An Empirical Analysis of Federated Learning Models Subject to Label-Flipping Adversarial Attack
This work addresses security vulnerabilities in federated learning for practitioners, but it is incremental as it applies existing attack methods to multiple models without introducing new defenses.
The paper empirically analyzes label-flipping adversarial attacks on various federated learning models, finding that models differ in robustness to the percentage of adversarial clients and flipped labels, with experiments involving up to 100 clients and varying attack parameters.
In this paper, we empirically analyze adversarial attacks on selected federated learning models. The specific learning models considered are Multinominal Logistic Regression (MLR), Support Vector Classifier (SVC), Multilayer Perceptron (MLP), Convolution Neural Network (CNN), %Recurrent Neural Network (RNN), Random Forest, XGBoost, and Long Short-Term Memory (LSTM). For each model, we simulate label-flipping attacks, experimenting extensively with 10 federated clients and 100 federated clients. We vary the percentage of adversarial clients from 10% to 100% and, simultaneously, the percentage of labels flipped by each adversarial client is also varied from 10% to 100%. Among other results, we find that models differ in their inherent robustness to the two vectors in our label-flipping attack, i.e., the percentage of adversarial clients, and the percentage of labels flipped by each adversarial client. We discuss the potential practical implications of our results.