ShieldFL: Mitigating Model Poisoning Attacks in Privacy-Preserving Federated Learning

Ma, Zhuoran; Ma, Jianfeng; Miao, Yinbin; Li, Yingjiu; Deng, Robert H.

doi:10.1109/tifs.2022.3169918

articleIEEE Transactions on Information Forensics and SecurityJan 1, 2022GREEN OA

ShieldFL: Mitigating Model Poisoning Attacks in Privacy-Preserving Federated Learning

ZMZhuoran Ma JMJianfeng Ma YMYinbin Miao YLYingjiu Li RHRobert H. Deng

Xidian University · Singapore Management University · +1 more institution

Indexed incrossref

Abstract

Privacy-Preserving Federated Learning (PPFL) is an emerging secure distributed learning paradigm that aggregates user-trained local gradients into a federated model through a cryptographic protocol. Unfortunately, PPFL is vulnerable to model poisoning attacks launched by a Byzantine adversary, who crafts malicious local gradients to harm the accuracy of the federated model. To resist model poisoning attacks, existing defense strategies focus on identifying suspicious local gradients over plaintexts. However, the Byzantine adversary submits encrypted poisonous gradients to circumvent existing defense strategies in PPFL, resulting in encrypted model poisoning. To address the issue, in this paper we design a…

Citation impact

299

total citations

FWCI: 37.06
Percentile: 100%
References: 42

Citations per year

Authors

5

Topics & keywords

Topics

Keywords

Computer science
Encryption
Homomorphic encryption
Computer security
Robustness (evolution)
Cryptography
Adversary
Artificial intelligence

UN Sustainable Development Goals

Peace, Justice and strong institutions

No related works found for this paper.