Foundation Models in Federated Learning: Assessing Backdoor Vulnerabilities
This work addresses a critical security problem for FL systems leveraging FMs, highlighting an incremental but urgent vulnerability that current defenses fail to mitigate.
The paper tackles the problem of backdoor vulnerabilities in Federated Learning (FL) when using Foundation Models (FMs) to generate synthetic datasets, finding that FL systems are highly susceptible to these novel attacks, with experiments showing significant compromise across image and text domains.
Federated Learning (FL), a privacy-preserving machine learning framework, faces significant data-related challenges. For example, the lack of suitable public datasets leads to ineffective information exchange, especially in heterogeneous environments with uneven data distribution. Foundation Models (FMs) offer a promising solution by generating synthetic datasets that mimic client data distributions, aiding model initialization and knowledge sharing among clients. However, the interaction between FMs and FL introduces new attack vectors that remain largely unexplored. This work therefore assesses the backdoor vulnerabilities exploiting FMs, where attackers exploit safety issues in FMs and poison synthetic datasets to compromise the entire system. Unlike traditional attacks, these new threats are characterized by their one-time, external nature, requiring minimal involvement in FL training. Given these uniqueness, current FL defense strategies provide limited robustness against this novel attack approach. Extensive experiments across image and text domains reveal the high susceptibility of FL to these novel threats, emphasizing the urgent need for enhanced security measures in FL in the era of FMs.