Beyond Traditional Threats: A Persistent Backdoor Attack on Federated Learning
This addresses security vulnerabilities in federated learning systems, presenting an incremental improvement in backdoor attack methods.
The paper tackles the problem of backdoor attacks in federated learning being diluted by benign updates, proposing a Full Combination Backdoor Attack (FCBA) that improves attack persistence, achieving over a 50% increase in success rate on GTSRB after 120 rounds compared to baselines.
Backdoors on federated learning will be diluted by subsequent benign updates. This is reflected in the significant reduction of attack success rate as iterations increase, ultimately failing. We use a new metric to quantify the degree of this weakened backdoor effect, called attack persistence. Given that research to improve this performance has not been widely noted,we propose a Full Combination Backdoor Attack (FCBA) method. It aggregates more combined trigger information for a more complete backdoor pattern in the global model. Trained backdoored global model is more resilient to benign updates, leading to a higher attack success rate on the test set. We test on three datasets and evaluate with two models across various settings. FCBA's persistence outperforms SOTA federated learning backdoor attacks. On GTSRB, postattack 120 rounds, our attack success rate rose over 50% from baseline. The core code of our method is available at https://github.com/PhD-TaoLiu/FCBA.