Federating Learning Attacks: Maximizing Damage while Evading Detection

A. Gouissem*, T. Khattab, M. Abdallah, A. Mohamed

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Despite its potential benefits, Federated learning (FL) is vulnerable to various types of attacks that can compromise the accuracy and security of the trained model. While several defense mechanisms have been proposed to protect FL against such attacks, attackers are continuously developing more advanced techniques to bypass these protection mechanisms.In this context, this paper proposes a novel attack mechanism that allows malicious users to optimize their crafted reports, maximizing potential damage while limiting the chances of being detected. Our proposed attack technique is a robust approach designed to bypass existing defense mechanisms in FL. Our contributions are mainly investigating the FL model attack from the attacker's perspective, proposing a model relaxation approach to optimize a single poisoning ratio variable, and formulating a compromise between the chances of being detected and the amount of damage that the attack could cause. Additionally, we introduce three new attack designs, namely DTA, ATA, and NEA, which maximize the effect of the attack. The proposed Distance Target Attack (DTA) minimizes the distance from the target attack model, while the Accuracy Target Attack (ATA) deteriorates the accuracy of the global model. Furthermore, the Number Estimation Attack (NEA) aims to maximize the expected number of attackers that could bypass the aggregation detection mechanisms.The numerical results based on the KDD dataset confirm the ability of the proposed approach to deteriorate the global model accuracy. The experiments showed that the proposed DTA, ATA, and NEA attacks can significantly reduce the accuracy of the global model. These results demonstrate also the effectiveness and robustness of the proposed attack mechanism in compromising the accuracy and security of FL models.

Original languageEnglish
Title of host publication2023 International Wireless Communications and Mobile Computing, IWCMC 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1644-1648
Number of pages5
ISBN (Electronic)9798350333398
DOIs
Publication statusPublished - 2023
Event19th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2023 - Hybrid, Marrakesh, Morocco
Duration: 19 Jun 202323 Jun 2023

Publication series

Name2023 International Wireless Communications and Mobile Computing, IWCMC 2023

Conference

Conference19th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2023
Country/TerritoryMorocco
CityHybrid, Marrakesh
Period19/06/2323/06/23

Keywords

  • Byzantine attacks
  • Distributed Learning
  • Federated Learning
  • Intrusion Detection

Fingerprint

Dive into the research topics of 'Federating Learning Attacks: Maximizing Damage while Evading Detection'. Together they form a unique fingerprint.

Cite this