How to Backdoor HyperNetwork in Personalized Federated Learning?
This addresses a security vulnerability in federated learning systems, which is an incremental but important contribution for protecting privacy and integrity in distributed machine learning.
The paper tackles the problem of backdoor attacks in HyperNet-based personalized federated learning by proposing HNTroj, a novel model transferring attack that reduces the number of compromised clients needed and remains stealthy without degrading model utility on legitimate data.
This paper explores previously unknown backdoor risks in HyperNet-based personalized federated learning (HyperNetFL) through poisoning attacks. Based upon that, we propose a novel model transferring attack (called HNTroj), i.e., the first of its kind, to transfer a local backdoor infected model to all legitimate and personalized local models, which are generated by the HyperNetFL model, through consistent and effective malicious local gradients computed across all compromised clients in the whole training process. As a result, HNTroj reduces the number of compromised clients needed to successfully launch the attack without any observable signs of sudden shifts or degradation regarding model utility on legitimate data samples making our attack stealthy. To defend against HNTroj, we adapted several backdoor-resistant FL training algorithms into HyperNetFL. An extensive experiment that is carried out using several benchmark datasets shows that HNTroj significantly outperforms data poisoning and model replacement attacks and bypasses robust training algorithms even with modest numbers of compromised clients.