BADFL: Backdoor attack defense in federated learning from local model perspective

Author

Haiyan ZHANG
Xinghua LI
Mengfan XU
Ximeng LIU
Tong WU
Jian WENG
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

11-2024

Abstract

There is substantial attention to federated learning with its ability to train a powerful global model collaboratively while protecting data privacy. Despite its many advantages, federated learning is vulnerable to backdoor attacks, where an adversary injects malicious weights into the global model, making the global model's targeted predictions incorrect. Existing defenses based on identifying and eliminating malicious weights ignore the similarity variation of the local weights during iterations in the malicious model detection and the presence of benign weights in the malicious model during the malicious local weight elimination, resulting in a poor defense and a degradation of global model accuracy. In this paper, we defend against backdoor attacks from the perspective of local models. First, a malicious model detection method based on interpretability techniques is proposed. The method appends a sampling check after clustering to identify malicious models accurately. We further design a malicious local weight elimination method based on local weight contributions. This method preserves the benign weights in the malicious model to maintain their contributions to the global model. Finally, we analyze the security of the proposed method in terms of model closeness and then verify the effectiveness of the proposed method through experiments. In comparison with existing defenses, the results show that BADFL improves the global model accuracy by 23.14% while reducing the attack success rate to 0.04% in the best case.

Keywords

Servers, Artificial Neural Networks, Accuracy, Training, Fires, Anomaly Detection, Adaptation Models, Federated Learning, Backdoor Attack, Clustering, Interpretability, Federated Learning

Discipline

Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Knowledge and Data Engineering

Volume

36

Issue

11

First Page

5661

Last Page

5674

ISSN

1041-4347

Identifier

10.1109/TKDE.2024.3420778

Publisher

Institute of Electrical and Electronics Engineers

Citation

ZHANG, Haiyan; LI, Xinghua; XU, Mengfan; LIU, Ximeng; WU, Tong; WENG, Jian; and DENG, Robert H.. BADFL: Backdoor attack defense in federated learning from local model perspective. (2024). IEEE Transactions on Knowledge and Data Engineering. 36, (11), 5661-5674.
Available at: https://ink.library.smu.edu.sg/sis_research/9535

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TKDE.2024.3420778