Publication: Detection and mitigation of targeted data poisoning attacks in federated learning
| dc.contributor.department | Department of Computer Engineering | |
| dc.contributor.kuauthor | Erbil, Pınar | |
| dc.contributor.kuauthor | Gürsoy, Mehmet Emre | |
| dc.contributor.other | Department of Computer Engineering | |
| dc.contributor.schoolcollegeinstitute | College of Engineering | |
| dc.date.accessioned | 2024-12-29T09:36:00Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | Federated learning (FL) has emerged as a promising paradigm for distributed training of machine learning models. In FL, several participants train a global model collaboratively by only sharing model parameter updates while keeping their training data local. However, FL was recently shown to be vulnerable to data poisoning attacks, in which malicious participants send parameter updates derived from poisoned training data. In this paper, we focus on defending against targeted data poisoning attacks, where the attacker's goal is to make the model misbehave for a small subset of classes while the rest of the model is relatively unaffected. To defend against such attacks, we first propose a method called MAPPS for separating malicious updates from benign ones. Using MAPPS, we propose three methods for attack detection: MAPPS + X-Means, MAPPS + VAT, and their Ensemble. Then, we propose an attack mitigation approach in which a "clean" model (i.e., a model that is not negatively impacted by an attack) can be trained despite the existence of a poisoning attempt. We empirically evaluate all of our methods using popular image classification datasets. Results show that we can achieve > 95% true positive rates while incurring only < 2% false positive rate. Furthermore, the clean models that are trained using our proposed methods have accuracy comparable to models trained in an attack-free scenario. | |
| dc.description.indexedby | WoS | |
| dc.description.indexedby | Scopus | |
| dc.description.publisherscope | International | |
| dc.identifier.doi | 10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927914 | |
| dc.identifier.isbn | 978-1-6654-6297-6 | |
| dc.identifier.quartile | N/A | |
| dc.identifier.scopus | 2-s2.0-85145349924 | |
| dc.identifier.uri | https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927914 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14288/21891 | |
| dc.identifier.wos | 948109800040 | |
| dc.keywords | Federated learning | |
| dc.keywords | Data poisoning attacks | |
| dc.keywords | Adversarial machine learning | |
| dc.keywords | Security for AI | |
| dc.language | en | |
| dc.publisher | IEEE | |
| dc.source | 2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) | |
| dc.subject | Automation and control systems | |
| dc.subject | Computer science | |
| dc.subject | Artificial intelligence | |
| dc.subject | Information systems | |
| dc.subject | Theory and methods | |
| dc.subject | Electrical engineering | |
| dc.subject | Electronic engineering | |
| dc.title | Detection and mitigation of targeted data poisoning attacks in federated learning | |
| dc.type | Conference proceeding | |
| dspace.entity.type | Publication | |
| local.contributor.kuauthor | Erbil, Pınar | |
| local.contributor.kuauthor | Gürsoy, Mehmet Emre | |
| relation.isOrgUnitOfPublication | 89352e43-bf09-4ef4-82f6-6f9d0174ebae | |
| relation.isOrgUnitOfPublication.latestForDiscovery | 89352e43-bf09-4ef4-82f6-6f9d0174ebae |