Sybil-based Virtual Data Poisoning Attacks in Federated Learning
This work addresses security risks in federated learning for systems with malicious clients, but it is incremental as it builds on existing attack methods.
The paper tackles the vulnerability of federated learning to poisoning attacks by proposing a sybil-based virtual data poisoning attack that uses gradient matching to reduce computational complexity, and it outperforms other attack algorithms in simulations under non-independent uniformly distributed data.
Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the poisoning model's impact. To reduce neural network computational complexity, we develop a virtual data generation method based on gradient matching. We also design three schemes for target model acquisition, applicable to online local, online global, and offline scenarios. In simulation, our method outperforms other attack algorithms since our method can obtain a global target model under non-independent uniformly distributed data.