Publication: Data-agnostic model poisoning against federated learning: a graph autoencoder approach
| dc.contributor.coauthor | Li, Kai | |
| dc.contributor.coauthor | Zheng, Jingjing | |
| dc.contributor.coauthor | Yuan, Xin | |
| dc.contributor.coauthor | Ni, Wei | |
| dc.contributor.coauthor | Poor, H. Vincent | |
| dc.contributor.department | Department of Electrical and Electronics Engineering | |
| dc.contributor.kuauthor | Akan, Özgür Barış | |
| dc.contributor.other | Department of Electrical and Electronics Engineering | |
| dc.contributor.researchcenter | ||
| dc.contributor.schoolcollegeinstitute | College of Engineering | |
| dc.contributor.unit | ||
| dc.date.accessioned | 2024-12-29T09:37:54Z | |
| dc.date.issued | 2024 | |
| dc.description.abstract | This paper proposes a novel, data-agnostic, model poisoning attack on Federated Learning (FL), by designing a new adversarial graph autoencoder (GAE)-based framework. The attack requires no knowledge of FL training data and achieves both effectiveness and undetectability. By listening to the benign local models and the global model, the attacker extracts the graph structural correlations among the benign local models and the training data features substantiating the models. The attacker then adversarially regenerates the graph structural correlations while maximizing the FL training loss, and subsequently generates malicious local models using the adversarial graph structure and the training data features of the benign ones. A new algorithm is designed to iteratively train the malicious local models using GAE and sub-gradient descent. The convergence of FL under attack is rigorously proved, with a considerably large optimality gap. Experiments show that the FL accuracy drops gradually under the proposed attack and existing defense mechanisms fail to detect it. The attack can give rise to an infection across all benign devices, making it a serious threat to FL. © 2005-2012 IEEE. | |
| dc.description.indexedby | WoS | |
| dc.description.indexedby | Scopus | |
| dc.description.openaccess | All Open Access | |
| dc.description.openaccess | Green Open Access | |
| dc.description.publisherscope | International | |
| dc.description.sponsors | Real-Time and Embedded Computing Systems Research Centre (CISTER) Research Unit | |
| dc.description.volume | 19 | |
| dc.identifier.doi | 10.1109/TIFS.2024.3362147 | |
| dc.identifier.eissn | 1556-6021 | |
| dc.identifier.issn | 1556-6013 | |
| dc.identifier.link | ||
| dc.identifier.quartile | Q1 | |
| dc.identifier.scopus | 2-s2.0-85184823206 | |
| dc.identifier.uri | https://doi.org/10.1109/TIFS.2024.3362147 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14288/22493 | |
| dc.identifier.wos | 1174295900013 | |
| dc.keywords | Feature correlation | |
| dc.keywords | Federated learning | |
| dc.keywords | Graph autoencoder | |
| dc.keywords | Model poisoning attack | |
| dc.language | en | |
| dc.publisher | IEEE-Inst Electrical Electronics Engineers Inc | |
| dc.relation.grantno | ||
| dc.rights | ||
| dc.source | IEEE Transactions on Information Forensics and Security | |
| dc.subject | Learning systems | |
| dc.subject | Data privacy | |
| dc.subject | Internet of things | |
| dc.title | Data-agnostic model poisoning against federated learning: a graph autoencoder approach | |
| dc.type | Journal article | |
| dc.type.other | ||
| dspace.entity.type | Publication | |
| local.contributor.kuauthor | Akan, Özgür Barış | |
| relation.isOrgUnitOfPublication | 21598063-a7c5-420d-91ba-0cc9b2db0ea0 | |
| relation.isOrgUnitOfPublication.latestForDiscovery | 21598063-a7c5-420d-91ba-0cc9b2db0ea0 |