Publication:
Detection and mitigation of targeted data poisoning attacks in federated learning

dc.contributor.departmentDepartment of Computer Engineering
dc.contributor.departmentDepartment of Computer Engineering
dc.contributor.kuauthorGürsoy, Mehmet Emre
dc.contributor.kuauthorErbil, Pınar
dc.contributor.kuprofileFaculty Member
dc.contributor.kuprofileStudent
dc.contributor.otherDepartment of Computer Engineering
dc.contributor.schoolcollegeinstituteCollege of Engineering
dc.contributor.schoolcollegeinstituteCollege of Engineering
dc.contributor.yokid330368
dc.contributor.yokidN/A
dc.date.accessioned2024-11-10T00:08:41Z
dc.date.issued2022
dc.description.abstractFederated learning (FL) has emerged as a promising paradigm for distributed training of machine learning models. In FL, several participants train a global model collaboratively by only sharing model parameter updates while keeping their training data local. However, FL was recently shown to be vulnerable to data poisoning attacks, in which malicious participants send parameter updates derived from poisoned training data. In this paper, we focus on defending against targeted data poisoning attacks, where the attacker's goal is to make the model misbehave for a small subset of classes while the rest of the model is relatively unaffected. To defend against such attacks, we first propose a method called MAPPS for separating malicious updates from benign ones. Using MAPPS, we propose three methods for attack detection: MAPPS + X-Means, MAPPS + VAT, and their Ensemble. Then, we propose an attack mitigation approach in which a "clean"model (i.e., a model that is not negatively impacted by an attack) can be trained despite the existence of a poisoning attempt. We empirically evaluate all of our methods using popular image classification datasets. Results show that we can achieve > 95% true positive rates while incurring only < 2% false positive rate. Furthermore, the clean models that are trained using our proposed methods have accuracy comparable to models trained in an attack-free scenario.
dc.description.indexedbyScopus
dc.description.indexedbyWoS
dc.description.openaccessYES
dc.description.publisherscopeInternational
dc.identifier.doi10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927914
dc.identifier.isbn9781-6654-6297-6
dc.identifier.linkhttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85145349924&doi=10.1109%2fDASC%2fPiCom%2fCBDCom%2fCy55231.2022.9927914&partnerID=40&md5=e4ed2bab00ea0a1186cedfe9aa8bd08d
dc.identifier.scopus2-s2.0-85145349924
dc.identifier.urihttps://dx.doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927914
dc.identifier.urihttps://hdl.handle.net/20.500.14288/16978
dc.identifier.wos948109800040
dc.keywordsFederated learning
dc.keywordsData poisoning attacks
dc.keywordsAdversarial machine learning
dc.keywordsSecurity for AI
dc.languageEnglish
dc.publisherInstitute of Electrical and Electronics Engineers Inc.
dc.sourceProceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022
dc.subjectAutomatic control
dc.subjectControl engineering
dc.subjectComputer Science
dc.subjectArtificial intelligence
dc.subjectElectrical electronics engineering
dc.titleDetection and mitigation of targeted data poisoning attacks in federated learning
dc.typeConference proceeding
dspace.entity.typePublication
local.contributor.authorid0000-0002-7676-0167
local.contributor.authoridN/A
local.contributor.kuauthorGürsoy, Mehmet Emre
local.contributor.kuauthorErbil, Pınar
relation.isOrgUnitOfPublication89352e43-bf09-4ef4-82f6-6f9d0174ebae
relation.isOrgUnitOfPublication.latestForDiscovery89352e43-bf09-4ef4-82f6-6f9d0174ebae

Files