Abstract:
Federated Learning (FL) is nowadays one of the most promising paradigms for privacy-preserving distributed learning. Without revealing its local private data to outsiders...Show MoreMetadata
Abstract:
Federated Learning (FL) is nowadays one of the most promising paradigms for privacy-preserving distributed learning. Without revealing its local private data to outsiders, a client in FL systems collaborates to build a global Deep Neural Network (DNN) by submitting its local model parameter update to a central server for iterative aggregation. With secure multi-party computation protocols, the submitted update of any client is also by design invisible to the server. Seemingly, this standard design is a win-win for client privacy and service provider utility. Ironically, any attacker may also use manipulated or impersonated client to submit almost any attack payloads under the umbrella of the FL protocol itself. In this work, we craft a practical backdoor attack on FL systems that is proved to be simultaneously effective and stealthy on diverse use cases of FL systems and leading commercial FL platforms in the real world. Basically, we first identify a small number of redundant neurons which tend to be rarely or slightly updated in the model, and then inject backdoor into these redundant neurons instead of the whole model. In this way, our backdoor attack can achieve a high attack success rate with a minor impact on the accuracy of the original task. As countermeasures, we further consider several common technical choices including robust aggregation mechanisms, differential privacy mechanism,s and network pruning. However, none of the defenses show desirable defense capability against our backdoor attack. Our results strongly highlight the vulnerability of existing FL systems against backdoor attacks and the urgent need to develop more effective defense mechanisms.
Published in: IEEE Transactions on Dependable and Secure Computing ( Volume: 21, Issue: 6, Nov.-Dec. 2024)
Funding Agency:
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Chenghui Shi received the bachelor's degree in electronic and information engineering from the University of Shanghai for Science and Technology. He is currently working toward the PhD degree with the College of Computer Science and Technology, Zhejiang University. His current research interests focus on AI Security.
Chenghui Shi received the bachelor's degree in electronic and information engineering from the University of Shanghai for Science and Technology. He is currently working toward the PhD degree with the College of Computer Science and Technology, Zhejiang University. His current research interests focus on AI Security.View more
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Shouling Ji (Member, IEEE) received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology and the PhD degree in computer science from Georgia State University. He is a Qiushi distinguished professor with the College of Computer Science and Technology, Zhejiang University. His current research interests include data-driven security and privacy, AI security and software and system se...Show More
Shouling Ji (Member, IEEE) received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology and the PhD degree in computer science from Georgia State University. He is a Qiushi distinguished professor with the College of Computer Science and Technology, Zhejiang University. His current research interests include data-driven security and privacy, AI security and software and system se...View more
School of Computer Science and Technology, Fudan University, Shanghai, China
Xudong Pan received the PhD degree in computer science from Fudan University. His current research interests include AI supply chain security, privacy risks of open AI systems, and copyright protection for AI models. He has published more than 20 papers with top-tier conferences/journals including IEEE Transactions on Pattern Analysis and Machine Intelligence, IEEE Transactions on Knowledge and Data Engineering, NeurIPS, ...Show More
Xudong Pan received the PhD degree in computer science from Fudan University. His current research interests include AI supply chain security, privacy risks of open AI systems, and copyright protection for AI models. He has published more than 20 papers with top-tier conferences/journals including IEEE Transactions on Pattern Analysis and Machine Intelligence, IEEE Transactions on Knowledge and Data Engineering, NeurIPS, ...View more
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Xuhong Zhang received the PhD degree in computer engineering from the University of Central Florida, in 2017. He is a 100-Young professor with the School of Software Technology, Zhejiang University. His research interests include distributed Big Data and AI systems, Big Data mining and analysis, data-driven security, AI and security. He has authored more than 20 publications in premier journals and conferences such as IEE...Show More
Xuhong Zhang received the PhD degree in computer engineering from the University of Central Florida, in 2017. He is a 100-Young professor with the School of Software Technology, Zhejiang University. His research interests include distributed Big Data and AI systems, Big Data mining and analysis, data-driven security, AI and security. He has authored more than 20 publications in premier journals and conferences such as IEE...View more
School of Computer Science and Technology, Fudan University, Shanghai, China
Mi Zhang received the PhD degree in computer science from University College Dublin, in 2010. She is currently a professor with the School of Computer Science, Fudan University. Her research interests include theoretical and applied machine learning.
Mi Zhang received the PhD degree in computer science from University College Dublin, in 2010. She is currently a professor with the School of Computer Science, Fudan University. Her research interests include theoretical and applied machine learning.View more
School of Computer Science and Technology, Fudan University, Shanghai, China
Min Yang received the BSc and the PhD degrees in computer science from Fudan University, in 2001 and 2006, respectively, where he is currently a professor with the School of Computer Science, Fudan University. His research interests include system security and AI security.
Min Yang received the BSc and the PhD degrees in computer science from Fudan University, in 2001 and 2006, respectively, where he is currently a professor with the School of Computer Science, Fudan University. His research interests include system security and AI security.View more
Ant Group, Hangzhou, China
Jun Zhou is currently a senior staff engineer with Ant Group. His research mainly focuses on machine learning and data mining. He has participated in the development of several distributed systems and machine learning platforms in Alibaba and Ant Group, such as Apsaras, MaxCompute, and KunPeng. He has published more than 40 papers in top-tier machine learning and data mining conferences, including VLDB, WWW, SIGIR, NeurIP...Show More
Jun Zhou is currently a senior staff engineer with Ant Group. His research mainly focuses on machine learning and data mining. He has participated in the development of several distributed systems and machine learning platforms in Alibaba and Ant Group, such as Apsaras, MaxCompute, and KunPeng. He has published more than 40 papers in top-tier machine learning and data mining conferences, including VLDB, WWW, SIGIR, NeurIP...View more
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Jianwei Yin received the PhD degree in computer science from Zhejiang University, in 2001. He is currently a full professor with the College of Computer Science, Zhejiang University. He has published more than 100 papers in top international journals and conferences. His current research interests include quantum computing, service computing and business process management. He is an associate editor of IEEE Transactions o...Show More
Jianwei Yin received the PhD degree in computer science from Zhejiang University, in 2001. He is currently a full professor with the College of Computer Science, Zhejiang University. He has published more than 100 papers in top international journals and conferences. His current research interests include quantum computing, service computing and business process management. He is an associate editor of IEEE Transactions o...View more
Department of Computer Science, Stony Brook University, Stony Brook, NY, USA
Ting Wang received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology. He is currently an assistant professor and Empire Innovation Scholar with the Department of Computer Science, Stony Brook University. Before joining Stony Brook, He was an associate professor with the College of Information Sciences and Technology, Penn State. His current work focuses on making AI systems mor...Show More
Ting Wang received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology. He is currently an assistant professor and Empire Innovation Scholar with the Department of Computer Science, Stony Brook University. Before joining Stony Brook, He was an associate professor with the College of Information Sciences and Technology, Penn State. His current work focuses on making AI systems mor...View more
Contents College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Chenghui Shi received the bachelor's degree in electronic and information engineering from the University of Shanghai for Science and Technology. He is currently working toward the PhD degree with the College of Computer Science and Technology, Zhejiang University. His current research interests focus on AI Security.
Chenghui Shi received the bachelor's degree in electronic and information engineering from the University of Shanghai for Science and Technology. He is currently working toward the PhD degree with the College of Computer Science and Technology, Zhejiang University. His current research interests focus on AI Security.View more
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Shouling Ji (Member, IEEE) received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology and the PhD degree in computer science from Georgia State University. He is a Qiushi distinguished professor with the College of Computer Science and Technology, Zhejiang University. His current research interests include data-driven security and privacy, AI security and software and system security. He is a member of ACM, and a senior member of CCF. He was a research intern with the IBM T. J. Watson Research Center. He is the recipient of the 2012 Chinese Government Award for Outstanding Self-Financed Students Abroad and 10 Best/Outstanding Paper Awards, including ACM CCS 2021.
Shouling Ji (Member, IEEE) received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology and the PhD degree in computer science from Georgia State University. He is a Qiushi distinguished professor with the College of Computer Science and Technology, Zhejiang University. His current research interests include data-driven security and privacy, AI security and software and system security. He is a member of ACM, and a senior member of CCF. He was a research intern with the IBM T. J. Watson Research Center. He is the recipient of the 2012 Chinese Government Award for Outstanding Self-Financed Students Abroad and 10 Best/Outstanding Paper Awards, including ACM CCS 2021.View more
School of Computer Science and Technology, Fudan University, Shanghai, China
Xudong Pan received the PhD degree in computer science from Fudan University. His current research interests include AI supply chain security, privacy risks of open AI systems, and copyright protection for AI models. He has published more than 20 papers with top-tier conferences/journals including IEEE Transactions on Pattern Analysis and Machine Intelligence, IEEE Transactions on Knowledge and Data Engineering, NeurIPS, ICML, IEEE Security and Privacy, and USENIX Security.
Xudong Pan received the PhD degree in computer science from Fudan University. His current research interests include AI supply chain security, privacy risks of open AI systems, and copyright protection for AI models. He has published more than 20 papers with top-tier conferences/journals including IEEE Transactions on Pattern Analysis and Machine Intelligence, IEEE Transactions on Knowledge and Data Engineering, NeurIPS, ICML, IEEE Security and Privacy, and USENIX Security.View more
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Xuhong Zhang received the PhD degree in computer engineering from the University of Central Florida, in 2017. He is a 100-Young professor with the School of Software Technology, Zhejiang University. His research interests include distributed Big Data and AI systems, Big Data mining and analysis, data-driven security, AI and security. He has authored more than 20 publications in premier journals and conferences such as IEEE Transactions on Dependable and Secure Computing, TPDC, IEEE Security and Privacy, USENIX Security, ACM CCS, NDSS, VLDB, etc.
Xuhong Zhang received the PhD degree in computer engineering from the University of Central Florida, in 2017. He is a 100-Young professor with the School of Software Technology, Zhejiang University. His research interests include distributed Big Data and AI systems, Big Data mining and analysis, data-driven security, AI and security. He has authored more than 20 publications in premier journals and conferences such as IEEE Transactions on Dependable and Secure Computing, TPDC, IEEE Security and Privacy, USENIX Security, ACM CCS, NDSS, VLDB, etc.View more
School of Computer Science and Technology, Fudan University, Shanghai, China
Mi Zhang received the PhD degree in computer science from University College Dublin, in 2010. She is currently a professor with the School of Computer Science, Fudan University. Her research interests include theoretical and applied machine learning.
Mi Zhang received the PhD degree in computer science from University College Dublin, in 2010. She is currently a professor with the School of Computer Science, Fudan University. Her research interests include theoretical and applied machine learning.View more
School of Computer Science and Technology, Fudan University, Shanghai, China
Min Yang received the BSc and the PhD degrees in computer science from Fudan University, in 2001 and 2006, respectively, where he is currently a professor with the School of Computer Science, Fudan University. His research interests include system security and AI security.
Min Yang received the BSc and the PhD degrees in computer science from Fudan University, in 2001 and 2006, respectively, where he is currently a professor with the School of Computer Science, Fudan University. His research interests include system security and AI security.View more
Ant Group, Hangzhou, China
Jun Zhou is currently a senior staff engineer with Ant Group. His research mainly focuses on machine learning and data mining. He has participated in the development of several distributed systems and machine learning platforms in Alibaba and Ant Group, such as Apsaras, MaxCompute, and KunPeng. He has published more than 40 papers in top-tier machine learning and data mining conferences, including VLDB, WWW, SIGIR, NeurIPS, AAAI, IJCAI, and KDD.
Jun Zhou is currently a senior staff engineer with Ant Group. His research mainly focuses on machine learning and data mining. He has participated in the development of several distributed systems and machine learning platforms in Alibaba and Ant Group, such as Apsaras, MaxCompute, and KunPeng. He has published more than 40 papers in top-tier machine learning and data mining conferences, including VLDB, WWW, SIGIR, NeurIPS, AAAI, IJCAI, and KDD.View more
College of Computer Science and Technology, Zhejiang University, Hangzhou, China
Jianwei Yin received the PhD degree in computer science from Zhejiang University, in 2001. He is currently a full professor with the College of Computer Science, Zhejiang University. He has published more than 100 papers in top international journals and conferences. His current research interests include quantum computing, service computing and business process management. He is an associate editor of IEEE Transactions on Services Computing.
Jianwei Yin received the PhD degree in computer science from Zhejiang University, in 2001. He is currently a full professor with the College of Computer Science, Zhejiang University. He has published more than 100 papers in top international journals and conferences. His current research interests include quantum computing, service computing and business process management. He is an associate editor of IEEE Transactions on Services Computing.View more
Department of Computer Science, Stony Brook University, Stony Brook, NY, USA
Ting Wang received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology. He is currently an assistant professor and Empire Innovation Scholar with the Department of Computer Science, Stony Brook University. Before joining Stony Brook, He was an associate professor with the College of Information Sciences and Technology, Penn State. His current work focuses on making AI systems more practically usable through improving their Security Assurance, Privacy Preservation, and Decision-Making Transparency.
Ting Wang received the PhD degree in electrical and computer engineering from the Georgia Institute of Technology. He is currently an assistant professor and Empire Innovation Scholar with the Department of Computer Science, Stony Brook University. Before joining Stony Brook, He was an associate professor with the College of Information Sciences and Technology, Penn State. His current work focuses on making AI systems more practically usable through improving their Security Assurance, Privacy Preservation, and Decision-Making Transparency.View more
