摘要
Federated learning(FL)development has grown increasingly strong with the increased emphasis on data for individuals and industry.Federated learning allows individual participants to jointly train a global model without sharing local data,which significantly enhances data privacy.However,federated learning is vulnerable to poisoning attacks by malicious participants.Since federated learning does not have access to the participants’training process,i.e.,attackers can compromise the global model by uploading elaborate malicious local updates to the server under the guise of normal participants.Current model poisoning attacks usually add small perturbations to the local model after it is trained to craft harmful local updates and the attacker finds the appropriate perturbation size to bypass robust detection methods and corrupt the global model as much as possible.In contrast,we propose a novel model poisoning attack based on the momentum of history information(MPHM),that is,the attacker makes new malicious updates by dynamically crafting perturbations using the historical information in the local training,which will make the new malicious updates more effective and stealthy.Our attack aims to indiscriminately reduce the testing accuracy of the global model with minimal information.Experiments show that in the classical defense case,our attack can significantly corrupt the accuracy of the global model compared to other advanced poisoning attacks.
基金
supported in part by the National Key R&D Program of China(2020YFB1712401,2018YFB1701400)
the Nature Science Foundation of China(62006210,62001284,62206252)
the Key Scientific and Technology Project of Henan Province of China(221100210100)
the Key Project of Public Benefit in Henan Province of China(201300210500)
the Research Foundation for Advanced Talents of Zhengzhou University(32340306)
the Key Research Projects of Universities in Henan Province of China(7A520015,21B520018)
Fundamental Science Projects of Railway Police College(2020TJJBKY002)
Advanced research project of SongShan Laboratory(YYJC022022001)
The Key R&D and Promotion Project in Science and Technology of Henan(232102210154)
the Key Scientific and Technological Research Projects in Henan Province of China(192102310216).
作者简介
Lei Shi received the M.S.and Ph.D.degrees in Computer System Architecture and Computer Application Technology from Nanjing University and Beijing Institute of Technology,China,in 1992 and 2006,respectively.He is currently a professor and doctoral supervisor at Zhengzhou University,China.His current research interests include cloud computing and big data,networking and distributed computing,service computing,artificial intelligence,and smart cities;Zhen Chen received a B.S.degree in Information and Computing Sciences from Northwest A&F University,Yangling,China,in 2020.He is currently pursuing an M.S.degree in Cyberspace Security at Zhengzhou University,Zhengzhou,China.His current research interests include federated learning and poisoning attacks;Yucheng Shi received a B.S.degree from Tianjin University,Tianjin,China,in 2017.He is currently pursuing a Ph.D.degree with the College of Intelligence and Computing,Tianjin University,at Tianjin,China.His research interests include computer vision,adversarial machine learning,and federated learning;Lin Wei received an M.S.degree in software engineering from Zhengzhou University,Zhengzhou,China,in 2006.She is currently an associate professor and master’s supervisor at Zhengzhou University.Her current research interests include network and distributed computing,data science and intelligent computing,and information security;Yongcai Tao received M.S.and Ph.D.degrees in computer applications and computer system architecture from Zhengzhou University and Huazhong University of Science and Technology,China,in 2005 and 2009,respectively.He is currently a lecturer at the School of Computer and Artificial Intelligence,Zhengzhou University.His current research interests include theory and application research on science and intelligent computing,high-performance computing and cloud computing,service computing,and smart city,and network and information security;Mengyang He received her Ph.D.degree in software engineering from Zhengzhou University,Zhengzhou,China,in 2021.She is currently an assistant research fellow at the School of Cyber Science and Engineering,Zhengzhou University&Song Shan Laboratory.Her main research interests include next-generation Internet,Internet applications,etc;Qingxian Wang is currently a Distinguished Professor at the School of Cyber Science and Engineering,at Zhengzhou University.His research interests include information system vulnerability detection and analysis,network security protocol testing;Yuan Zhou is currently the GM Assistant of Zhengzhou Zhengda lnformation Technology Co.,Ltd.His research interests include electronic trading systems and cyber security;Corresponding authors:Yufei Gao received his Ph.D.degree from the college of artificial intelligence in Beijing Normal University,Beijing,China,in 2020.He is currently an Assistant Professor at the School of Cyber Science and Engineering,at Zhengzhou University.His current research interests include pattern recognition,machine learning,and medical image analysis,email:yfgao@zzu.edu.cn.
