Defending Against Data Poisoning Attack in Federated Learning With Non-IID Data
Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their local data. However, the absence of central server control in distributed environments exposes a vulnerability to data poisoning attacks, where...
Saved in:
| Published in | IEEE transactions on computational social systems Vol. 11; no. 2; pp. 2313 - 2325 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
Piscataway
IEEE
01.04.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
| ISSN | 2329-924X 2373-7476 |
| DOI | 10.1109/TCSS.2023.3296885 |
Cover
| Abstract | Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their local data. However, the absence of central server control in distributed environments exposes a vulnerability to data poisoning attacks, where adversaries manipulate the behavior of compromised clients by poisoning local data. In particular, data poisoning attacks against FL can have a drastic impact when the participant's local data is non-independent and identically distributed (non-IID). Most existing defense strategies have demonstrated promising results in mitigating FL poisoning attacks, however, fail to maintain their effectiveness with non-IID data. In this work, we propose an effective defense framework, FL data augmentation (FLDA), which defends against data poisoning attacks through local data mixup on the clients. In addition, to mitigate the non-IID effect by exploiting the limited local data, we propose a gradient detection strategy to reduce the proportion of malicious clients and raise benign clients. Experimental results on datasets show that FLDA can effectively reduce the poisoning success rate and improve the global model training accuracy under poisoning attacks for non-IID data. Furthermore, FLDA can increase the FL accuracy by more than 12% after detecting malicious clients. |
|---|---|
| AbstractList | Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their local data. However, the absence of central server control in distributed environments exposes a vulnerability to data poisoning attacks, where adversaries manipulate the behavior of compromised clients by poisoning local data. In particular, data poisoning attacks against FL can have a drastic impact when the participant's local data is non-independent and identically distributed (non-IID). Most existing defense strategies have demonstrated promising results in mitigating FL poisoning attacks, however, fail to maintain their effectiveness with non-IID data. In this work, we propose an effective defense framework, FL data augmentation (FLDA), which defends against data poisoning attacks through local data mixup on the clients. In addition, to mitigate the non-IID effect by exploiting the limited local data, we propose a gradient detection strategy to reduce the proportion of malicious clients and raise benign clients. Experimental results on datasets show that FLDA can effectively reduce the poisoning success rate and improve the global model training accuracy under poisoning attacks for non-IID data. Furthermore, FLDA can increase the FL accuracy by more than 12% after detecting malicious clients. |
| Author | Zeng, Qingkui Yin, Chunyong |
| Author_xml | – sequence: 1 givenname: Chunyong orcidid: 0000-0001-5764-2432 surname: Yin fullname: Yin, Chunyong email: yinchunyong@hotmail.com organization: School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, China – sequence: 2 givenname: Qingkui surname: Zeng fullname: Zeng, Qingkui organization: School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, China |
| BookMark | eNp9kE1PAjEQhhuDiYj8ABMPm3he7Od2eyQgSkLEBIzemu62i0VssS0H_70scDAePM1kZp55k-cSdJx3BoBrBAcIQXG3HC0WAwwxGRAsirJkZ6CLCSc5p7zotD0WucD07QL0Y1xDCBFmjGPYBfOxaYzT1q2y4UpZF1M2Vkllz95G7w7jlFT9kVmXTYw2QSWjs5lR4bB8tek9e_Iun07HB_AKnDdqE03_VHvgZXK_HD3ms_nDdDSc5TUWNOVCVKqsFBOMEEohbxrIWIlRhZWApKFMV5qxgteYEopZUTdcGaSRIrpASBekB26Pf7fBf-1MTHLtd8HtIyWBBBEhKKT7K3S8qoOPMZhGboP9VOFbIihbdbJVJ1t18qRuz_A_TG2TSta7FJTd_EveHElrjPmVhERJBCc_IYx7hw |
| CODEN | ITCSGL |
| CitedBy_id | crossref_primary_10_1016_j_bspc_2024_107320 crossref_primary_10_1109_JIOT_2024_3462674 crossref_primary_10_1109_TMC_2024_3447087 crossref_primary_10_3390_fi16110415 |
| Cites_doi | 10.1186/s40537-019-0197-0 10.1109/DSA52907.2021.00081 10.1109/SP46215.2023.10179362 10.1016/j.future.2022.04.010 10.1109/DSC55868.2022.00014 10.1109/ICASSP39728.2021.9414862 10.1109/TIFS.2022.3212174 10.1145/3538707 10.1109/sp46215.2023.10179336 10.1109/tmc.2022.3173642 10.1007/978-3-031-17143-7_22 10.1109/TC.2022.3169436 10.1007/978-3-030-58951-6_24 10.1109/TII.2022.3156645 10.1109/tetc.2023.3268186 10.1109/MNET.112.2100706 10.1109/JSAC.2021.3118347 10.1109/TII.2022.3172310 10.1109/IJCNN.2017.7966217 10.3390/electronics11152393 10.1109/TNSM.2023.3278838 10.1109/TIFS.2021.3080522 10.1109/TIFS.2022.3169918 10.1109/ICECCME55909.2022.9988067 10.48550/arxiv.1710.09412 10.1109/TIFS.2023.3249568 10.1109/TNSE.2022.3175945 10.1109/MSP.2020.2975749 10.1109/TPDS.2022.3205714 10.1145/3501296 10.1109/CVPRW56347.2022.00383 10.1016/j.iot.2020.100187 10.1109/tnnls.2022.3182979 10.1016/j.cose.2023.103270 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/TCSS.2023.3296885 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Social Sciences (General) |
| EISSN | 2373-7476 |
| EndPage | 2325 |
| ExternalDocumentID | 10_1109_TCSS_2023_3296885 10198397 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Postgraduate Research and Practice Innovation Program of Jiangsu Province grantid: KYCX23_1357 – fundername: National Natural Science Foundation of China grantid: 61772282 funderid: 10.13039/501100001809 |
| GroupedDBID | 0R~ 4.4 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABQJQ ABVLG AGQYO AGSQL AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ EBS EJD IFIPE IPLJI JAVBF M43 OCL PQQKQ RIA RIE AAYXX CITATION RIG 7SC 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c294t-99ba8ba595334407ff055821b2a903f45dbd5567c2434256cf7ae1d1a3d611d63 |
| IEDL.DBID | RIE |
| ISSN | 2329-924X |
| IngestDate | Mon Jun 30 13:53:49 EDT 2025 Thu Apr 24 23:12:38 EDT 2025 Tue Jul 01 00:23:37 EDT 2025 Wed Aug 27 02:17:09 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c294t-99ba8ba595334407ff055821b2a903f45dbd5567c2434256cf7ae1d1a3d611d63 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-5764-2432 |
| PQID | 3031399404 |
| PQPubID | 2040411 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_10198397 crossref_primary_10_1109_TCSS_2023_3296885 proquest_journals_3031399404 crossref_citationtrail_10_1109_TCSS_2023_3296885 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2024-04-01 |
| PublicationDateYYYYMMDD | 2024-04-01 |
| PublicationDate_xml | – month: 04 year: 2024 text: 2024-04-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationPlace | Piscataway |
| PublicationPlace_xml | – name: Piscataway |
| PublicationTitle | IEEE transactions on computational social systems |
| PublicationTitleAbbrev | TCSS |
| PublicationYear | 2024 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref35 ref12 ref34 Ahmed (ref29) 2022; 26 ref37 ref36 Fang (ref21) ref31 ref30 ref11 ref33 ref10 ref32 ref2 ref1 ref17 ref39 ref16 ref38 ref19 ref18 Krizhevsky (ref45) 2009 Fung (ref47) Yin (ref14) ref24 ref46 Ozfatura (ref15) 2022 Blanchard (ref23); 30 ref26 ref25 Jebreel (ref7) 2022 ref20 ref42 ref41 ref43 McMahan (ref40) ref28 ref8 Panda (ref22) Sun (ref27); 34 ref9 ref4 ref3 ref6 ref5 Xiao (ref44) 2017 Wang (ref13) 2022 |
| References_xml | – ident: ref18 doi: 10.1186/s40537-019-0197-0 – volume: 30 start-page: 1 volume-title: Proc. Adv. Neural Inf. Process. Syst. ident: ref23 article-title: Machine learning with adversaries: Byzantine tolerant gradient descent – ident: ref26 doi: 10.1109/DSA52907.2021.00081 – ident: ref37 doi: 10.1109/SP46215.2023.10179362 – ident: ref35 doi: 10.1016/j.future.2022.04.010 – ident: ref24 doi: 10.1109/DSC55868.2022.00014 – start-page: 7587 volume-title: Proc. Int. Conf. Artif. Intell. Statist. ident: ref22 article-title: SparseFed: Mitigating model poisoning attacks in federated learning with sparsification – ident: ref19 doi: 10.1109/ICASSP39728.2021.9414862 – ident: ref30 doi: 10.1109/TIFS.2022.3212174 – ident: ref6 doi: 10.1145/3538707 – ident: ref31 doi: 10.1109/sp46215.2023.10179336 – year: 2022 ident: ref7 article-title: Defending against the label-flipping attack in federated learning publication-title: arXiv:2207.01982 – ident: ref12 doi: 10.1109/tmc.2022.3173642 – ident: ref46 doi: 10.1007/978-3-031-17143-7_22 – ident: ref41 doi: 10.1109/TC.2022.3169436 – ident: ref17 doi: 10.1007/978-3-030-58951-6_24 – start-page: 301 volume-title: Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses ident: ref47 article-title: The limitations of federated learning in Sybil settings – ident: ref5 doi: 10.1109/TII.2022.3156645 – start-page: 5650 volume-title: Proc. Int. Conf. Mach. Learn. ident: ref14 article-title: Byzantine-robust distributed learning: Towards optimal statistical rates – ident: ref39 doi: 10.1109/tetc.2023.3268186 – ident: ref42 doi: 10.1109/MNET.112.2100706 – volume: 34 start-page: 12613 volume-title: Proc. Adv. Neural Inf. Process. Syst. ident: ref27 article-title: FL-WBC: Enhancing robustness against model poisoning attacks in federated learning from a client perspective – ident: ref36 doi: 10.1109/JSAC.2021.3118347 – start-page: 1273 volume-title: Proc. PMLR ident: ref40 article-title: Communication-efficient learning of deep networks from decentralized data – ident: ref9 doi: 10.1109/TII.2022.3172310 – year: 2022 ident: ref13 article-title: BRIEF but powerful: Byzantine-robust and privacy-preserving federated learning via model segmentation and secure clustering publication-title: arXiv:2208.10161 – ident: ref43 doi: 10.1109/IJCNN.2017.7966217 – start-page: 1605 volume-title: Proc. 29th USENIX Secur. Symp. ident: ref21 article-title: Local model poisoning attacks to Byzantine-robust federated learning – ident: ref11 doi: 10.3390/electronics11152393 – ident: ref32 doi: 10.1109/TNSM.2023.3278838 – ident: ref8 doi: 10.1109/TIFS.2021.3080522 – ident: ref10 doi: 10.1109/TIFS.2022.3169918 – ident: ref38 doi: 10.1109/ICECCME55909.2022.9988067 – year: 2022 ident: ref15 article-title: Byzantines can also learn from history: Fall of centered clipping in federated learning publication-title: arXiv:2208.09894 – ident: ref20 doi: 10.48550/arxiv.1710.09412 – ident: ref33 doi: 10.1109/TIFS.2023.3249568 – ident: ref3 doi: 10.1109/TNSE.2022.3175945 – ident: ref4 doi: 10.1109/MSP.2020.2975749 – year: 2009 ident: ref45 article-title: Learning multiple layers of features from tiny images – year: 2017 ident: ref44 article-title: Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms publication-title: arXiv:1708.07747 – ident: ref16 doi: 10.1109/TPDS.2022.3205714 – ident: ref2 doi: 10.1145/3501296 – volume: 26 start-page: 973 issue: 7 year: 2022 ident: ref29 article-title: CCF based system framework in federated learning against data poisoning attacks publication-title: J. Appl. Sci. Eng. – ident: ref34 doi: 10.1109/CVPRW56347.2022.00383 – ident: ref1 doi: 10.1016/j.iot.2020.100187 – ident: ref25 doi: 10.1109/tnnls.2022.3182979 – ident: ref28 doi: 10.1016/j.cose.2023.103270 |
| SSID | ssj0001255720 |
| Score | 2.3321106 |
| Snippet | Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 2313 |
| SubjectTerms | Clients Cognitive tasks Computational modeling Data augmentation Data models data poisoning Deep learning Distributed databases Federated learning federated learning (FL) gradient detection Model accuracy Servers Training Training data |
| Title | Defending Against Data Poisoning Attack in Federated Learning With Non-IID Data |
| URI | https://ieeexplore.ieee.org/document/10198397 https://www.proquest.com/docview/3031399404 |
| Volume | 11 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA5uJy_-nDidkoMHFVqbNmmT49gcTnAK23C3kqTpHJNOXHfxrzdJMxmK4q20eSXk5eW9JO_7HgAXHCEhEFNert2LhxGVHtVuyiP6A6FUMcYNGvlhEN-N8f2ETBxY3WJhlFI2-Uz55tHe5WcLuTJHZdrC9RZZO9AaqOl5VoG1Ng5UCEnC9c0lCtjNqDMc-qY8uB-FLKamXPKG77HFVH6swNat9HbBYN2hKptk7q9K4cuPb1yN_-7xHthxASZsVzNiH2yp4gA0KxQudJa8hJeObvrqEDx2Va4stgW2p3ymw0XY5SWHTwuTaGRflyWXczgrYM9QT-joNIOOl3UKn2flCxwsCq_f71rBBhj3bkedO8-VWfBkyHDpMSY4FZyYRFOs93d5HhADnxUhZ0GUY5KJjJA4kSGOtIXHMk-4QhniURYjlMXREagXi0IdA6gSJgk1CwXDhvmNJlGcxZRIIrS0EE0QrBWQSsdBbkphvKZ2LxKw1OgsNTpLnc6a4PpL5K0i4PirccPoYKNhNfxN0FqrOXU2ukwjQ1vJGA7wyS9ip2Bb_90l6rRAvXxfqTMdg5Ti3M69T-mn1VU |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3Pb9MwFH5i5bBdxq9OCwzwYQdAShYndmIfp3ZVy9qC1FbsFtmO01VFKaLphb8e23GnagjELUr8FMvPz-_Zft_3AC4FxlJirsPKuJeQYKZCZtxUSM0HypjmXFg08mSaDRfk8x2982B1h4XRWrvkMx3ZR3eXX27Uzh6VGQs3W2TjQI_gqXH8hLRwrYMjFUrzZH93iWN-Ne_NZpEtEB6lCc-YLZh84H1cOZU_1mDnWAbPYLrvUptPso52jYzUr0dsjf_d5-dw6kNMdN3OiRfwRNcvIWhxuMjb8hZ98ITTH1_Bl76utEO3oOulWJmAEfVFI9DXjU01cq-bRqg1WtVoYMknTHxaIs_MukTfVs09mm7qcDTqO8EuLAY3894w9IUWQpVw0oScS8GkoDbVlJgdXlXF1AJoZSJ4nFaElrKkNMtVQlJj45mqcqFxiUVaZhiXWXoGnXpT63NAOueKMrtUcGK531ieZmXGqKLSSEsZQLxXQKE8C7kthvG9cLuRmBdWZ4XVWeF1FsCnB5EfLQXHvxp3rQ4OGrbDH8DFXs2Ft9JtkVriSs5JTF7_Rew9HA_nk3ExHk1v38CJ-ZNP27mATvNzp9-aiKSR79w8_A0_Gdih |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Defending+Against+Data+Poisoning+Attack+in+Federated+Learning+With+Non-IID+Data&rft.jtitle=IEEE+transactions+on+computational+social+systems&rft.au=Yin%2C+Chunyong&rft.au=Zeng%2C+Qingkui&rft.date=2024-04-01&rft.pub=IEEE&rft.eissn=2373-7476&rft.volume=11&rft.issue=2&rft.spage=2313&rft.epage=2325&rft_id=info:doi/10.1109%2FTCSS.2023.3296885&rft.externalDocID=10198397 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2329-924X&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2329-924X&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2329-924X&client=summon |