FLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representations

dc.contributor.authorWang, Ningen
dc.contributor.authorXiao, Yangen
dc.contributor.authorChen, Yiminen
dc.contributor.authorHu, Yangen
dc.contributor.authorLou, Wenjingen
dc.contributor.authorHou, Y. Thomasen
dc.date.accessioned2022-10-19T16:55:58Zen
dc.date.available2022-10-19T16:55:58Zen
dc.date.issued2022-05-30en
dc.date.updated2022-10-19T15:08:06Zen
dc.description.abstractFederated learning (FL) has been shown vulnerable to a new class of adversarial attacks, known as model poisoning attacks (MPA), where one or more malicious clients try to poison the global model by sending carefully crafted local model updates to the central parameter server. Existing defenses that have been fixated on analyzing model parameters show limited effectiveness in detecting such carefully crafted poisonous models. In this work, we propose FLARE, a robust model aggregation mechanism for FL, which is resilient against state-of-the-art MPAs. Instead of solely depending on model parameters, FLARE leverages the penultimate layer representations (PLRs) of the model for characterizing the adversarial influence on each local model update. PLRs demonstrate a better capability to differentiate malicious models from benign ones than model parameter-based solutions. We further propose a trust evaluation method that estimates a trust score for each model update based on pairwise PLR discrepancies among all model updates. Under the assumption that honest clients make up the majority, FLARE assigns a trust score to each model update in a way that those far from the benign cluster are assigned low scores. FLARE then aggregates the model updates weighted by their trust scores and finally updates the global model. Extensive experimental results demonstrate the effectiveness of FLARE in defending FL against various MPAs, including semantic backdoor attacks, trojan backdoor attacks, and untargeted attacks, and safeguarding the accuracy of FL.en
dc.description.versionPublished versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.doihttps://doi.org/10.1145/3488932.3517395en
dc.identifier.urihttp://hdl.handle.net/10919/112214en
dc.language.isoenen
dc.publisherACMen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.holderThe author(s)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.titleFLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representationsen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
3488932.3517395.pdf
Size:
1.95 MB
Format:
Adobe Portable Document Format
Description:
Published version
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
0 B
Format:
Item-specific license agreed upon to submission
Description: