Publication:
Biasing federated learning with a new adversarial graph attention network

Simple item page
dc.contributor.coauthorLi K., Zheng J., Ni W., Huang H., Lio P., Dressler F.
dc.contributor.departmentDepartment of Electrical and Electronics Engineering
dc.contributor.departmentNext Generation and Wireless Communication Laboratory
dc.contributor.kuauthorAkan, Özgür Barış
dc.contributor.schoolcollegeinstituteCollege of Engineering
dc.contributor.schoolcollegeinstituteLaboratory
dc.date.accessioned2025-03-06T20:58:34Z
dc.date.issued2024
dc.description.abstractFairness in Federated Learning (FL) is imperative not only for the ethical utilization of technology but also for ensuring that models provide accurate, equitable, and beneficial outcomes across varied user demographics and equipment. This paper proposes a new adversarial architecture, referred to as Adversarial Graph Attention Network (AGAT), which deliberately instigates fairness attacks with an aim to bias the learning process across the FL. The proposed AGAT is developed to synthesize malicious, biasing model updates, where the minimum of Kullback-Leibler (KL) divergence between the user's model update and the global model is maximized. Due to a limited set of labeled input-output biasing data samples, a surrogate model is created, which presents the behavior of a complex malicious model update. Moreover, a graph autoencoder (GAE) is designed within the AGAT architecture, which is trained together with sub- gradient descent to reconstruct manipulatively the correlations of the model updates, and maximize the reconstruction loss while keeping the malicious, biasing model updates undetectable. The proposed AGAT attack is implemented in PyTorch, showing experimentally that AGAT successfully increases the minimum value of KL divergence of benign model updates by 60.9% and bypasses the detection of existing defense models. The source code of the AGAT attack is released on GitHub. © 2002-2012 IEEE.
dc.description.indexedbyWOS
dc.description.indexedbyScopus
dc.description.publisherscopeInternational
dc.description.sponsoredbyTubitakEuN/A
dc.description.sponsorshipThis work was supported by the CISTER Research Unit (UIDP/UIDB/04234/2020) and project ADANET (PTDC/EEICOM/3362/2021), financed by National Funds through FCT/MCTES (Portuguese Foundation for Science and Technology);and also supported in part by the AXA Research Fund (AXA Chair for Internet of Everything at Koc\u00B8 University).
dc.identifier.doi10.1109/TMC.2024.3499371
dc.identifier.grantnoFundação para a Ciência e a Tecnologia, FCT; AXA Research Fund, AXA; UIDP/UIDB/04234/2020, PTDC/EEICOM/3362/2021
dc.identifier.issn1536-1233
dc.identifier.quartileQ1
dc.identifier.scopus2-s2.0-85209749527
dc.identifier.urihttps://doi.org/10.1109/TMC.2024.3499371
dc.identifier.urihttps://hdl.handle.net/20.500.14288/27502
dc.identifier.wos1416196500018
dc.keywordsAdversarial graph attention network
dc.keywordsCyberattacks
dc.keywordsFairness
dc.keywordsFeature correlations
dc.keywordsFederated learning
dc.language.isoeng
dc.publisherInstitute of Electrical and Electronics Engineers Inc.
dc.relation.ispartofIEEE Transactions on Mobile Computing
dc.subjectElectrical and electronics engineering
dc.titleBiasing federated learning with a new adversarial graph attention network
dc.typeJournal Article
dspace.entity.typePublication
local.contributor.kuauthorAkan, Özgür Barış
local.publication.orgunit1College of Engineering
local.publication.orgunit1Laboratory
local.publication.orgunit2Department of Electrical and Electronics Engineering
local.publication.orgunit2Next Generation and Wireless Communication Laboratory
relation.isOrgUnitOfPublication21598063-a7c5-420d-91ba-0cc9b2db0ea0
relation.isOrgUnitOfPublicationa5d3121b-8789-4c71-84d3-12bf643bfef9
relation.isOrgUnitOfPublication.latestForDiscovery21598063-a7c5-420d-91ba-0cc9b2db0ea0
relation.isParentOrgUnitOfPublication8e756b23-2d4a-4ce8-b1b3-62c794a8c164
relation.isParentOrgUnitOfPublication20385dee-35e7-484b-8da6-ddcc08271d96
relation.isParentOrgUnitOfPublication.latestForDiscovery8e756b23-2d4a-4ce8-b1b3-62c794a8c164

Files

Collections

Publications without Fulltext