Client-Side Patching against Backdoor Attacks in Federated Learning
This addresses security vulnerabilities in federated learning systems, particularly under heterogeneous data distributions, offering an incremental improvement over existing defenses.
The paper tackles the problem of backdoor attacks in federated learning by proposing a client-side defense mechanism that uses adversarial learning and model patching, demonstrating effectiveness in reducing backdoor accuracy on MNIST and Fashion-MNIST datasets while maintaining competitive clean data accuracy.
Federated learning is a versatile framework for training models in decentralized environments. However, the trust placed in clients makes federated learning vulnerable to backdoor attacks launched by malicious participants. While many defenses have been proposed, they often fail short when facing heterogeneous data distributions among participating clients. In this paper, we propose a novel defense mechanism for federated learning systems designed to mitigate backdoor attacks on the clients-side. Our approach leverages adversarial learning techniques and model patching to neutralize the impact of backdoor attacks. Through extensive experiments on the MNIST and Fashion-MNIST datasets, we demonstrate that our defense effectively reduces backdoor accuracy, outperforming existing state-of-the-art defenses, such as LFighter, FLAME, and RoseAgg, in i.i.d. and non-i.i.d. scenarios, while maintaining competitive or superior accuracy on clean data.