Fake or Compromised? Making Sense of Malicious Clients in Federated Learning
arxiv(2024)
摘要
Federated learning (FL) is a distributed machine learning paradigm that
enables training models on decentralized data. The field of FL security against
poisoning attacks is plagued with confusion due to the proliferation of
research that makes different assumptions about the capabilities of adversaries
and the adversary models they operate under. Our work aims to clarify this
confusion by presenting a comprehensive analysis of the various poisoning
attacks and defensive aggregation rules (AGRs) proposed in the literature, and
connecting them under a common framework. To connect existing adversary models,
we present a hybrid adversary model, which lies in the middle of the spectrum
of adversaries, where the adversary compromises a few clients, trains a
generative (e.g., DDPM) model with their compromised samples, and generates new
synthetic data to solve an optimization for a stronger (e.g., cheaper, more
practical) attack against different robust aggregation rules. By presenting the
spectrum of FL adversaries, we aim to provide practitioners and researchers
with a clear understanding of the different types of threats they need to
consider when designing FL systems, and identify areas where further research
is needed.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要