基于梯度回溯的联邦学习搭便车攻击检测
Detecting Free-Riding Attack in Federated Learning Based on Gradient Backtracking
洪榛 1冯王磊 2温震宇 1吴迪 3李涛涛 2伍一鸣 1王聪 4纪守领5
作者信息
- 1. 浙江工业大学信息工程学院 杭州 310023;浙江工业大学网络空间安全研究院 杭州 310023
- 2. 浙江工业大学信息工程学院 杭州 310023
- 3. 圣安德鲁斯大学计算机学院 圣安德鲁斯 KY16 9AJ
- 4. 浙江大学控制科学与工程学院 杭州 310007
- 5. 浙江大学计算科学与技术学院 杭州 310007
- 折叠
摘要
随着车联网的发展,快速增长的智能汽车产生了海量的用户数据.这些海量的数据对训练智能化的车联网应用模型有极高的价值.传统的智能模型训练需要在云端集中式地收集原始数据,这将消耗大量通信资源并存在隐私泄露和监管限制等问题.联邦学习提供了一种模型传输代替数据传输的分布式训练范式用于解决此类问题.然而,在实际的联邦学习系统中,存在恶意用户通过伪造本地模型骗取服务器奖励的情况,即搭便车攻击.搭便车攻击严重破坏了联邦学习的公平性,影响联邦学习的训练效果.目前的研究假设搭便车攻击行为只存在于少量的理性用户中.然而,当存在多个恶意搭便车攻击者时,当前的研究无法有效地检测和防御这些攻击者.为此,提出了一种基于梯度回溯的搭便车攻击检测算法.该算法在正常的联邦学习中随机引入测试轮,通过对比单个用户在测试轮和基准轮模型梯度的相似度,解决了多个恶意搭便车用户场景中防御失效的问题.在MNIST和CIFAR-10数据集上的实验结果表明,提出的算法在多种搭便车攻击情境下都能实现出色的检测性能.
Abstract
With the development of the Internet of vehicles(IoV),the rapid growth of intelligent vehicles generates a massive amount of data.These data are invaluable for training intelligent IoV application models.Traditional model training requires the centralized collection of raw data through the cloud,consuming substantial communication resources and facing issues like privacy breaches and regulatory constraints.Federated learning(FL)offers a solution by using model transfer instead of data transfer to tackle these challenges.However,practical FL systems are confronted with the issue of malicious users attempting to deceive the server by uploading false local models,known as free-riding attacks.These attacks significantly undermine the fairness and effectiveness of FL.Current research assumes that free-riding attacks are limited to a small number of rational users.However,when there are multiple malicious free-riders,current research falls short in effectively detecting and defending against these attackers.To address this issue,we introduce a novel gradient backtracking based algorithm to identify free-riders.We introduce random testing rounds into standard FL and compare the similarity of user's gradient between the testing round and the comparison round.It overcomes the challenge of ineffective defense in scenarios involving multiple malicious free-riders.Experimental results on the MNIST and CIFAR-10 datasets demonstrate that the proposed detection algorithm achieves outstanding performance in various free-riding attack scenarios.
关键词
联邦学习/车联网/搭便车攻击/梯度相似度/搭便车攻击检测Key words
federated learning/Internet of vehicles/free-riding attack/gradient similarity/free-riding attack detection引用本文复制引用
基金项目
国家自然科学基金(62072408)
国家自然科学基金(62302454)
浙江省自然科学基金杰出青年科学基金(LR24F020004)
浙江省自然科学基金重大项目(青年原创)(LDQ24F020001)
中国博士后科学基金(2023M743403)
出版年
2024
NETL
NSTL
万方数据