TY - GEN
T1 - Federating Learning Attacks
T2 - 19th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2023
AU - Gouissem, A.
AU - Khattab, T.
AU - Abdallah, M.
AU - Mohamed, A.
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Despite its potential benefits, Federated learning (FL) is vulnerable to various types of attacks that can compromise the accuracy and security of the trained model. While several defense mechanisms have been proposed to protect FL against such attacks, attackers are continuously developing more advanced techniques to bypass these protection mechanisms.In this context, this paper proposes a novel attack mechanism that allows malicious users to optimize their crafted reports, maximizing potential damage while limiting the chances of being detected. Our proposed attack technique is a robust approach designed to bypass existing defense mechanisms in FL. Our contributions are mainly investigating the FL model attack from the attacker's perspective, proposing a model relaxation approach to optimize a single poisoning ratio variable, and formulating a compromise between the chances of being detected and the amount of damage that the attack could cause. Additionally, we introduce three new attack designs, namely DTA, ATA, and NEA, which maximize the effect of the attack. The proposed Distance Target Attack (DTA) minimizes the distance from the target attack model, while the Accuracy Target Attack (ATA) deteriorates the accuracy of the global model. Furthermore, the Number Estimation Attack (NEA) aims to maximize the expected number of attackers that could bypass the aggregation detection mechanisms.The numerical results based on the KDD dataset confirm the ability of the proposed approach to deteriorate the global model accuracy. The experiments showed that the proposed DTA, ATA, and NEA attacks can significantly reduce the accuracy of the global model. These results demonstrate also the effectiveness and robustness of the proposed attack mechanism in compromising the accuracy and security of FL models.
AB - Despite its potential benefits, Federated learning (FL) is vulnerable to various types of attacks that can compromise the accuracy and security of the trained model. While several defense mechanisms have been proposed to protect FL against such attacks, attackers are continuously developing more advanced techniques to bypass these protection mechanisms.In this context, this paper proposes a novel attack mechanism that allows malicious users to optimize their crafted reports, maximizing potential damage while limiting the chances of being detected. Our proposed attack technique is a robust approach designed to bypass existing defense mechanisms in FL. Our contributions are mainly investigating the FL model attack from the attacker's perspective, proposing a model relaxation approach to optimize a single poisoning ratio variable, and formulating a compromise between the chances of being detected and the amount of damage that the attack could cause. Additionally, we introduce three new attack designs, namely DTA, ATA, and NEA, which maximize the effect of the attack. The proposed Distance Target Attack (DTA) minimizes the distance from the target attack model, while the Accuracy Target Attack (ATA) deteriorates the accuracy of the global model. Furthermore, the Number Estimation Attack (NEA) aims to maximize the expected number of attackers that could bypass the aggregation detection mechanisms.The numerical results based on the KDD dataset confirm the ability of the proposed approach to deteriorate the global model accuracy. The experiments showed that the proposed DTA, ATA, and NEA attacks can significantly reduce the accuracy of the global model. These results demonstrate also the effectiveness and robustness of the proposed attack mechanism in compromising the accuracy and security of FL models.
KW - Byzantine attacks
KW - Distributed Learning
KW - Federated Learning
KW - Intrusion Detection
UR - http://www.scopus.com/inward/record.url?scp=85167710757&partnerID=8YFLogxK
U2 - 10.1109/IWCMC58020.2023.10182790
DO - 10.1109/IWCMC58020.2023.10182790
M3 - Conference contribution
AN - SCOPUS:85167710757
T3 - 2023 International Wireless Communications and Mobile Computing, IWCMC 2023
SP - 1644
EP - 1648
BT - 2023 International Wireless Communications and Mobile Computing, IWCMC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 19 June 2023 through 23 June 2023
ER -