PnA：针对中毒攻击的稳健聚合到边缘智能的联合学习

IF 3.9 4区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Sensor Networks Pub Date : 2024-06-01 DOI:10.1145/3669902

Jingkai Liu, Xiaoting Lyu, Li Duan, Yongzhong He, Jiqiang Liu, Hongliang Ma, Bin Wang, Chunhua Su, Wei Wang

{"title":"PnA：针对中毒攻击的稳健聚合到边缘智能的联合学习","authors":"Jingkai Liu, Xiaoting Lyu, Li Duan, Yongzhong He, Jiqiang Liu, Hongliang Ma, Bin Wang, Chunhua Su, Wei Wang","doi":"10.1145/3669902","DOIUrl":null,"url":null,"abstract":"Federated learning (FL), which holds promise for use in edge intelligence applications for smart cities, enables smart devices collaborate in training a global model by exchanging local model updates instead of sharing local training data. However, the global model can be corrupted by malicious clients conducting poisoning attacks, resulting in the failure of converging the global model, incorrect predictions on the test set, or the backdoor embedded. Although some aggregation algorithms can enhance the robustness of FL against malicious clients, our work demonstrates that existing stealthy poisoning attacks can still bypass these defense methods. In this work, we propose a robust aggregation mechanism, called Parts and All (PnA), to protect the global model of FL by filtering out malicious local model updates throughout the detection of poisoning attacks at layers of local model updates. We conduct comprehensive experiments on three representative datasets. The experimental results demonstrate that our proposed PnA is more effective than existing robust aggregation algorithms against state-of-the-art poisoning attacks. Besides, PnA has a stable performance against poisoning attacks with different poisoning settings.","PeriodicalId":50910,"journal":{"name":"ACM Transactions on Sensor Networks","volume":"138 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"PnA: Robust Aggregation Against Poisoning Attacks to Federated Learning for Edge Intelligence\",\"authors\":\"Jingkai Liu, Xiaoting Lyu, Li Duan, Yongzhong He, Jiqiang Liu, Hongliang Ma, Bin Wang, Chunhua Su, Wei Wang\",\"doi\":\"10.1145/3669902\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Federated learning (FL), which holds promise for use in edge intelligence applications for smart cities, enables smart devices collaborate in training a global model by exchanging local model updates instead of sharing local training data. However, the global model can be corrupted by malicious clients conducting poisoning attacks, resulting in the failure of converging the global model, incorrect predictions on the test set, or the backdoor embedded. Although some aggregation algorithms can enhance the robustness of FL against malicious clients, our work demonstrates that existing stealthy poisoning attacks can still bypass these defense methods. In this work, we propose a robust aggregation mechanism, called Parts and All (PnA), to protect the global model of FL by filtering out malicious local model updates throughout the detection of poisoning attacks at layers of local model updates. We conduct comprehensive experiments on three representative datasets. The experimental results demonstrate that our proposed PnA is more effective than existing robust aggregation algorithms against state-of-the-art poisoning attacks. Besides, PnA has a stable performance against poisoning attacks with different poisoning settings.\",\"PeriodicalId\":50910,\"journal\":{\"name\":\"ACM Transactions on Sensor Networks\",\"volume\":\"138 1\",\"pages\":\"\"},\"PeriodicalIF\":3.9000,\"publicationDate\":\"2024-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Sensor Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3669902\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Sensor Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3669902","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

联盟学习（FL）有望用于智慧城市的边缘智能应用，它通过交换本地模型更新而不是共享本地训练数据，使智能设备能够合作训练全局模型。然而，全局模型可能会被恶意客户端的中毒攻击破坏，导致全局模型无法收敛、测试集预测错误或嵌入后门。虽然一些聚合算法可以增强 FL 对恶意客户端的鲁棒性，但我们的工作表明，现有的隐蔽中毒攻击仍然可以绕过这些防御方法。在这项工作中，我们提出了一种称为 "部分和全部（PnA）"的稳健聚合机制，通过在局部模型更新层的整个中毒攻击检测过程中过滤掉恶意的局部模型更新，从而保护 FL 的全局模型。我们在三个具有代表性的数据集上进行了全面的实验。实验结果表明，与现有的鲁棒聚合算法相比，我们提出的 PnA 能更有效地对抗最先进的中毒攻击。此外，在不同的中毒设置下，PnA 对中毒攻击具有稳定的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

PnA: Robust Aggregation Against Poisoning Attacks to Federated Learning for Edge Intelligence

Federated learning (FL), which holds promise for use in edge intelligence applications for smart cities, enables smart devices collaborate in training a global model by exchanging local model updates instead of sharing local training data. However, the global model can be corrupted by malicious clients conducting poisoning attacks, resulting in the failure of converging the global model, incorrect predictions on the test set, or the backdoor embedded. Although some aggregation algorithms can enhance the robustness of FL against malicious clients, our work demonstrates that existing stealthy poisoning attacks can still bypass these defense methods. In this work, we propose a robust aggregation mechanism, called Parts and All (PnA), to protect the global model of FL by filtering out malicious local model updates throughout the detection of poisoning attacks at layers of local model updates. We conduct comprehensive experiments on three representative datasets. The experimental results demonstrate that our proposed PnA is more effective than existing robust aggregation algorithms against state-of-the-art poisoning attacks. Besides, PnA has a stable performance against poisoning attacks with different poisoning settings.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Transactions on Sensor Networks 工程技术-电信学

CiteScore

5.90

自引率

7.30%

发文量

131

审稿时长

6 months

期刊介绍： ACM Transactions on Sensor Networks (TOSN) is a central publication by the ACM in the interdisciplinary area of sensor networks spanning a broad discipline from signal processing, networking and protocols, embedded systems, information management, to distributed algorithms. It covers research contributions that introduce new concepts, techniques, analyses, or architectures, as well as applied contributions that report on development of new tools and systems or experiences and experiments with high-impact, innovative applications. The Transactions places special attention on contributions to systemic approaches to sensor networks as well as fundamental contributions.