FedDefender: Backdoor Attack Defense in Federated Learning
This addresses security vulnerabilities in federated learning systems, which is crucial for privacy-preserving distributed machine learning, though it appears incremental as it builds on existing defense strategies.
The paper tackles the problem of targeted poisoning attacks in federated learning by proposing FedDefender, a defense mechanism that uses differential testing on neuron activations to identify malicious clients, resulting in a reduction of the attack success rate to 10% without harming global model performance.
Federated Learning (FL) is a privacy-preserving distributed machine learning technique that enables individual clients (e.g., user participants, edge devices, or organizations) to train a model on their local data in a secure environment and then share the trained model with an aggregator to build a global model collaboratively. In this work, we propose FedDefender, a defense mechanism against targeted poisoning attacks in FL by leveraging differential testing. Our proposed method fingerprints the neuron activations of clients' models on the same input and uses differential testing to identify a potentially malicious client containing a backdoor. We evaluate FedDefender using MNIST and FashionMNIST datasets with 20 and 30 clients, and our results demonstrate that FedDefender effectively mitigates such attacks, reducing the attack success rate (ASR) to 10\% without deteriorating the global model performance.