Defending Against Data Poisoning Attack in Federated Learning With Non-IID Data

Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their local data. However, the absence of central server control in distributed environments exposes a vulnerability to data poisoning attacks, where...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on computational social systems Vol. 11; no. 2; pp. 2313 - 2325
Main Authors Yin, Chunyong, Zeng, Qingkui
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.04.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Clients
Cognitive tasks
Computational modeling
Data augmentation
Data models
data poisoning
Deep learning
Distributed databases
Federated learning
federated learning (FL)
gradient detection
Model accuracy
Servers
Training
Training data
Online AccessGet full text
ISSN2329-924X
2373-7476
DOI10.1109/TCSS.2023.3296885

Cover

More Information
Summary:Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their local data. However, the absence of central server control in distributed environments exposes a vulnerability to data poisoning attacks, where adversaries manipulate the behavior of compromised clients by poisoning local data. In particular, data poisoning attacks against FL can have a drastic impact when the participant's local data is non-independent and identically distributed (non-IID). Most existing defense strategies have demonstrated promising results in mitigating FL poisoning attacks, however, fail to maintain their effectiveness with non-IID data. In this work, we propose an effective defense framework, FL data augmentation (FLDA), which defends against data poisoning attacks through local data mixup on the clients. In addition, to mitigate the non-IID effect by exploiting the limited local data, we propose a gradient detection strategy to reduce the proportion of malicious clients and raise benign clients. Experimental results on datasets show that FLDA can effectively reduce the poisoning success rate and improve the global model training accuracy under poisoning attacks for non-IID data. Furthermore, FLDA can increase the FL accuracy by more than 12% after detecting malicious clients.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2329-924X
2373-7476
DOI:10.1109/TCSS.2023.3296885