Federated learning (FL) attempts to train a global model by aggregating local models from distributed devices under the coordination of a central server. However, the existence of a large number of heterogeneous devices makes FL vulnerable to various attacks, especially the stealthy backdoor attack. Backdoor attack aims to trick a neural network to misclassify data to a target label by injecting specific triggers while keeping correct predictions on original training data. Existing works focus on client-side attacks which try to poison the global model by modifying the local datasets. In this work, we propose a new attack model for FL, namely Data-Agnostic Backdoor attack at the Server (DABS), where the server directly modifies the global model to backdoor an FL system. Extensive simulation results show that this attack scheme achieves a higher attack success rate compared with baseline methods while maintaining normal accuracy on the clean data.

翻译：联邦学习（FL）试图在中央服务器的协调下，通过聚合来自分布式设备的本地模型来训练全局模型。然而，大量异构设备的存在使得FL容易受到各种攻击，尤其是隐蔽的后门攻击。后门攻击旨在通过注入特定触发器，诱使神经网络将数据误分类为指定标签，同时保持对原始训练数据的正确预测。现有研究聚焦于客户端攻击，即通过修改本地数据集来污染全局模型。本文提出一种针对FL的新型攻击模型——服务器端的无数据依赖后门攻击（DABS），其中服务器直接修改全局模型以向FL系统植入后门。大量仿真结果表明，与基线方法相比，该攻击方案在保持干净数据正常准确率的同时，实现了更高的攻击成功率。