基于触发器逆向的联邦学习后门防御方法
Federated Learning Backdoor Defense Method Based on Trigger Inversion
林怡航 1周鹏远 1吴治谦 1廖勇1
作者信息
- 1. 中国科学技术大学网络空间安全学院,合肥 230031
- 折叠
摘要
联邦学习作为一种新兴分布式机器学习范式,实现了多客户间的分布式协同模型训练,不需要上传用户的原始数据,从而保护了用户隐私.然而,在联邦学习中由于服务器无法审查客户端的本地数据集,恶意客户端可通过数据投毒将后门嵌入全局模型.传统的联邦学习后门防御方法大多基于模型检测的思想进行后门防御,而忽略了联邦学习自身的分布式特性.因此,文章提出一种基于触发器逆向的联邦学习后门防御方法,使聚合服务器和分布式客户端协作,利用触发器逆向技术生成额外的数据,增强客户端本地模型的鲁棒性,从而进行后门防御.在不同数据集上进行实验,实验结果表明,文章提出的方法可以有效防御后门攻击.
Abstract
As an emerging distributed machine learning paradigm,federated learning realizes distributed collaborative model training among multiple clients without uploading user original data,thereby protecting user privacy.However,since the server cannot inspect the client's local dataset in federated learning,malicious clients can embed the backdoor into the global model by data poisoning.Traditional federated learning backdoor defense methods are mostly based on the idea of model detection for backdoor defense,but ignore the inherent distributed feature of federated learning.Therefore,this paper proposed a federated learning backdoor defense method based on trigger inversion.The aggregation server and distributed clients collaborated to generate additional data using trigger reverse technology to enhance the robustness of the client's local model for backdoor defense.Experiments on different datasets,and the results show that the proposed method can mitigate backdoor attacks effectively.
关键词
联邦学习/后门攻击/后门防御/鲁棒性训练/触发器逆向Key words
federated learning/backdoor attack/backdoor defense/robustness training/trigger inversion引用本文复制引用
基金项目
国家重点研发计划(2021YFC3300500)
出版年
2024
NETL
NSTL
维普
万方数据