Federated Learning (FL) is a technique that allows multiple parties to train a shared model collaboratively without disclosing their private data. It has become increasingly popular due to its distinct privacy advantages. However, FL models can suffer from biases against certain demographic groups (e.g., racial and gender groups) due to the heterogeneity of data and party selection. Researchers have proposed various strategies for characterizing the group fairness of FL algorithms to address this issue. However, the effectiveness of these strategies in the face of deliberate adversarial attacks has not been fully explored. Although existing studies have revealed various threats (e.g., model poisoning attacks) against FL systems caused by malicious participants, their primary aim is to decrease model accuracy, while the potential of leveraging poisonous model updates to exacerbate model unfairness remains unexplored. In this paper, we propose a new type of model poisoning attack, EAB-FL, with a focus on exacerbating group unfairness while maintaining a good level of model utility. Extensive experiments on three datasets demonstrate the effectiveness and efficiency of our attack, even with state-of-the-art fairness optimization algorithms and secure aggregation rules employed.

翻译：联邦学习（FL）是一种允许多方在不公开其私有数据的情况下协作训练共享模型的技术。由于其独特的隐私优势，该技术已日益普及。然而，由于数据及参与方选择的异质性，FL模型可能对某些人口统计群体（例如种族和性别群体）产生偏见。为解决此问题，研究人员已提出多种策略来表征FL算法的群体公平性。然而，这些策略在面对蓄意对抗性攻击时的有效性尚未得到充分探讨。尽管现有研究揭示了恶意参与者对FL系统造成的多种威胁（例如模型投毒攻击），但其主要目标是降低模型准确性，而利用恶意模型更新来加剧模型不公平性的潜力仍有待探索。本文提出一种新型模型投毒攻击方法EAB-FL，其重点在于加剧群体不公平性，同时保持良好的模型效用水平。在三个数据集上进行的大量实验证明了我们攻击方法的有效性和高效性，即使采用了最先进的公平性优化算法和安全聚合规则。