Labels Predicted by AI
Adaptive Adversarial Training Poisoning Adversarial attack
Please note that these labels were automatically added by AI. Therefore, they may not be entirely accurate.
For more details, please see the About the Literature Database page.
Abstract
Federated learning allows for clients in a distributed system to jointly train a machine learning model. However, clients’ models are vulnerable to attacks during the training and testing phases. In this paper, we address the issue of adversarial clients performing “internal evasion attacks”: crafting evasion attacks at test time to deceive other clients. For example, adversaries may aim to deceive spam filters and recommendation systems trained with federated learning for monetary gain. The adversarial clients have extensive information about the victim model in a federated learning setting, as weight information is shared amongst clients. We are the first to characterize the transferability of such internal evasion attacks for different learning methods and analyze the trade-off between model accuracy and robustness depending on the degree of similarities in client data. We show that adversarial training defenses in the federated learning setting only display limited improvements against internal attacks. However, combining adversarial training with personalized federated learning frameworks increases relative internal attack robustness by 60 under limited system resources.