Buffer is All You Need: Defending Federated Learning against Backdoor Attacks under Non-iids via Buffering
This addresses a critical security vulnerability in federated learning for distributed systems, offering a novel defense under realistic non-iid conditions, though it is incremental as it builds on existing defense concepts.
The paper tackles the problem of defending federated learning against backdoor attacks under non-iid data distributions by proposing FLBuff, which models non-iid as omni-directional expansion and backdoor attacks as uni-directional to create a buffer layer, resulting in consistent outperformance over state-of-the-art defenses in evaluations.
Federated Learning (FL) is a popular paradigm enabling clients to jointly train a global model without sharing raw data. However, FL is known to be vulnerable towards backdoor attacks due to its distributed nature. As participants, attackers can upload model updates that effectively compromise FL. What's worse, existing defenses are mostly designed under independent-and-identically-distributed (iid) settings, hence neglecting the fundamental non-iid characteristic of FL. Here we propose FLBuff for tackling backdoor attacks even under non-iids. The main challenge for such defenses is that non-iids bring benign and malicious updates closer, hence harder to separate. FLBuff is inspired by our insight that non-iids can be modeled as omni-directional expansion in representation space while backdoor attacks as uni-directional. This leads to the key design of FLBuff, i.e., a supervised-contrastive-learning model extracting penultimate-layer representations to create a large in-between buffer layer. Comprehensive evaluations demonstrate that FLBuff consistently outperforms state-of-the-art defenses.