Network-Level Adversaries in Federated Learning
This addresses security risks in federated learning for privacy-sensitive applications, though it is incremental by focusing on a new attack vector within an existing threat landscape.
The paper tackles the vulnerability of federated learning to network-level adversaries, showing that attackers dropping traffic from selected clients can significantly decrease model accuracy, and proposes a server-side defense to mitigate this impact.
Federated learning is a popular strategy for training models on distributed, sensitive data, while preserving data privacy. Prior work identified a range of security threats on federated learning protocols that poison the data or the model. However, federated learning is a networked system where the communication between clients and server plays a critical role for the learning task performance. We highlight how communication introduces another vulnerability surface in federated learning and study the impact of network-level adversaries on training federated learning models. We show that attackers dropping the network traffic from carefully selected clients can significantly decrease model accuracy on a target population. Moreover, we show that a coordinated poisoning campaign from a few clients can amplify the dropping attacks. Finally, we develop a server-side defense which mitigates the impact of our attacks by identifying and up-sampling clients likely to positively contribute towards target accuracy. We comprehensively evaluate our attacks and defenses on three datasets, assuming encrypted communication channels and attackers with partial visibility of the network.