Impact of aggregation function randomization against model poisoning in federated learning

Seyedsina Nabavirazavi, Rahim Taheri, Mohammad Shojafar*, Sundararaja Sitharama Iyengar

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

25 Downloads (Pure)

Abstract

Federated learning has gained significant attention as a privacy-preserving approach for training machine learning models across decentralized devices. However, this distributed learning paradigm is susceptible to adversarial attacks, particularly model poisoning attacks, where adversaries inject malicious model updates to compromise the integrity of the global model. In this paper, we investigate the impact of randomness on model poisoning attacks in federated networks, where the server employs two aggregation rules, Krum and Trimmed Mean, randomly in each federated round. We present three distinct adversaries: one targeting Krum throughout the entire learning process, another targeting Trimmed Mean entirely, and a third adversary employing a randomized strategy between Krum and Trimmed Mean for each round. Our objective is to evaluate their performance in reducing the overall accuracy of the federated network. We propose novel techniques to craft poisoned models and explore the efficacy of these attacks by exploiting the aggregation rules. We evaluated our proposed methods on Fashion-MNIST dataset. The experiments reveal the robustness of the federated network against the proposed adversarial scenarios, contributing to a better understanding of the vulnerabilities and defenses in federated learning systems.
Original languageEnglish
Title of host publication2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages165-172
Number of pages8
ISBN (Electronic)9798350381993
ISBN (Print)9798350382006
DOIs
Publication statusPublished - 29 May 2024
Event22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023 - Exeter, United Kingdom
Duration: 1 Nov 20233 Nov 2023

Publication series

NameTrustCom Proceedings Series
PublisherIEEE
ISSN (Print)2324-898X
ISSN (Electronic)2324-9013

Conference

Conference22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023
Country/TerritoryUnited Kingdom
CityExeter
Period1/11/233/11/23

Keywords

  • Federated Learning
  • Model Poisoning Attack
  • Krum Aggregation Function
  • Robustness
  • Randomization
  • Trimmed Mean aggregation

Cite this