Federated learning allows clients to collaboratively train a global model without uploading raw data for privacy preservation. This feature, i.e., the inability to review participants' datasets, has recently been found responsible for federated learning's vulnerability in the face of backdoor attacks. Existing defense methods fall short from two perspectives: 1) they consider only very specific and limited attacker models and unable to cope with advanced backdoor attacks, such as distributed backdoor attacks, which break down the global trigger into multiple distributed triggers. 2) they conduct detection based on model granularity thus the performance gets impacted by the model dimension. To address these challenges, we propose Federated Layer Detection (FLD), a novel model filtering approach for effectively defending against backdoor attacks. FLD examines the models based on layer granularity to capture the complete model details and effectively detect potential backdoor models regardless of model dimension. We provide theoretical analysis and proof for the convergence of FLD. Extensive experiments demonstrate that FLD effectively mitigates state-of-the-art backdoor attacks with negligible impact on the accuracy of the primary task.
翻译:联邦学习使客户能够在不上传隐私保护原始数据的情况下合作培训一个全球模型。这一特征,即无法审查参与者的数据集,最近被发现对在面对后门攻击时联邦学习的脆弱性负有责任。现有的防御方法从两个角度看不尽如人意:1)它们只考虑非常具体和有限的攻击者模型,无法应对先进的后门攻击,例如分散式后门攻击,将全球触发器破碎成多种分布式触发器。2)它们根据模型颗粒度进行探测,因此其性能受到模型层面的影响。为了应对这些挑战,我们提议采用联邦图层探测(FLD),这是有效防范后门攻击的新模式过滤方法。FLD检查基于层颗粒度的模型,以捕捉完整的模型细节,并有效探测潜在的后门攻击模型,而不论模型层面如何。我们为FLD的趋同提供了理论分析和证据。广泛的实验表明,FLD有效地减轻了最先进的后门攻击,对主要任务的准确性影响很小。</s>