Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning

Add code
Jan 19, 2022
Phung Lai, NhatHai Phan, Abdallah Khreishah, Issa Khalil, Xintao Wu
Figure 1 for Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning
Figure 2 for Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning
Figure 3 for Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning
Figure 4 for Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

This paper explores previously unknown backdoor risks in HyperNet-based personalized federated learning (HyperNetFL) through poisoning attacks. Based upon that, we propose a novel model transferring attack (called HNTROJ), i.e., the first of its kind, to transfer a local backdoor infected model to all legitimate and personalized local models, which are generated by the HyperNetFL model, through consistent and effective malicious local gradients computed across all compromised clients in the whole training process. As a result, HNTROJ reduces the number of compromised clients needed to successfully launch the attack without any observable signs of sudden shifts or degradation regarding model utility on legitimate data samples making our attack stealthy. To defend against HNTROJ, we adapted several backdoor-resistant FL training algorithms into HyperNetFL. An extensive experiment that is carried out using several benchmark datasets shows that HNTROJ significantly outperforms data poisoning and model replacement attacks and bypasses robust training algorithms.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon