DABS: Data-Agnostic Backdoor attack at the Server in Federated Learning
This addresses security vulnerabilities in federated learning systems, particularly for applications with heterogeneous devices, though it is incremental as it builds on existing backdoor attack research.
The paper tackles the problem of backdoor attacks in federated learning by proposing DABS, a server-side attack that directly modifies the global model, achieving a higher attack success rate than baseline methods while maintaining normal accuracy on clean data.
Federated learning (FL) attempts to train a global model by aggregating local models from distributed devices under the coordination of a central server. However, the existence of a large number of heterogeneous devices makes FL vulnerable to various attacks, especially the stealthy backdoor attack. Backdoor attack aims to trick a neural network to misclassify data to a target label by injecting specific triggers while keeping correct predictions on original training data. Existing works focus on client-side attacks which try to poison the global model by modifying the local datasets. In this work, we propose a new attack model for FL, namely Data-Agnostic Backdoor attack at the Server (DABS), where the server directly modifies the global model to backdoor an FL system. Extensive simulation results show that this attack scheme achieves a higher attack success rate compared with baseline methods while maintaining normal accuracy on the clean data.