: - Inefficiency, making them difficult to implement in practical applications. - Privacy may still be compromised, for example, the distance between two local updates during poisoning attack detection might be exposed to the server. To address these problems, this paper proposes a new scheme called EPPRFL (Efficient Privacy-preserving and Poisoning attack Resistant scheme for Federated Learning), which has the following features: - An efficient poisoning attack detection method based on Filtering & Clipping (F&C) techniques using Euclidean distance. - Considering the privacy protection needs in the F&C method, it customizes secure comparison, secure median, secure distance calculation, and secure clipping protocols based on additive secret sharing. Experimental results show that compared to existing schemes, EPPRFL can better resist poisoning attacks and has lower computational and communication overhead on the client side.