Attacks on Robust Distributed Learning Schemes via Sensitivity Curve Maximization
This work addresses security risks in distributed learning systems, such as federated learning, by exposing weaknesses in current robust aggregation methods, which is incremental as it builds on prior attack research.
The paper tackles the vulnerability of robust aggregation schemes in distributed learning to attacks by introducing a new attack method based on sensitivity curve maximization, which disrupts existing schemes with small perturbations.
Distributed learning paradigms, such as federated or decentralized learning, allow a collection of agents to solve global learning and optimization problems through limited local interactions. Most such strategies rely on a mixture of local adaptation and aggregation steps, either among peers or at a central fusion center. Classically, aggregation in distributed learning is based on averaging, which is statistically efficient, but susceptible to attacks by even a small number of malicious agents. This observation has motivated a number of recent works, which develop robust aggregation schemes by employing robust variations of the mean. We present a new attack based on sensitivity curve maximization (SCM), and demonstrate that it is able to disrupt existing robust aggregation schemes by injecting small, but effective perturbations.