FLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representations

Ning Wang, Yang Xiao, Yimin Chen, Yang Hu, Wenjing Lou, Y. Thomas Hou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

25 Scopus citations

Abstract

Federated learning (FL) has been shown vulnerable to a new class of adversarial attacks, known as model poisoning attacks (MPA), where one or more malicious clients try to poison the global model by sending carefully crafted local model updates to the central parameter server. Existing defenses that have been fixated on analyzing model parameters show limited effectiveness in detecting such carefully crafted poisonous models. In this work, we propose FLARE, a robust model aggregation mechanism for FL, which is resilient against state-of-the-art MPAs. Instead of solely depending on model parameters, FLARE leverages the penultimate layer representations (PLRs) of the model for characterizing the adversarial influence on each local model update. PLRs demonstrate a better capability to differentiate malicious models from benign ones than model parameter-based solutions. We further propose a trust evaluation method that estimates a trust score for each model update based on pairwise PLR discrepancies among all model updates. Under the assumption that honest clients make up the majority, FLARE assigns a trust score to each model update in a way that those far from the benign cluster are assigned low scores. FLARE then aggregates the model updates weighted by their trust scores and finally updates the global model. Extensive experimental results demonstrate the effectiveness of FLARE in defending FL against various MPAs, including semantic backdoor attacks, trojan backdoor attacks, and untargeted attacks, and safeguarding the accuracy of FL.

Original languageEnglish
Title of host publicationASIA CCS 2022 - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security
Pages946-958
Number of pages13
ISBN (Electronic)9781450391405
DOIs
StatePublished - May 30 2022
Event17th ACM ASIA Conference on Computer and Communications Security 2022, ASIA CCS 2022 - Virtual, Online, Japan
Duration: May 30 2022Jun 3 2022

Publication series

NameASIA CCS 2022 - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security

Conference

Conference17th ACM ASIA Conference on Computer and Communications Security 2022, ASIA CCS 2022
Country/TerritoryJapan
CityVirtual, Online
Period5/30/226/3/22

Bibliographical note

Publisher Copyright:
© 2022 Owner/Author.

Keywords

  • defense
  • federated learning
  • model poisoning attack

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'FLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representations'. Together they form a unique fingerprint.

Cite this