DROP: Poison Dilution via Knowledge Distillation for Federated Learning
This addresses security vulnerabilities in Federated Learning for applications like healthcare or finance, but it is incremental as it builds on existing defense mechanisms.
The paper tackles the problem of targeted backdoor attacks in Federated Learning by introducing DROP, a defense mechanism that uses clustering, activity-tracking, and knowledge distillation to extract benign behavior from clients, showing superior robustness across various learning configurations.
Federated Learning is vulnerable to adversarial manipulation, where malicious clients can inject poisoned updates to influence the global model's behavior. While existing defense mechanisms have made notable progress, they fail to protect against adversaries that aim to induce targeted backdoors under different learning and attack configurations. To address this limitation, we introduce DROP (Distillation-based Reduction Of Poisoning), a novel defense mechanism that combines clustering and activity-tracking techniques with extraction of benign behavior from clients via knowledge distillation to tackle stealthy adversaries that manipulate low data poisoning rates and diverse malicious client ratios within the federation. Through extensive experimentation, our approach demonstrates superior robustness compared to existing defenses across a wide range of learning configurations. Finally, we evaluate existing defenses and our method under the challenging setting of non-IID client data distribution and highlight the challenges of designing a resilient FL defense in this setting.