Informatics and Engineering Systems Faculty Publications and Presentations
Document Type
Conference Proceeding
Publication Date
12-2023
Abstract
Federated learning (FL) is a distributed learning process that uses a trusted aggregation server to allow multiple parties (or clients) to collaboratively train a machine learning model without having them share their private data. Recent research, however, has demonstrated the effectiveness of inference and poisoning attacks on FL. Mitigating both attacks simultaneously is very challenging. State-of-the-art solutions have proposed the use of poisoning defenses with Secure Multi-Party Computation (SMPC) and/or Differential Privacy (DP). However, these techniques are not efficient and fail to address the malicious intent behind the attacks, i.e., adversaries (curious servers and/or compromised clients) seek to exploit a system for monetization purposes. To overcome these limitations, we present a ledger-based FL framework known as FLEDGE that allows making parties accountable for their behavior and achieve reasonable efficiency for mitigating inference and poisoning attacks. Our solution leverages crypto-currency to increase party accountability by penalizing malicious behavior and rewarding benign conduct. We conduct an extensive evaluation on four public datasets: Reddit, MNIST, Fashion-MNIST, and CIFAR-10. Our experimental results demonstrate that (1) FLEDGE provides strong privacy guarantees for model updates without sacrificing model utility; (2) FLEDGE can successfully mitigate different poisoning attacks without degrading the performance of the global model; and (3) FLEDGE offers unique reward mechanisms to promote benign behavior during model training and/or model aggregation.
Recommended Citation
Castillo, Jorge, Phillip Rieger, Hossein Fereidooni, Qian Chen, and Ahmad Sadeghi. "Fledge: Ledger-based federated learning resilient to inference and backdoor attacks." In Proceedings of the 39th Annual Computer Security Applications Conference, pp. 647-661. 2023. https://doi.org/10.1145/3627106.3627194
Publication Title
Proceedings of the 39th Annual Computer Security Applications Conference
DOI
10.1145/3627106.3627194
Comments
Original published version available at https://doi.org/10.1145/3627106.3627194