BaFFLe: Backdoor Detection via Feedback-based Federated Learning
Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detec...
Saved in:
| Published in | Proceedings of the International Conference on Distributed Computing Systems pp. 852 - 863 |
|---|---|
| Main Authors | , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.07.2021
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2575-8411 |
| DOI | 10.1109/ICDCS51616.2021.00086 |
Cover
| Abstract | Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detection via Feedback-based Federated Learning (BAFFLE), a novel defense to secure FL against backdoor attacks. The core idea behind BAFFLE is to leverage data of multiple clients not only for training but also for uncovering model poisoning. We exploit the availability of diverse datasets at the various clients by incorporating a feedback loop into the FL process, to integrate the views of those clients when deciding whether a given model update is genuine or not. We show that this powerful construct can achieve very high detection rates against state-of-the-art backdoor attacks, even when relying on straightforward methods to validate the model. Through empirical evaluation using the CIFAR-10 and FEMNIST datasets, we show that by combining the feedback loop with a method that suspects poisoning attempts by assessing the per-class classification performance of the updated model, BAFFLE reliably detects state-of-the-art backdoor attacks with a detection accuracy of 100% and a false-positive rate below 5%. Moreover, we show that our solution can detect adaptive attacks aimed at bypassing the defense. |
|---|---|
| AbstractList | Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are effective even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose Backdoor detection via Feedback-based Federated Learning (BAFFLE), a novel defense to secure FL against backdoor attacks. The core idea behind BAFFLE is to leverage data of multiple clients not only for training but also for uncovering model poisoning. We exploit the availability of diverse datasets at the various clients by incorporating a feedback loop into the FL process, to integrate the views of those clients when deciding whether a given model update is genuine or not. We show that this powerful construct can achieve very high detection rates against state-of-the-art backdoor attacks, even when relying on straightforward methods to validate the model. Through empirical evaluation using the CIFAR-10 and FEMNIST datasets, we show that by combining the feedback loop with a method that suspects poisoning attempts by assessing the per-class classification performance of the updated model, BAFFLE reliably detects state-of-the-art backdoor attacks with a detection accuracy of 100% and a false-positive rate below 5%. Moreover, we show that our solution can detect adaptive attacks aimed at bypassing the defense. |
| Author | Marson, Giorgia Azzurra Mollering, Helen Andreina, Sebastien Karame, Ghassan |
| Author_xml | – sequence: 1 givenname: Sebastien surname: Andreina fullname: Andreina, Sebastien email: sebastien.andreina@neclab.eu organization: NEC Labs Europe,Heidelberg,Germany – sequence: 2 givenname: Giorgia Azzurra surname: Marson fullname: Marson, Giorgia Azzurra email: giorgia.marson@neclab.eu organization: NEC Labs Europe,Heidelberg,Germany – sequence: 3 givenname: Helen surname: Mollering fullname: Mollering, Helen email: moellering@encrypto.cs.tu-darmstadt.de organization: ENCRYPTO/TU Darmstadt,Darmstadt,Germany – sequence: 4 givenname: Ghassan surname: Karame fullname: Karame, Ghassan email: ghassan@karame.org organization: NEC Labs Europe,Heidelberg,Germany |
| BookMark | eNotTttKxDAUjKLgdvULROgPtOakyUnqk27X6kLBB_V5OW1OJV5aaYvg329An2aGuTCJOBnGgYW4ApkDyPJ6V22rZwMImCupIJdSOjwSCSAarQ0U8lislLEmcxrgTCTz_B4zxmGxErcbquuGb9INdR9-HKd0ywt3SxiH9CdQWjP7NlpZSzP7KD1PtETWME1DGN7OxWlPnzNf_ONavNb3L9Vj1jw97Kq7JgtKFktG7Ly1yitWyvveQ1TSGgtOa48KAawFkn3XWV2idq2JBcNdS0gufijW4vJvNzDz_nsKXzT97kujUWNRHAAJFUqG |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/ICDCS51616.2021.00086 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 1665445130 9781665445139 |
| EISSN | 2575-8411 |
| EndPage | 863 |
| ExternalDocumentID | 9546463 |
| Genre | orig-research |
| GroupedDBID | 23M 29G 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i203t-ae8d772d2e22ddfd1d7707571844d62611771a0fcc749648b5e8d5ecba6a8eed3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:26:52 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-ae8d772d2e22ddfd1d7707571844d62611771a0fcc749648b5e8d5ecba6a8eed3 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_9546463 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-July |
| PublicationDateYYYYMMDD | 2021-07-01 |
| PublicationDate_xml | – month: 07 year: 2021 text: 2021-July |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings of the International Conference on Distributed Computing Systems |
| PublicationTitleAbbrev | ICDCS |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0005863 |
| Score | 2.5197215 |
| Snippet | Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks that inject a backdoor into the global model. These attacks are... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 852 |
| SubjectTerms | Adaptation models backdoor attacks Collaborative work Computational modeling Conferences Data models federated learning Feedback loop security Training |
| Title | BaFFLe: Backdoor Detection via Feedback-based Federated Learning |
| URI | https://ieeexplore.ieee.org/document/9546463 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELbaTkwFWsRbHhhxmoftJEyoLVFBFCFBpW6VY19QhZSgKmXg13NO0lYgBrY85Di6c3Kf7e-7I-TKeAZRAmQsNZHLuPEzFomYsxjcwFjpdSysGnn6JCcz_jAX8xa53mphAKAin4FjD6u9fFPotV0qG8SCSy6DNmnjMKu1Wjs6RySDRqHjufHgfjQevQiEM5aG4HtOhd1_VFCpAkjSJdNN1zVv5N1Zl6mjv35lZfzvu-2T_k6qR5-3QeiAtCA_JN1NrQbafLo9cjtUSfIIN3So9LspihUdQ1nRsHL6uVQ0wQekeIvZsGbw1GbkRDRKmwSsb30yS-5eRxPWVE9gS98NSqYgMgidjQ--b0yGTglDxAcYizg3OI2xu7WecjOtQx5LHqUCGwjQqZIqwj6DI9LJixyOCQW0oIwk_heFwemjigNtUj9LhQ5cCHV2QnrWIIuPOkHGorHF6d-Xz8iedUnNeT0nnXK1hguM7GV6Wbn0GwuSoog |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT8JAEN0gHvSECsZve_BoSz92260nA9iAAjEREm5kuzs1hKQ1pHjw1zvbFojGg7dum-02M2nnTfe9GULulKMQJUBixorbJlVuYnIWUjME21Naeh0yrUYejf3-lD7P2KxG7rdaGAAoyGdg6cNiL19lcq1_lbVDRn3qe3tkn2FWwUu11o7QwX2v0ug4dtgedHvdN4aARhMRXMcq0PuPHipFCIkaZLRZvGSOLK11Hlvy61ddxv8-3RFp7cR6xus2DB2TGqQnpLHp1mBUL2-TPHZEFA3hwegIuVRZtjJ6kBdErNT4XAgjwhvEeMnUgU3hUNfkRDxqVCVY31tkGj1Nun2z6p9gLlzby00BXCF4Vi64rlIJuiUIECFgNKJUYSKj92sdYSdSBjT0KY8ZTmAgY-ELjmt6p6SeZimcEQPQgj738cvIFCaQIvSkit0kZtKzIZDJOWlqg8w_yhIZ88oWF3-fviUH_cloOB8Oxi-X5FC7p2TAXpF6vlrDNcb5PL4p3PsNy-Kl2w |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=Proceedings+of+the+International+Conference+on+Distributed+Computing+Systems&rft.atitle=BaFFLe%3A+Backdoor+Detection+via+Feedback-based+Federated+Learning&rft.au=Andreina%2C+Sebastien&rft.au=Marson%2C+Giorgia+Azzurra&rft.au=Mollering%2C+Helen&rft.au=Karame%2C+Ghassan&rft.date=2021-07-01&rft.pub=IEEE&rft.eissn=2575-8411&rft.spage=852&rft.epage=863&rft_id=info:doi/10.1109%2FICDCS51616.2021.00086&rft.externalDocID=9546463 |